Merge pull request #10200 from aslze/mbedtls-3.6
[3.6] Fix build C++ apps with MSVC
diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt
new file mode 100644
index 0000000..75a72ca
--- /dev/null
+++ b/ChangeLog.d/unterminated-string-initialization.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Silence spurious -Wunterminated-string-initialization warnings introduced
+ by GCC 15. Fixes #9944.
diff --git a/framework b/framework
index 1e7b5d5..fdb0615 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3
+Subproject commit fdb0615d9a72c95cdf7f67e77bfcf0418dce756f
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 8367cd3..1e1c063 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -12,6 +12,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <stdint.h>
@@ -928,7 +929,7 @@
* be relevant in applications like deterministic ECDSA.
*/
int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/** Generate a random number uniformly in a range.
@@ -966,7 +967,7 @@
int mbedtls_mpi_random(mbedtls_mpi *X,
mbedtls_mpi_sint min,
const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -1030,7 +1031,7 @@
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
* \brief Flags for mbedtls_mpi_gen_prime()
@@ -1063,7 +1064,7 @@
* \c 3 and #MBEDTLS_MPI_MAX_BITS.
*/
int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index fcba3d2..bbfe6ea 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -183,7 +183,7 @@
*/
int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -250,7 +250,7 @@
*/
int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -281,7 +281,7 @@
*/
int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
unsigned char *output, size_t output_size, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index a6a5069..a919ad2 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -189,7 +189,7 @@
* \c MBEDTLS_MPI_XXX error code on failure.
*/
int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -225,7 +225,7 @@
*/
int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -290,7 +290,7 @@
*/
int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -372,7 +372,7 @@
*/
int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -428,7 +428,7 @@
*/
int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#if defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 2ecf349..c161661 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -150,7 +150,8 @@
* buffer of length \p blen Bytes. It may be \c NULL if
* \p blen is zero.
* \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
+ * \param f_rng The RNG function, used both to generate the ECDSA nonce
+ * and for blinding. This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng doesn't need a context parameter.
*
@@ -160,7 +161,7 @@
*/
int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
@@ -207,7 +208,7 @@
mbedtls_mpi *s, const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng_blind,
void *p_rng_blind);
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -247,7 +248,8 @@
* buffer of length \p blen Bytes. It may be \c NULL if
* \p blen is zero.
* \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
+ * \param f_rng The RNG function used to generate the ECDSA nonce.
+ * This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng doesn't need a context parameter.
* \param f_rng_blind The RNG function used for blinding. This must not be
@@ -271,9 +273,9 @@
mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng_blind,
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx);
@@ -334,7 +336,7 @@
mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng_blind,
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx);
@@ -458,10 +460,10 @@
* \param sig_size The size of the \p sig buffer in bytes.
* \param slen The address at which to store the actual length of
* the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is used only for blinding and may be set to \c NULL, but
- * doing so is DEPRECATED.
+ * \param f_rng The RNG function. This is used for blinding.
+ * If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also
+ * used to generate the ECDSA nonce.
+ * This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
*
@@ -473,7 +475,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -501,9 +503,10 @@
* \param sig_size The size of the \p sig buffer in bytes.
* \param slen The address at which to store the actual length of
* the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is unused and may be set to \c NULL.
+ * \param f_rng The RNG function. This is used for blinding.
+ * If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also
+ * used to generate the ECDSA nonce.
+ * This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
* \param rs_ctx The restart context to use. This may be \c NULL to disable
@@ -520,7 +523,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx);
@@ -608,7 +611,7 @@
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/**
* \brief This function sets up an ECDSA context from an EC key pair.
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index c2148a2..7da8cb4 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -162,7 +162,7 @@
*/
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -203,7 +203,7 @@
*/
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -243,7 +243,7 @@
*/
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -266,7 +266,7 @@
*/
int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 623910b..5cc0271 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -966,7 +966,7 @@
*/
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/**
* \brief This function performs multiplication of a point by
@@ -1000,7 +1000,7 @@
*/
int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_f_rng_t *f_rng, void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
@@ -1179,7 +1179,7 @@
*/
int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -1212,7 +1212,7 @@
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
const mbedtls_ecp_point *G,
mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -1240,7 +1240,7 @@
*/
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -1257,7 +1257,7 @@
* on failure.
*/
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/** \brief Set the public key in a key pair object.
@@ -1451,7 +1451,7 @@
*/
int mbedtls_ecp_check_pub_priv(
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/** \brief Calculate the public key from a private key in a key pair.
*
@@ -1468,7 +1468,7 @@
*/
int mbedtls_ecp_keypair_calc_public(
mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/** \brief Query the group that a key pair belongs to.
*
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index 95fce21..2f29791 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -364,7 +364,7 @@
int mbedtls_lms_generate_private_key(mbedtls_lms_private_t *ctx,
mbedtls_lms_algorithm_type_t type,
mbedtls_lmots_algorithm_type_t otstype,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng, const unsigned char *seed,
size_t seed_size);
@@ -427,7 +427,7 @@
* \return A non-zero error code on failure.
*/
int mbedtls_lms_sign(mbedtls_lms_private_t *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng, const unsigned char *msg,
unsigned int msg_size, unsigned char *sig, size_t sig_size,
size_t *sig_len);
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 52f4cc6..2b7f34b 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -285,7 +285,7 @@
const unsigned char *input, unsigned char *output,
size_t output_max_len);
typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig);
@@ -849,7 +849,7 @@
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/**
* \brief Make signature given a signature type.
@@ -885,7 +885,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -921,7 +921,7 @@
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_f_rng_t *f_rng, void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx);
/**
@@ -947,7 +947,7 @@
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/**
* \brief Encrypt message (including padding if relevant).
@@ -973,7 +973,7 @@
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/**
* \brief Check if a public-private pair of keys matches.
@@ -991,7 +991,7 @@
*/
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
@@ -1109,7 +1109,7 @@
int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/** \ingroup pk_module */
/**
@@ -1173,7 +1173,7 @@
*/
int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
const char *path, const char *password,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+ mbedtls_f_rng_t *f_rng, void *p_rng);
/** \ingroup pk_module */
/**
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 1b371ef..adad6bc 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -159,6 +159,56 @@
void mbedtls_platform_zeroize(void *buf, size_t len);
#endif
+/** \brief The type of custom random generator (RNG) callbacks.
+ *
+ * Many Mbed TLS functions take two parameters
+ * `mbedtls_f_rng_t *f_rng, void *p_rng`. The
+ * library will call \c f_rng to generate
+ * random values.
+ *
+ * \note This is typically one of the following:
+ * - mbedtls_ctr_drbg_random() with \c p_rng
+ * pointing to a #mbedtls_ctr_drbg_context;
+ * - mbedtls_hmac_drbg_random() with \c p_rng
+ * pointing to a #mbedtls_hmac_drbg_context;
+ * - mbedtls_psa_get_random() with
+ * `prng = MBEDTLS_PSA_RANDOM_STATE`.
+ *
+ * \note Generally, given a call
+ * `mbedtls_foo(f_rng, p_rng, ....)`, the RNG callback
+ * and the context only need to remain valid until
+ * the call to `mbedtls_foo` returns. However, there
+ * are a few exceptions where the callback is stored
+ * in for future use. Check the documentation of
+ * the calling function.
+ *
+ * \warning In a multithreaded environment, calling the
+ * function should be thread-safe. The standard
+ * functions provided by the library are thread-safe
+ * when #MBEDTLS_THREADING_C is enabled.
+ *
+ * \warning This function must either provide as many
+ * bytes as requested of **cryptographic quality**
+ * random data, or return a negative error code.
+ *
+ * \param p_rng The \c p_rng argument that was passed along \c f_rng.
+ * The library always passes \c p_rng unchanged.
+ * This is typically a pointer to the random generator
+ * state, or \c NULL if the custom random generator
+ * doesn't need a context-specific state.
+ * \param[out] output On success, this must be filled with \p output_size
+ * bytes of cryptographic-quality random data.
+ * \param output_size The number of bytes to output.
+ *
+ * \return \c 0 on success, or a negative error code on failure.
+ * Library functions will generally propagate this
+ * error code, so \c MBEDTLS_ERR_xxx values are
+ * recommended. #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED is
+ * typically sensible for RNG failures.
+ */
+typedef int mbedtls_f_rng_t(void *p_rng,
+ unsigned char *output, size_t output_size);
+
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
* \brief Platform-specific implementation of gmtime_r()
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index c1e76b3..3f0881a 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -465,7 +465,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
unsigned int nbits, int exponent);
@@ -590,7 +590,7 @@
*
*/
int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
const unsigned char *input,
unsigned char *output);
@@ -619,7 +619,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
size_t ilen,
const unsigned char *input,
@@ -646,7 +646,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
size_t ilen,
const unsigned char *input,
@@ -680,7 +680,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
const unsigned char *label, size_t label_len,
size_t ilen,
@@ -723,7 +723,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
size_t *olen,
const unsigned char *input,
@@ -765,7 +765,7 @@
*
*/
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
size_t *olen,
const unsigned char *input,
@@ -806,7 +806,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
const unsigned char *label, size_t label_len,
size_t *olen,
@@ -849,7 +849,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
@@ -881,7 +881,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
@@ -933,7 +933,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
@@ -983,7 +983,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index cc9da34..3cdddf7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2255,12 +2255,16 @@
/**
* \brief Set the random number generator callback
*
+ * \note The callback with its parameter must remain valid as
+ * long as there is an SSL context that uses the
+ * SSL configuration.
+ *
* \param conf SSL configuration
* \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter
*/
void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 71c258e..0f211e6 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -70,7 +70,7 @@
* \brief Setup cookie context (generate keys)
*/
int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
/**
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 2ee1400..9f7e440 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -98,7 +98,9 @@
*
* \param ctx Context to be set up
* \param f_rng RNG callback function (mandatory)
- * \param p_rng RNG callback context
+ * \param p_rng RNG callback context.
+ * Note that the RNG callback must remain valid
+ * until the ticket context is freed.
* \param cipher AEAD cipher to use for ticket protection.
* Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
* \param lifetime Tickets lifetime in seconds
@@ -122,7 +124,7 @@
* or a specific MBEDTLS_ERR_XXX error code
*/
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_f_rng_t *f_rng, void *p_rng,
mbedtls_cipher_type_t cipher,
uint32_t lifetime);
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 1ce0d23..6b96039 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1176,7 +1176,7 @@
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -1194,7 +1194,7 @@
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 8c31c09..c4bd7f1 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -349,7 +349,7 @@
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -368,7 +368,7 @@
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
+ mbedtls_f_rng_t *f_rng,
void *p_rng);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
diff --git a/library/common.h b/library/common.h
index 7bb2674..50f2a29 100644
--- a/library/common.h
+++ b/library/common.h
@@ -434,4 +434,20 @@
# define MBEDTLS_MAYBE_UNUSED
#endif
+/* GCC >= 15 has a warning 'unterminated-string-initialization' which complains if you initialize
+ * a string into an array without space for a terminating NULL character. In some places in the
+ * codebase this behaviour is intended, so we add the macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+ * to suppress the warning in these places.
+ */
+#if defined(__has_attribute)
+#if __has_attribute(nonstring)
+#define MBEDTLS_HAS_ATTRIBUTE_NONSTRING
+#endif /* __has_attribute(nonstring) */
+#endif /* __has_attribute */
+#if defined(MBEDTLS_HAS_ATTRIBUTE_NONSTRING)
+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING __attribute__((nonstring))
+#else
+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+#endif /* MBEDTLS_HAS_ATTRIBUTE_NONSTRING */
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index fd559a7..1967883 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -82,7 +82,8 @@
* the HkdfLabel structure on success.
*/
-static const char tls13_label_prefix[6] = "tls13 ";
+/* We need to tell the compiler that we meant to leave out the null character. */
+static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 ";
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
(2 /* expansion length */ \
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 14f6e48..1509e9a 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -40,8 +40,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/* We need to tell the compiler that we meant to leave out the null character. */
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
- const unsigned char name [sizeof(string) - 1];
+ const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING;
union mbedtls_ssl_tls13_labels_union {
MBEDTLS_SSL_TLS1_3_LABEL_LIST
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index da6c1c4..b4ff66a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -343,7 +343,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
unsigned char *output_data = NULL;
unsigned char *part_data = NULL;
unsigned char *final_data = NULL;
@@ -598,7 +598,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
unsigned char mac[PSA_MAC_MAX_SIZE];
size_t part_offset = 0;
size_t part_length = 0;
@@ -2147,7 +2147,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t policy_alg = policy_alg_arg;
psa_algorithm_t exercise_alg = exercise_alg_arg;
@@ -2247,7 +2247,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_usage_t policy_usage = policy_usage_arg;
size_t output_buffer_size = 0;
size_t input_buffer_size = 0;
@@ -2338,7 +2338,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
@@ -2596,7 +2596,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_status_t status;
PSA_ASSERT(psa_crypto_init());
@@ -2647,7 +2647,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
@@ -2730,7 +2730,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
@@ -2917,13 +2917,15 @@
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
+ psa_hash_operation_t short_wrapper = psa_hash_operation_init_short();
psa_hash_operation_t func = psa_hash_operation_init();
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
psa_hash_operation_t zero;
-
memset(&zero, 0, sizeof(zero));
/* A freshly-initialized hash operation should not be usable. */
+ TEST_EQUAL(psa_hash_update(&short_wrapper, input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_hash_update(&func, input, sizeof(input)),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_hash_update(&init, input, sizeof(input)),
@@ -2932,6 +2934,7 @@
PSA_ERROR_BAD_STATE);
/* A default hash operation should be abortable without error. */
+ PSA_ASSERT(psa_hash_abort(&short_wrapper));
PSA_ASSERT(psa_hash_abort(&func));
PSA_ASSERT(psa_hash_abort(&init));
PSA_ASSERT(psa_hash_abort(&zero));
@@ -2947,7 +2950,7 @@
size_t output_size = 0;
size_t output_length = 0;
psa_status_t expected_status = expected_status_arg;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
psa_status_t status;
PSA_ASSERT(psa_crypto_init());
@@ -2993,7 +2996,7 @@
uint8_t *output = NULL;
size_t output_size = output_size_arg;
size_t output_length = INVALID_EXPORT_LENGTH;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -3040,7 +3043,7 @@
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
psa_status_t status;
PSA_ASSERT(psa_crypto_init());
@@ -3078,7 +3081,7 @@
psa_algorithm_t alg = alg_arg;
uint8_t output[PSA_HASH_MAX_SIZE + 1];
size_t output_length = INVALID_EXPORT_LENGTH;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
size_t i;
PSA_ASSERT(psa_crypto_init());
@@ -3188,7 +3191,7 @@
};
unsigned char hash[sizeof(valid_hash)] = { 0 };
size_t hash_len;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -3292,7 +3295,7 @@
0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb
};
size_t expected_size = PSA_HASH_LENGTH(alg);
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -3326,7 +3329,7 @@
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
size_t expected_size = PSA_HASH_LENGTH(alg);
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
size_t hash_len;
PSA_ASSERT(psa_crypto_init());
@@ -3347,11 +3350,11 @@
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
- psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_source = psa_hash_operation_init_short();
+ psa_hash_operation_t op_init = psa_hash_operation_init_short();
+ psa_hash_operation_t op_setup = psa_hash_operation_init_short();
+ psa_hash_operation_t op_finished = psa_hash_operation_init_short();
+ psa_hash_operation_t op_aborted = psa_hash_operation_init_short();
size_t hash_len;
PSA_ASSERT(psa_crypto_init());
@@ -3392,11 +3395,11 @@
{
psa_algorithm_t alg = PSA_ALG_SHA_256;
unsigned char hash[PSA_HASH_MAX_SIZE];
- psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t op_init = psa_hash_operation_init_short();
+ psa_hash_operation_t op_setup = psa_hash_operation_init_short();
+ psa_hash_operation_t op_finished = psa_hash_operation_init_short();
+ psa_hash_operation_t op_aborted = psa_hash_operation_init_short();
+ psa_hash_operation_t op_target = psa_hash_operation_init_short();
size_t hash_len;
PSA_ASSERT(psa_crypto_init());
@@ -3437,13 +3440,16 @@
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
+ psa_mac_operation_t short_wrapper = psa_mac_operation_init_short();
psa_mac_operation_t func = psa_mac_operation_init();
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
psa_mac_operation_t zero;
-
memset(&zero, 0, sizeof(zero));
/* A freshly-initialized MAC operation should not be usable. */
+ TEST_EQUAL(psa_mac_update(&short_wrapper,
+ input, sizeof(input)),
+ PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_mac_update(&func,
input, sizeof(input)),
PSA_ERROR_BAD_STATE);
@@ -3455,6 +3461,7 @@
PSA_ERROR_BAD_STATE);
/* A default MAC operation should be abortable without error. */
+ PSA_ASSERT(psa_mac_abort(&short_wrapper));
PSA_ASSERT(psa_mac_abort(&func));
PSA_ASSERT(psa_mac_abort(&init));
PSA_ASSERT(psa_mac_abort(&zero));
@@ -3470,10 +3477,12 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
#if defined(KNOWN_SUPPORTED_MAC_ALG)
- const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const uint8_t smoke_test_key_data[16] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+ "kkkkkkkkkkkkkkkk";
#endif
PSA_ASSERT(psa_crypto_init());
@@ -3513,7 +3522,7 @@
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
};
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
size_t sign_mac_length = 0;
const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
@@ -3678,7 +3687,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
@@ -3764,7 +3773,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *perturbed_mac = NULL;
@@ -3862,13 +3871,18 @@
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
+ psa_cipher_operation_t short_wrapper = psa_cipher_operation_init_short();
psa_cipher_operation_t func = psa_cipher_operation_init();
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t zero;
-
memset(&zero, 0, sizeof(zero));
/* A freshly-initialized cipher operation should not be usable. */
+ TEST_EQUAL(psa_cipher_update(&short_wrapper,
+ input, sizeof(input),
+ output, sizeof(output),
+ &output_length),
+ PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_cipher_update(&func,
input, sizeof(input),
output, sizeof(output),
@@ -3886,6 +3900,7 @@
PSA_ERROR_BAD_STATE);
/* A default cipher operation should be abortable without error. */
+ PSA_ASSERT(psa_cipher_abort(&short_wrapper));
PSA_ASSERT(psa_cipher_abort(&func));
PSA_ASSERT(psa_cipher_abort(&init));
PSA_ASSERT(psa_cipher_abort(&zero));
@@ -3901,10 +3916,12 @@
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_status_t status;
#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
- const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const uint8_t smoke_test_key_data[16] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+ "kkkkkkkkkkkkkkkk";
#endif
PSA_ASSERT(psa_crypto_init());
@@ -3940,7 +3957,7 @@
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
@@ -4126,7 +4143,7 @@
size_t output_buffer_size = 0;
size_t output_length = 0;
size_t function_output_length;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if (PSA_ERROR_BAD_STATE != expected_status) {
@@ -4191,7 +4208,7 @@
int expected_result)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t output_buffer_size = 0;
unsigned char *output = NULL;
@@ -4226,7 +4243,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
uint8_t iv[1] = { 0x5a };
unsigned char *output = NULL;
size_t output_buffer_size = 0;
@@ -4343,7 +4360,7 @@
psa_algorithm_t alg = alg_arg;
psa_key_type_t key_type = key_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_status_t status;
PSA_ASSERT(psa_crypto_init());
@@ -4393,7 +4410,7 @@
size_t output2_buffer_size = 0;
size_t output2_length = 0;
size_t function_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -4477,7 +4494,7 @@
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -4576,7 +4593,7 @@
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -4675,7 +4692,7 @@
size_t output_buffer_size = 0;
size_t output_length = 0;
size_t function_output_length;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if (PSA_ERROR_BAD_STATE != expected_status) {
@@ -4888,8 +4905,8 @@
size_t output2_buffer_size = 0;
size_t output2_length = 0;
size_t function_output_length;
- psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
- psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation1 = psa_cipher_operation_init_short();
+ psa_cipher_operation_t operation2 = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -5444,7 +5461,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
/* Some tests try to get more than the maximum nonce length,
* so allocate double. */
uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE * 2];
@@ -5548,7 +5565,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
uint8_t *nonce_buffer = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -5671,7 +5688,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;
@@ -5755,7 +5772,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;
@@ -5842,7 +5859,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;
@@ -5935,7 +5952,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_status = expected_status_arg;
@@ -5977,7 +5994,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_aead_operation_t operation = psa_aead_operation_init_short();
unsigned char *output_data = NULL;
unsigned char *final_data = NULL;
size_t output_size = 0;
@@ -6879,7 +6896,7 @@
size_t max_completes = 0;
psa_sign_hash_interruptible_operation_t operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -7061,7 +7078,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_sign_hash_interruptible_operation_t operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
TEST_CALLOC(signature, signature_size);
@@ -7272,9 +7289,9 @@
size_t max_completes = 0;
psa_sign_hash_interruptible_operation_t sign_operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
psa_verify_hash_interruptible_operation_t verify_operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -7367,7 +7384,7 @@
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
- verify_operation = psa_verify_hash_interruptible_operation_init();
+ verify_operation = psa_verify_hash_interruptible_operation_init_short();
if (input_data->len != 0) {
/* Flip a bit in the input and verify that the signature is now
@@ -7475,7 +7492,7 @@
size_t max_completes = 0;
psa_verify_hash_interruptible_operation_t operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE);
@@ -7645,7 +7662,7 @@
size_t min_completes = 0;
size_t max_completes = 0;
psa_verify_hash_interruptible_operation_t operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -7754,9 +7771,9 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_sign_hash_interruptible_operation_t sign_operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
psa_verify_hash_interruptible_operation_t verify_operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -7910,9 +7927,9 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *input_buffer = NULL;
psa_sign_hash_interruptible_operation_t sign_operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
psa_verify_hash_interruptible_operation_t verify_operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -8041,9 +8058,9 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_sign_hash_interruptible_operation_t sign_operation =
- psa_sign_hash_interruptible_operation_init();
+ psa_sign_hash_interruptible_operation_init_short();
psa_verify_hash_interruptible_operation_t verify_operation =
- psa_verify_hash_interruptible_operation_init();
+ psa_verify_hash_interruptible_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -8736,13 +8753,15 @@
* though it's OK by the C standard. We could test for this, but we'd need
* to suppress the Clang warning for the test. */
size_t capacity;
+ psa_key_derivation_operation_t short_wrapper = psa_key_derivation_operation_init_short();
psa_key_derivation_operation_t func = psa_key_derivation_operation_init();
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t zero;
-
memset(&zero, 0, sizeof(zero));
/* A default operation should not be able to report its capacity. */
+ TEST_EQUAL(psa_key_derivation_get_capacity(&short_wrapper, &capacity),
+ PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_key_derivation_get_capacity(&func, &capacity),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_key_derivation_get_capacity(&init, &capacity),
@@ -8751,6 +8770,7 @@
PSA_ERROR_BAD_STATE);
/* A default operation should be abortable without error. */
+ PSA_ASSERT(psa_key_derivation_abort(&short_wrapper));
PSA_ASSERT(psa_key_derivation_abort(&func));
PSA_ASSERT(psa_key_derivation_abort(&init));
PSA_ASSERT(psa_key_derivation_abort(&zero));
@@ -8762,7 +8782,7 @@
{
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -8782,7 +8802,7 @@
psa_algorithm_t alg = alg_arg;
size_t capacity = capacity_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
PSA_ASSERT(psa_crypto_init());
@@ -8826,7 +8846,7 @@
mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT,
MBEDTLS_SVC_KEY_ID_INIT };
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t i;
psa_key_type_t output_key_type = output_key_type_arg;
@@ -8909,7 +8929,7 @@
void derive_input_invalid_cost(int alg_arg, int64_t cost)
{
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
PSA_ASSERT(psa_crypto_init());
PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
@@ -8931,7 +8951,7 @@
psa_algorithm_t alg = alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t key_type = PSA_KEY_TYPE_DERIVE;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
unsigned char input1[] = "Input 1";
size_t input1_length = sizeof(input1);
unsigned char input2[] = "Input 2";
@@ -8983,7 +9003,7 @@
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
TEST_ASSERT(psa_key_derivation_output_bytes(&operation,
output_buffer, buffer_size)
@@ -9030,7 +9050,7 @@
psa_status_t statuses[] = { expected_status_arg1, expected_status_arg2,
expected_status_arg3, expected_status_arg4 };
size_t requested_capacity = requested_capacity_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
uint8_t *expected_outputs[2] =
{ expected_output1->x, expected_output2->x };
size_t output_sizes[2] =
@@ -9258,7 +9278,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
unsigned char output_buffer[32];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
@@ -9320,7 +9340,7 @@
int expected_output_status_arg)
{
psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_derivation_step_t step = (psa_key_derivation_step_t) derivation_step;
uint8_t *output_buffer = NULL;
psa_status_t status;
@@ -9377,7 +9397,7 @@
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -9442,7 +9462,7 @@
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
size_t capacity = bytes1 + bytes2;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
uint8_t *output_buffer = NULL;
uint8_t *export_buffer = NULL;
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -9526,7 +9546,7 @@
const psa_algorithm_t alg = alg_arg;
const psa_key_type_t key_type = key_type_arg;
const size_t bits = bits_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
const size_t export_buffer_size =
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
uint8_t *export_buffer = NULL;
@@ -9591,7 +9611,7 @@
const size_t bits = bits_arg;
psa_custom_key_parameters_t custom = PSA_CUSTOM_KEY_PARAMETERS_INIT;
custom.flags = flags_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
const size_t export_buffer_size =
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
uint8_t *export_buffer = NULL;
@@ -9662,7 +9682,7 @@
const size_t bits = bits_arg;
psa_key_production_parameters_t *params = NULL;
size_t params_data_length = 0;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
const size_t export_buffer_size =
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
uint8_t *export_buffer = NULL;
@@ -9732,7 +9752,7 @@
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -9783,7 +9803,7 @@
psa_algorithm_t alg = alg_arg;
psa_algorithm_t our_key_alg = our_key_alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -9903,7 +9923,7 @@
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t actual_capacity;
unsigned char output[16];
@@ -10000,7 +10020,7 @@
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
@@ -10366,7 +10386,7 @@
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = psa_key_derivation_operation_init_short();
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits);
@@ -10503,7 +10523,7 @@
int expected_error_arg)
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- psa_pake_operation_t operation = psa_pake_operation_init();
+ psa_pake_operation_t operation = psa_pake_operation_init_short();
psa_algorithm_t alg = alg_arg;
psa_pake_primitive_t primitive = primitive_arg;
psa_key_type_t key_type_pw = key_type_pw_arg;
@@ -10727,8 +10747,8 @@
data_t *pw_data)
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- psa_pake_operation_t server = psa_pake_operation_init();
- psa_pake_operation_t client = psa_pake_operation_init();
+ psa_pake_operation_t server = psa_pake_operation_init_short();
+ psa_pake_operation_t client = psa_pake_operation_init_short();
psa_algorithm_t alg = alg_arg;
psa_algorithm_t hash_alg = hash_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -10780,17 +10800,17 @@
int client_input_first, int inj_err_type_arg)
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- psa_pake_operation_t server = psa_pake_operation_init();
- psa_pake_operation_t client = psa_pake_operation_init();
+ psa_pake_operation_t server = psa_pake_operation_init_short();
+ psa_pake_operation_t client = psa_pake_operation_init_short();
psa_algorithm_t alg = alg_arg;
psa_algorithm_t hash_alg = hash_arg;
psa_algorithm_t derive_alg = derive_alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t server_derive =
- PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_init_short();
psa_key_derivation_operation_t client_derive =
- PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_init_short();
ecjpake_injected_failure_t inj_err_type = inj_err_type_arg;
PSA_INIT();
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 49b1c15..f5bed37 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -1063,7 +1063,7 @@
size_t output2_buffer_size = 0;
size_t output2_length = 0;
size_t function_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
@@ -1158,7 +1158,7 @@
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
mbedtls_test_driver_cipher_hooks.forced_status = force_status;
@@ -1287,7 +1287,7 @@
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
mbedtls_test_driver_cipher_hooks.forced_status = force_status;
@@ -1475,7 +1475,7 @@
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_cipher_operation_t operation = psa_cipher_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
@@ -1810,7 +1810,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
@@ -1884,7 +1884,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
@@ -2001,7 +2001,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t forced_status = forced_status_arg;
@@ -2056,7 +2056,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_mac_operation_t operation = psa_mac_operation_init_short();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t forced_status = forced_status_arg;
@@ -2294,7 +2294,7 @@
psa_status_t forced_status = forced_status_arg;
psa_status_t expected_status = expected_status_arg;
unsigned char *output = NULL;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
size_t output_length;
@@ -2341,7 +2341,7 @@
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
unsigned char *output = NULL;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
size_t output_length;
@@ -2398,7 +2398,7 @@
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
unsigned char *output = NULL;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t operation = psa_hash_operation_init_short();
size_t output_length;
PSA_ASSERT(psa_crypto_init());
@@ -2452,8 +2452,8 @@
psa_algorithm_t alg = alg_arg;
psa_status_t forced_status = forced_status_arg;
unsigned char *output = NULL;
- psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT;
- psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t source_operation = psa_hash_operation_init_short();
+ psa_hash_operation_t target_operation = psa_hash_operation_init_short();
size_t output_length;
PSA_ASSERT(psa_crypto_init());
@@ -3019,7 +3019,7 @@
psa_pake_operation_t operation = psa_pake_operation_init();
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_key_derivation_operation_t implicit_key =
- PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_init_short();
psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE(
PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1, 256);
@@ -3214,9 +3214,9 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t server_derive =
- PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_init_short();
psa_key_derivation_operation_t client_derive =
- PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_init_short();
pake_in_driver = in_driver;
/* driver setup is called indirectly through pake_output/pake_input */
if (pake_in_driver) {
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 604c4bd..aa375a2 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -377,8 +377,9 @@
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
- const uint8_t material1[5] = "a key";
- const uint8_t material2[5] = "b key";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const uint8_t material1[5] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "a key";
+ const uint8_t material2[5] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "b key";
size_t bits1 = PSA_BYTES_TO_BITS(sizeof(material1));
uint8_t reexported[sizeof(material1)];
size_t reexported_length;
@@ -747,7 +748,7 @@
psa_key_id_t key_id;
psa_status_t close_status = close_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t material[1] = "a";
+ uint8_t material[1] = { 'a' };
PSA_ASSERT(psa_crypto_init());
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 35f0adb..2d75a29 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -37,7 +37,8 @@
mbedtls_ssl_write_version(rec_good.ver,
MBEDTLS_SSL_TRANSPORT_STREAM,
version);
- const char sample_plaintext[3] = "ABC";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC";
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
uint8_t *buf = NULL;