Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
This commit is contained in:
parent
c3902ac661
commit
1797b05602
51 changed files with 81 additions and 81 deletions
|
@ -1,5 +1,5 @@
|
|||
Bugfix
|
||||
* Fix a bug whereby the the list of signature algorithms sent as part of the
|
||||
* Fix a bug whereby the list of signature algorithms sent as part of the
|
||||
TLS 1.2 server certificate request would get corrupted, meaning the first
|
||||
algorithm would not get sent and an entry consisting of two random bytes
|
||||
would be sent instead. Found by Serban Bejan and Dudek Sebastian.
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
* All symmetric encryption algorithms are accessible via the generic cipher layer
|
||||
* (see \c mbedtls_cipher_setup()).
|
||||
*
|
||||
* The asymmetric encryptrion algorithms are accessible via the generic public
|
||||
* The asymmetric encryption algorithms are accessible via the generic public
|
||||
* key layer (see \c mbedtls_pk_init()).
|
||||
*
|
||||
* The following algorithms are provided:
|
||||
|
|
|
@ -352,7 +352,7 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *sta
|
|||
* the existing buffer to fit \p val_len.
|
||||
*
|
||||
* \return A pointer to the new / existing entry on success.
|
||||
* \return \c NULL if if there was a memory allocation error.
|
||||
* \return \c NULL if there was a memory allocation error.
|
||||
*/
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
|
||||
const char *oid, size_t oid_len,
|
||||
|
|
|
@ -905,7 +905,7 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \
|
||||
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequsites"
|
||||
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* those definitions to define symbols used in the library code.
|
||||
*
|
||||
* Users and integrators should not edit this file, please edit
|
||||
* include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or
|
||||
* include/mbedtls/mbedtls_config.h for MBEDTLS_XXX settings or
|
||||
* include/psa/crypto_config.h for PSA_WANT_XXX settings.
|
||||
*/
|
||||
/*
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
#define MBEDTLS_LMS_TYPE_LEN (4)
|
||||
#define MBEDTLS_LMS_H_TREE_HEIGHT(type) ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 10u : 0)
|
||||
|
||||
/* The length of a hash output, Currently only imlemented for SHA256.
|
||||
/* The length of a hash output, Currently only implemented for SHA256.
|
||||
* Max is 32 bytes.
|
||||
*/
|
||||
#define MBEDTLS_LMS_M_NODE_BYTES(type) ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 32 : 0)
|
||||
|
@ -82,7 +82,7 @@ extern "C" {
|
|||
|
||||
/** The Identifier of the LMS parameter set, as per
|
||||
* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml
|
||||
* We are only implementing a subset of the types, particularly H10, for the sake of simplicty.
|
||||
* We are only implementing a subset of the types, particularly H10, for the sake of simplicity.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_LMS_SHA256_M32_H10 = 0x6,
|
||||
|
@ -90,7 +90,7 @@ typedef enum {
|
|||
|
||||
/** The Identifier of the LMOTS parameter set, as per
|
||||
* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml.
|
||||
* We are only implementing a subset of the types, particularly N32_W8, for the sake of simplicty.
|
||||
* We are only implementing a subset of the types, particularly N32_W8, for the sake of simplicity.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_LMOTS_SHA256_N32_W8 = 4
|
||||
|
|
|
@ -1543,7 +1543,7 @@
|
|||
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C
|
||||
*
|
||||
* Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditonally
|
||||
* Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditionally
|
||||
* for most operations, if you want it to only use PSA for all crypto
|
||||
* operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
|
||||
* operations, and functions that are common with TLS 1.2 (record protection,
|
||||
|
|
|
@ -94,7 +94,7 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
|||
* no byte order mark and with a null terminator (i.e. the
|
||||
* last two bytes should be 0x00 0x00).
|
||||
* \param pwdlen length of the password (may be 0).
|
||||
* \param salt Salt buffer to use This may only be \c NULL when
|
||||
* \param salt Salt buffer to use. This may only be \c NULL when
|
||||
* \p saltlen is 0.
|
||||
* \param saltlen length of the salt (may be zero)
|
||||
* \param mbedtls_md mbedtls_md type to use during the derivation
|
||||
|
|
|
@ -218,7 +218,7 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7,
|
|||
* \param hashlen Length of the hash.
|
||||
*
|
||||
* \note This function is different from mbedtls_pkcs7_signed_data_verify()
|
||||
* in a way that it directly recieves the hash of the data.
|
||||
* in a way that it directly receives the hash of the data.
|
||||
*
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
|
|
|
@ -239,7 +239,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
|||
* \param N The RSA modulus. This may be \c NULL.
|
||||
* \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
|
||||
* \param P The first prime factor of \p N. This may be \c NULL.
|
||||
* \param P_len The Byte length of \p P; it ns ignored if \p P == NULL.
|
||||
* \param P_len The Byte length of \p P; it is ignored if \p P == NULL.
|
||||
* \param Q The second prime factor of \p N. This may be \c NULL.
|
||||
* \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
|
||||
* \param D The private exponent. This may be \c NULL.
|
||||
|
|
|
@ -2136,7 +2136,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
|||
* the `ServerHello` contains the CID extension, too,
|
||||
* the CID extension will actually be put to use.
|
||||
* - On the Server, enabling the use of the CID through
|
||||
* this call implies that that the server will look for
|
||||
* this call implies that the server will look for
|
||||
* the CID extension in a `ClientHello` from the client,
|
||||
* and, if present, reply with a CID extension in its
|
||||
* `ServerHello`.
|
||||
|
@ -2582,7 +2582,7 @@ static inline uintptr_t mbedtls_ssl_conf_get_user_data_n(
|
|||
* \note The library stores \c p without accessing it. It is the responsibility
|
||||
* of the caller to ensure that the pointer remains valid.
|
||||
*
|
||||
* \param ssl The SSL context context to modify.
|
||||
* \param ssl The SSL context to modify.
|
||||
* \param p The new value of the user data.
|
||||
*/
|
||||
static inline void mbedtls_ssl_set_user_data_p(
|
||||
|
@ -2596,7 +2596,7 @@ static inline void mbedtls_ssl_set_user_data_p(
|
|||
*
|
||||
* You can retrieve this value later with mbedtls_ssl_get_user_data_n().
|
||||
*
|
||||
* \param ssl The SSL context context to modify.
|
||||
* \param ssl The SSL context to modify.
|
||||
* \param n The new value of the user data.
|
||||
*/
|
||||
static inline void mbedtls_ssl_set_user_data_n(
|
||||
|
@ -2613,7 +2613,7 @@ static inline void mbedtls_ssl_set_user_data_n(
|
|||
* called. The value is undefined if mbedtls_ssl_set_user_data_n() has
|
||||
* been called without a subsequent call to mbedtls_ssl_set_user_data_p().
|
||||
*
|
||||
* \param ssl The SSL context context to modify.
|
||||
* \param ssl The SSL context to modify.
|
||||
* \return The current value of the user data.
|
||||
*/
|
||||
static inline void *mbedtls_ssl_get_user_data_p(
|
||||
|
@ -2629,7 +2629,7 @@ static inline void *mbedtls_ssl_get_user_data_p(
|
|||
* called. The value is undefined if mbedtls_ssl_set_user_data_p() has
|
||||
* been called without a subsequent call to mbedtls_ssl_set_user_data_n().
|
||||
*
|
||||
* \param ssl The SSL context context to modify.
|
||||
* \param ssl The SSL context to modify.
|
||||
* \return The current value of the user data.
|
||||
*/
|
||||
static inline uintptr_t mbedtls_ssl_get_user_data_n(
|
||||
|
|
|
@ -525,7 +525,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
|
|||
*
|
||||
* This function destroys a key from both volatile
|
||||
* memory and, if applicable, non-volatile storage. Implementations shall
|
||||
* make a best effort to ensure that that the key material cannot be recovered.
|
||||
* make a best effort to ensure that the key material cannot be recovered.
|
||||
*
|
||||
* This function also erases any metadata such as policies and frees
|
||||
* resources associated with the key.
|
||||
|
@ -3823,7 +3823,7 @@ psa_status_t psa_key_derivation_verify_bytes(
|
|||
* compares those bytes to an expected value, provided as key of type
|
||||
* #PSA_KEY_TYPE_PASSWORD_HASH.
|
||||
* If you view the key derivation's output as a stream of bytes, this
|
||||
* function destructively reads the number of bytes corresponding the the
|
||||
* function destructively reads the number of bytes corresponding to the
|
||||
* length of the expected value from the stream before comparing them.
|
||||
* The operation's capacity decreases by the number of bytes read.
|
||||
*
|
||||
|
|
|
@ -226,7 +226,7 @@ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
|
|||
* operation by comparing the resulting MAC against a provided value
|
||||
*
|
||||
* \param[in,out] op_context A hardware-specific structure for the previously
|
||||
* started MAC operation to be fiinished
|
||||
* started MAC operation to be finished
|
||||
* \param[in] p_mac The MAC value against which the resulting MAC
|
||||
* will be compared against
|
||||
* \param[in] mac_length The size in bytes of the value stored in `p_mac`
|
||||
|
@ -337,7 +337,7 @@ typedef struct {
|
|||
/** Function that completes a MAC operation with a verify check
|
||||
*/
|
||||
psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
|
||||
/** Function that aborts a previoustly started MAC operation
|
||||
/** Function that aborts a previously started MAC operation
|
||||
*/
|
||||
psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
|
||||
/** Function that performs a MAC operation in one call
|
||||
|
@ -746,7 +746,7 @@ typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_cont
|
|||
size_t ciphertext_size,
|
||||
size_t *p_ciphertext_length);
|
||||
|
||||
/** A function that peforms a secure element authenticated decryption operation
|
||||
/** A function that performs a secure element authenticated decryption operation
|
||||
*
|
||||
* \param[in,out] drv_context The driver context structure.
|
||||
* \param[in] key_slot Slot containing the key to use
|
||||
|
@ -1157,7 +1157,7 @@ typedef struct {
|
|||
*
|
||||
* Different key derivation algorithms require a different number of inputs.
|
||||
* Instead of having an API that takes as input variable length arrays, which
|
||||
* can be problemmatic to manage on embedded platforms, the inputs are passed
|
||||
* can be problematic to manage on embedded platforms, the inputs are passed
|
||||
* to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
|
||||
* is called multiple times with different `collateral_id`s. Thus, for a key
|
||||
* derivation algorithm that required 3 parameter inputs, the flow would look
|
||||
|
@ -1271,7 +1271,7 @@ typedef struct {
|
|||
psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
|
||||
/** Function that performs a final key derivation step */
|
||||
psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
|
||||
/** Function that perforsm a final key derivation or agreement and
|
||||
/** Function that performs a final key derivation or agreement and
|
||||
* exports the key */
|
||||
psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
|
||||
} psa_drv_se_key_derivation_t;
|
||||
|
|
|
@ -717,7 +717,7 @@
|
|||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
|
||||
|
||||
/* Maximum size of the export encoding of an RSA key pair.
|
||||
* Assumes thatthe public exponent is less than 2^32 and that the size
|
||||
* Assumes that the public exponent is less than 2^32 and that the size
|
||||
* difference between the two primes is at most 1 bit.
|
||||
*
|
||||
* RSAPrivateKey ::= SEQUENCE {
|
||||
|
|
|
@ -297,7 +297,7 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
|
|||
|
||||
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
|
||||
/* Implementation-specific: The Mbed Cryptography library can be built as
|
||||
* part of a multi-client service that exposes the PSA Cryptograpy API in each
|
||||
* part of a multi-client service that exposes the PSA Cryptography API in each
|
||||
* client and encodes the client identity in the key identifier argument of
|
||||
* functions such as psa_open_key().
|
||||
*/
|
||||
|
|
|
@ -2577,7 +2577,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
|
|||
*
|
||||
* This flag allows the key to be used for a MAC verification operation
|
||||
* or for an asymmetric signature verification operation,
|
||||
* if otherwise permitted by by the key's type and policy.
|
||||
* if otherwise permitted by the key's type and policy.
|
||||
*
|
||||
* For a key pair, this concerns the public key.
|
||||
*/
|
||||
|
@ -2587,7 +2587,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
|
|||
* hash.
|
||||
*
|
||||
* This flag allows the key to be used for a key derivation operation or for
|
||||
* a key agreement operation, if otherwise permitted by by the key's type and
|
||||
* a key agreement operation, if otherwise permitted by the key's type and
|
||||
* policy.
|
||||
*
|
||||
* If this flag is present on all keys used in calls to
|
||||
|
@ -2603,7 +2603,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
|
|||
* This flag allows the key to be used:
|
||||
*
|
||||
* This flag allows the key to be used in a key derivation operation, if
|
||||
* otherwise permitted by by the key's type and policy.
|
||||
* otherwise permitted by the key's type and policy.
|
||||
*
|
||||
* If this flag is present on all keys used in calls to
|
||||
* psa_key_derivation_input_key() for a key derivation operation, then it
|
||||
|
|
|
@ -1112,7 +1112,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||
{
|
||||
/* We are on the last block in a decrypt operation that has
|
||||
* leftover bytes, so we need to use the next tweak for this block,
|
||||
* and this tweak for the lefover bytes. Save the current tweak for
|
||||
* and this tweak for the leftover bytes. Save the current tweak for
|
||||
* the leftovers and then update the current tweak for use on this,
|
||||
* the last full block. */
|
||||
memcpy( prev_tweak, tweak, sizeof( tweak ) );
|
||||
|
|
|
@ -144,7 +144,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
|
|||
unsigned char i;
|
||||
size_t len_left, olen;
|
||||
|
||||
/* length calulcation can be done only after both
|
||||
/* length calculation can be done only after both
|
||||
* mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
|
||||
*/
|
||||
if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET) )
|
||||
|
|
|
@ -107,7 +107,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||
/*
|
||||
* With non-blocking I/O and examples that just retry immediately,
|
||||
* the logs would be quickly flooded with WANT_READ, so ignore that.
|
||||
* Don't ignore WANT_WRITE however, since is is usually rare.
|
||||
* Don't ignore WANT_WRITE however, since it is usually rare.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
|
||||
return;
|
||||
|
|
|
@ -139,7 +139,7 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
|
|||
* this public key.
|
||||
*
|
||||
* \param ctx The initialized LMOTS context that contains the
|
||||
* publc key.
|
||||
* public key.
|
||||
* \param key The buffer into which the key will be output. Must
|
||||
* be at least #MBEDTLS_LMOTS_PUBLIC_KEY_LEN in size.
|
||||
*
|
||||
|
|
|
@ -530,7 +530,7 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
|
|||
* of the accumulator. */
|
||||
memmove( acc, acc + acc_backup_offset, acc_backup_len );
|
||||
|
||||
/* Copy uncmmitted parts of the current fragment to the
|
||||
/* Copy uncommitted parts of the current fragment to the
|
||||
* accumulator. */
|
||||
memcpy( acc + acc_backup_len,
|
||||
frag + frag_backup_offset, frag_backup_len );
|
||||
|
|
|
@ -314,7 +314,7 @@ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end,
|
|||
if( ret != 0 )
|
||||
goto out;
|
||||
|
||||
/* Asssume authenticatedAttributes is nonexistent */
|
||||
/* Assume authenticatedAttributes is nonexistent */
|
||||
|
||||
ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->sig_alg_identifier );
|
||||
if( ret != 0 )
|
||||
|
|
|
@ -5998,7 +5998,7 @@ psa_status_t psa_generate_random( uint8_t *output,
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
/* Breaking up a request into smaller chunks is currently not supported
|
||||
* for the extrernal RNG interface. */
|
||||
* for the external RNG interface. */
|
||||
if( output_length != output_size )
|
||||
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
|
||||
return( PSA_SUCCESS );
|
||||
|
|
|
@ -139,7 +139,7 @@ psa_status_t psa_find_se_slot_for_key(
|
|||
psa_se_drv_table_entry_t *driver,
|
||||
psa_key_slot_number_t *slot_number );
|
||||
|
||||
/** Destoy a key in a secure element.
|
||||
/** Destroy a key in a secure element.
|
||||
*
|
||||
* This function calls the relevant driver method to destroy a key
|
||||
* and updates the driver's persistent data.
|
||||
|
|
|
@ -784,7 +784,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
/*
|
||||
* Generate the random bytes, except when responding to a verify request
|
||||
* where we MUST reuse the previoulsy generated random bytes
|
||||
* where we MUST reuse the previously generated random bytes
|
||||
* (RFC 6347 4.2.1).
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
|
|
@ -143,7 +143,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
|
|||
MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for ClienHello */
|
||||
/* RFC 8446 section 4.2. Allowed extensions for ClientHello */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \
|
||||
( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
|
||||
|
|
|
@ -691,7 +691,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
int auth_done = 0;
|
||||
unsigned char * data;
|
||||
/* For an explanation of the additional data length see
|
||||
* the descrpition of ssl_extract_add_data_from_record().
|
||||
* the description of ssl_extract_add_data_from_record().
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
|
||||
|
@ -1289,7 +1289,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
#endif
|
||||
unsigned char* data;
|
||||
/* For an explanation of the additional data length see
|
||||
* the descrpition of ssl_extract_add_data_from_record().
|
||||
* the description of ssl_extract_add_data_from_record().
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX];
|
||||
|
@ -4098,7 +4098,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
|
|||
if( hs == NULL )
|
||||
return( -1 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
|
||||
|
||||
if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
|
||||
ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||
|
|
|
@ -1972,7 +1972,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
|
||||
/*
|
||||
* Note: we currently ignore the PKS identity hint, as we only allow one
|
||||
* PSK to be provisionned on the client. This could be changed later if
|
||||
* PSK to be provisioned on the client. This could be changed later if
|
||||
* someone needs that feature.
|
||||
*/
|
||||
*p += len;
|
||||
|
|
|
@ -634,7 +634,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
if( p_identity_len != identities_end || p_binder_len != binders_end )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key extesion decode error" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key extension decode error" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
|
|
|
@ -233,7 +233,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md
|
|||
*
|
||||
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
|
||||
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
|
||||
* option. Enfore this at parsing time.
|
||||
* option. Enforce this at parsing time.
|
||||
*/
|
||||
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
|
||||
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* X.509 Certidicate Revocation List (CRL) parsing
|
||||
* X.509 Certificate Revocation List (CRL) parsing
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
|
|
@ -42,7 +42,7 @@ int main( void )
|
|||
|
||||
#define USAGE \
|
||||
"\n usage: dh_genprime param=<>...\n" \
|
||||
"\n acceprable parameters:\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" bits=%%d default: 2048\n"
|
||||
|
||||
#define DFL_BITS 2048
|
||||
|
|
|
@ -104,7 +104,7 @@ void print_buf( const char *title, uint8_t *buf, size_t len )
|
|||
|
||||
/* Run a PSA function and bail out if it fails.
|
||||
* The symbolic name of the error code can be recovered using:
|
||||
* programs/psa/psa_consant_name status <value> */
|
||||
* programs/psa/psa_constant_name status <value> */
|
||||
#define PSA_CHECK( expr ) \
|
||||
do \
|
||||
{ \
|
||||
|
|
|
@ -81,7 +81,7 @@ void print_buf( const char *title, uint8_t *buf, size_t len )
|
|||
|
||||
/* Run a PSA function and bail out if it fails.
|
||||
* The symbolic name of the error code can be recovered using:
|
||||
* programs/psa/psa_consant_name status <value> */
|
||||
* programs/psa/psa_constant_name status <value> */
|
||||
#define PSA_CHECK( expr ) \
|
||||
do \
|
||||
{ \
|
||||
|
|
|
@ -343,5 +343,5 @@ exit:
|
|||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
|
||||
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
|
||||
|
|
|
@ -1949,7 +1949,7 @@ int main( int argc, char *argv[] )
|
|||
* is not recommended in practice.
|
||||
* `psk_or_ephemeral` exists in theory, we need this mode to test if
|
||||
* this setting work correctly. With this key exchange setting, server
|
||||
* should always perform `ephemeral` handshake. `psk` or `psk_ephermal`
|
||||
* should always perform `ephemeral` handshake. `psk` or `psk_ephemeral`
|
||||
* is not expected.
|
||||
*/
|
||||
else if( strcmp( q, "psk_or_ephemeral" ) == 0 )
|
||||
|
|
|
@ -416,7 +416,7 @@ static void TimerProc( void *TimerContext )
|
|||
Sleep( alarmMs );
|
||||
mbedtls_timing_alarmed = 1;
|
||||
/* _endthread will be called implicitly on return
|
||||
* That ensures execution of thread funcition's epilogue */
|
||||
* That ensures execution of thread function's epilogue */
|
||||
}
|
||||
|
||||
static void mbedtls_set_alarm( int seconds )
|
||||
|
|
|
@ -377,7 +377,7 @@ static const char *msg_type( unsigned char *msg, size_t len )
|
|||
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
/* Return elapsed time in milliseconds since the first call */
|
||||
static unsigned ellapsed_time( void )
|
||||
static unsigned elapsed_time( void )
|
||||
{
|
||||
static int initialized = 0;
|
||||
static struct mbedtls_timing_hr_time hires;
|
||||
|
@ -413,9 +413,9 @@ static int ctx_buffer_flush( ctx_buffer *buf )
|
|||
int ret;
|
||||
|
||||
mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
|
||||
ellapsed_time(), buf->description,
|
||||
elapsed_time(), buf->description,
|
||||
(unsigned) buf->len, buf->num_datagrams,
|
||||
ellapsed_time() - buf->packet_lifetime );
|
||||
elapsed_time() - buf->packet_lifetime );
|
||||
|
||||
ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
|
||||
|
||||
|
@ -427,7 +427,7 @@ static int ctx_buffer_flush( ctx_buffer *buf )
|
|||
|
||||
static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
|
||||
{
|
||||
unsigned const cur_time = ellapsed_time();
|
||||
unsigned const cur_time = elapsed_time();
|
||||
|
||||
if( buf->num_datagrams == 0 )
|
||||
return( (unsigned) -1 );
|
||||
|
@ -467,7 +467,7 @@ static int ctx_buffer_append( ctx_buffer *buf,
|
|||
|
||||
buf->len += len;
|
||||
if( ++buf->num_datagrams == 1 )
|
||||
buf->packet_lifetime = ellapsed_time();
|
||||
buf->packet_lifetime = elapsed_time();
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
@ -517,10 +517,10 @@ void print_packet( const packet *p, const char *why )
|
|||
#if defined(MBEDTLS_TIMING_C)
|
||||
if( why == NULL )
|
||||
mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n",
|
||||
ellapsed_time(), p->way, p->type, p->len );
|
||||
elapsed_time(), p->way, p->type, p->len );
|
||||
else
|
||||
mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n",
|
||||
ellapsed_time(), p->way, p->type, p->len, why );
|
||||
elapsed_time(), p->way, p->type, p->len, why );
|
||||
#else
|
||||
if( why == NULL )
|
||||
mbedtls_printf( " dispatch %s %s (%u bytes)\n",
|
||||
|
|
|
@ -355,7 +355,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = write_certificate_request( &req, opt.output_file,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! write_certifcate_request %d", ret );
|
||||
mbedtls_printf( " failed\n ! write_certificate_request %d", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -752,7 +752,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, buf, sizeof(buf) );
|
||||
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
|
||||
mbedtls_printf( " failed\n ! x509write_crt_set_basic_constraints "
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ produced them."""
|
|||
import random
|
||||
|
||||
# Functions calling these were used to produce test data and are here only for
|
||||
# reproducability, they are not used by the test generation framework/classes
|
||||
# reproducibility, they are not used by the test generation framework/classes
|
||||
try:
|
||||
from Cryptodome.Util.number import isPrime, getPrime #type: ignore #pylint: disable=import-error
|
||||
except ImportError:
|
||||
|
@ -128,7 +128,7 @@ def __gen_safe_prime(bits, seed):
|
|||
randbytes.
|
||||
'''
|
||||
rng = random.Random()
|
||||
# We want reproducability across python versions
|
||||
# We want reproducibility across python versions
|
||||
rng.seed(seed, version=2)
|
||||
while True:
|
||||
prime = 2*getPrime(bits-1, rng.randbytes)+1 #pylint: disable=no-member
|
||||
|
|
|
@ -189,7 +189,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
|
|||
*
|
||||
* Do a key policy permission extension on key usage policies always involves
|
||||
* permissions of other usage policies
|
||||
* (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE).
|
||||
* (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
|
||||
*/
|
||||
psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
|
||||
|
||||
|
|
|
@ -629,7 +629,7 @@ class CodeParser():
|
|||
self.log.info("Compiling...")
|
||||
symbols = []
|
||||
|
||||
# Back up the config and atomically compile with the full configratuion.
|
||||
# Back up the config and atomically compile with the full configuration.
|
||||
shutil.copy(
|
||||
"include/mbedtls/mbedtls_config.h",
|
||||
"include/mbedtls/mbedtls_config.h.bak"
|
||||
|
@ -892,7 +892,7 @@ def main():
|
|||
parser.add_argument(
|
||||
"-q", "--quiet",
|
||||
action="store_true",
|
||||
help="hide unnecessary text, explanations, and highlighs"
|
||||
help="hide unnecessary text, explanations, and highlights"
|
||||
)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
|
|
@ -80,7 +80,7 @@ def automatic_dependencies(*expressions: str) -> List[str]:
|
|||
# A temporary hack: at the time of writing, not all dependency symbols
|
||||
# are implemented yet. Skip test cases for which the dependency symbols are
|
||||
# not available. Once all dependency symbols are available, this hack must
|
||||
# be removed so that a bug in the dependency symbols proprely leads to a test
|
||||
# be removed so that a bug in the dependency symbols properly leads to a test
|
||||
# failure.
|
||||
def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
|
||||
return frozenset(symbol
|
||||
|
@ -459,7 +459,7 @@ class StorageKey(psa_storage.Key):
|
|||
"""Prepare to generate a key.
|
||||
|
||||
* `usage` : The usage flags used for the key.
|
||||
* `without_implicit_usage`: Flag to defide to apply the usage extension
|
||||
* `without_implicit_usage`: Flag to define to apply the usage extension
|
||||
"""
|
||||
usage_flags = set(usage)
|
||||
if not without_implicit_usage:
|
||||
|
@ -483,7 +483,7 @@ class StorageTestData(StorageKey):
|
|||
) -> None:
|
||||
"""Prepare to generate test data
|
||||
|
||||
* `description` : used for the the test case names
|
||||
* `description` : used for the test case names
|
||||
* `expected_usage`: the usage flags generated as the expected usage flags
|
||||
in the test cases. CAn differ from the usage flags
|
||||
stored in the keys because of the usage flags extension.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/env python3
|
||||
"""Run the PSA Crypto API compliance test suite.
|
||||
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
|
||||
then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
|
||||
then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
|
||||
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
|
||||
while unexpected failures AND successes are reported as errors,
|
||||
to help keep the list of known defects as up to date as possible.
|
||||
|
|
|
@ -295,7 +295,7 @@ void mbedtls_mps_reader_reclaim_overflow()
|
|||
/* This test exercises the behaviour of the MPS reader with accumulator
|
||||
* in the situation where upon calling mbedtls_mps_reader_reclaim(), the
|
||||
* uncommitted data together with the excess data missing in the last
|
||||
* call to medtls_mps_reader_get() exceeds the bounds of the type
|
||||
* call to mbedtls_mps_reader_get() exceeds the bounds of the type
|
||||
* holding the buffer length.
|
||||
*/
|
||||
|
||||
|
|
|
@ -622,7 +622,7 @@ exit:
|
|||
* the data in to be encrypted / decrypted. If
|
||||
* -1, no chunking
|
||||
* \param expected_output Expected output
|
||||
* \param is_verify If non-zero this is an verify operation.
|
||||
* \param is_verify If non-zero this is a verify operation.
|
||||
* \param do_zero_parts If non-zero, interleave zero length chunks
|
||||
* with normal length chunks.
|
||||
* \return int Zero on failure, non-zero on success.
|
||||
|
@ -6131,7 +6131,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data,
|
|||
|
||||
psa_aead_abort( &operation );
|
||||
|
||||
/* Test for calling set lengths with an plaintext length of SIZE_MAX, after setting nonce */
|
||||
/* Test for calling set lengths with a plaintext length of SIZE_MAX, after setting nonce */
|
||||
PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
|
||||
|
||||
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
|
||||
|
|
|
@ -748,14 +748,14 @@ void cipher_encrypt_multipart( int alg_arg,
|
|||
mbedtls_psa_cipher_operation_t mbedtls_operation =
|
||||
MBEDTLS_PSA_CIPHER_OPERATION_INIT;
|
||||
|
||||
mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
|
||||
mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
|
||||
MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
|
||||
|
||||
mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
|
||||
MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
|
||||
|
||||
operation.ctx.mbedtls_ctx = mbedtls_operation;
|
||||
operation.ctx.transparent_test_driver_ctx = tranparent_operation;
|
||||
operation.ctx.transparent_test_driver_ctx = transparent_operation;
|
||||
operation.ctx.opaque_test_driver_ctx = opaque_operation;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
@ -880,14 +880,14 @@ void cipher_decrypt_multipart( int alg_arg,
|
|||
mbedtls_psa_cipher_operation_t mbedtls_operation =
|
||||
MBEDTLS_PSA_CIPHER_OPERATION_INIT;
|
||||
|
||||
mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
|
||||
mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
|
||||
MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
|
||||
|
||||
mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
|
||||
MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
|
||||
|
||||
operation.ctx.mbedtls_ctx = mbedtls_operation;
|
||||
operation.ctx.transparent_test_driver_ctx = tranparent_operation;
|
||||
operation.ctx.transparent_test_driver_ctx = transparent_operation;
|
||||
operation.ctx.opaque_test_driver_ctx = opaque_operation;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
|
|
@ -18,7 +18,7 @@ void generate_key( int key_type_arg, int bits_arg, int expected_status_arg)
|
|||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
|
||||
|
||||
// key lifetiem, usage flags, algorithm are irrelevant for this test
|
||||
// key lifetime, usage flags, algorithm are irrelevant for this test
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
size_t bits = bits_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
/* The tests in this module verify the contents of key store files. They
|
||||
* access internal key storage functions directly. Some of the tests depend
|
||||
* on the the storage format. On the other hand, these tests treat the storage
|
||||
* on the storage format. On the other hand, these tests treat the storage
|
||||
* subsystem as a black box, and in particular have no reliance on the
|
||||
* internals of the ITS implementation.
|
||||
*
|
||||
|
|
|
@ -511,7 +511,7 @@ void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
|
|||
* \p peer1 and \p peer2 must have been previously initialized by calling
|
||||
* mbedtls_mock_socket_init().
|
||||
*
|
||||
* The capacites of the internal buffers are set to \p bufsize. Setting this to
|
||||
* The capacities of the internal buffers are set to \p bufsize. Setting this to
|
||||
* the correct value allows for simulation of MTU, sanity testing the mock
|
||||
* implementation and mocking TCP connections with lower memory cost.
|
||||
*/
|
||||
|
@ -652,7 +652,7 @@ void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
|
|||
}
|
||||
|
||||
/*
|
||||
* Setup a given mesasge socket context including initialization of
|
||||
* Setup a given message socket context including initialization of
|
||||
* input/output queues to a chosen capacity of messages. Also set the
|
||||
* corresponding mock socket.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue