Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801

Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
This commit is contained in:
Gilles Peskine 2019-07-31 17:47:49 +02:00
commit 72c8c5b352
183 changed files with 1195 additions and 927 deletions

11
.gitignore vendored
View file

@ -31,6 +31,17 @@ massif-*
# Python build artifacts:
*.pyc
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
# Visual Studio artifacts
/visualc/VS2010/.localhistory/
/visualc/VS2010/.vs/
/visualc/VS2010/Debug/
/visualc/VS2010/Release/
/visualc/VS2010/*.vcxproj.filters
/visualc/VS2010/*.vcxproj.user
# Generated documentation:
/apidoc

View file

@ -5,6 +5,9 @@ else()
project("mbed TLS" C)
endif()
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@ -121,7 +124,10 @@ if(CMAKE_COMPILER_IS_GNU)
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
endif()
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
@ -138,7 +144,7 @@ if(CMAKE_COMPILER_IS_GNU)
endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@ -216,13 +222,13 @@ if(ENABLE_TESTING)
COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
endif(UNIX)
endif()
# Make scripts needed for testing available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(scripts)
# Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
# keep things simple with the sed commands in the memcheck target.
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
# Make scripts needed for testing available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(scripts)
# Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
# keep things simple with the sed commands in the memcheck target.
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
endif()
endif()

View file

@ -1,4 +1,3 @@
DESTDIR=/usr/local
PREFIX=mbedtls_

View file

@ -81,6 +81,6 @@
/* Miscellaneous options */
#define MBEDTLS_AES_ROM_TABLES
#include "check_config.h"
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

View file

@ -1971,6 +1971,6 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
#include "check_config.h"
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

View file

@ -161,21 +161,21 @@ The library integration and the PSA platform integration use different sets of f
It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the range 00xffffffff for internal library use.
Mbed Crypto 1.0.1
Mbed Crypto 1.1.0
-----------------
Tags: TBD
Tags: mbedcrypto-1.1.0
Released in May 2019. <br>
Released in early June 2019. <br>
Integrated in Mbed OS 5.13.
Identical to [1.0.0](#mbed-crypto-1.0.0) except for some changes in the key file format.
### Key file format for 1.0.1
### Key file format for 1.1.0
The key file format is identical to [1.0.0](#key-file-format-for-1.0.0), except for the following changes:
* A new policy field, marked as [NEW:1.0.1] below.
* A new policy field, marked as [NEW:1.1.0] below.
* The encoding of key types, algorithms and key material has changed, therefore the storage format is not compatible (despite using the same value in the version field so far).
A self-contained description of the file layout follows.
@ -189,7 +189,7 @@ The layout of a key file is:
* type (4 bytes): `psa_key_type_t` value
* policy usage flags (4 bytes): `psa_key_usage_t` value
* policy usage algorithm (4 bytes): `psa_algorithm_t` value
* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.0.1]
* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.1.0]
* key material length (4 bytes)
* key material: output of `psa_export_key`
* Any trailing data is rejected on load.

View file

@ -16,7 +16,7 @@ if(INSTALL_MBEDTLS_HEADERS)
endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
link_to_source(psa)
endif()

View file

@ -42,7 +42,7 @@
#define MBEDTLS_AES_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -28,12 +28,12 @@
#define MBEDTLS_AESNI_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "aes.h"
#include "mbedtls/aes.h"
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u

View file

@ -29,7 +29,7 @@
#define MBEDTLS_ARC4_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -31,7 +31,7 @@
#define MBEDTLS_ARIA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -39,7 +39,7 @@
#include <stddef.h>
#include <stdint.h>
#include "platform_util.h"
#include "mbedtls/platform_util.h"
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */

View file

@ -25,7 +25,7 @@
#define MBEDTLS_ASN1_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -33,7 +33,7 @@
#include <stddef.h>
#if defined(MBEDTLS_BIGNUM_C)
#include "bignum.h"
#include "mbedtls/bignum.h"
#endif
/**

View file

@ -25,12 +25,12 @@
#define MBEDTLS_ASN1_WRITE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "asn1.h"
#include "mbedtls/asn1.h"
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
do \

View file

@ -25,7 +25,7 @@
#define MBEDTLS_BASE64_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_BIGNUM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_BLOWFISH_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -33,7 +33,7 @@
#include <stddef.h>
#include <stdint.h>
#include "platform_util.h"
#include "mbedtls/platform_util.h"
#define MBEDTLS_BLOWFISH_ENCRYPT 1
#define MBEDTLS_BLOWFISH_DECRYPT 0

View file

@ -39,12 +39,12 @@
#define MBEDTLS_BN_MUL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
#include "mbedtls/bignum.h"
#if defined(MBEDTLS_HAVE_ASM)

View file

@ -25,7 +25,7 @@
#define MBEDTLS_CAMELLIA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -33,7 +33,7 @@
#include <stddef.h>
#include <stdint.h>
#include "platform_util.h"
#include "mbedtls/platform_util.h"
#define MBEDTLS_CAMELLIA_ENCRYPT 1
#define MBEDTLS_CAMELLIA_DECRYPT 0

View file

@ -50,12 +50,12 @@
#define MBEDTLS_CCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "cipher.h"
#include "mbedtls/cipher.h"
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */

View file

@ -1,106 +0,0 @@
/**
* \file certs.h
*
* \brief Sample certificates and DHM parameters for testing
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
/* Concatenation of all CA certificates in PEM format if available */
extern const char mbedtls_test_cas_pem[];
extern const size_t mbedtls_test_cas_pem_len;
#endif
/* List of all CA certificates, terminated by NULL */
extern const char * mbedtls_test_cas[];
extern const size_t mbedtls_test_cas_len[];
/*
* Convenience for users who just want a certificate:
* RSA by default, or ECDSA if RSA is not available
*/
extern const char * mbedtls_test_ca_crt;
extern const size_t mbedtls_test_ca_crt_len;
extern const char * mbedtls_test_ca_key;
extern const size_t mbedtls_test_ca_key_len;
extern const char * mbedtls_test_ca_pwd;
extern const size_t mbedtls_test_ca_pwd_len;
extern const char * mbedtls_test_srv_crt;
extern const size_t mbedtls_test_srv_crt_len;
extern const char * mbedtls_test_srv_key;
extern const size_t mbedtls_test_srv_key_len;
extern const char * mbedtls_test_cli_crt;
extern const size_t mbedtls_test_cli_crt_len;
extern const char * mbedtls_test_cli_key;
extern const size_t mbedtls_test_cli_key_len;
#if defined(MBEDTLS_ECDSA_C)
extern const char mbedtls_test_ca_crt_ec[];
extern const size_t mbedtls_test_ca_crt_ec_len;
extern const char mbedtls_test_ca_key_ec[];
extern const size_t mbedtls_test_ca_key_ec_len;
extern const char mbedtls_test_ca_pwd_ec[];
extern const size_t mbedtls_test_ca_pwd_ec_len;
extern const char mbedtls_test_srv_crt_ec[];
extern const size_t mbedtls_test_srv_crt_ec_len;
extern const char mbedtls_test_srv_key_ec[];
extern const size_t mbedtls_test_srv_key_ec_len;
extern const char mbedtls_test_cli_crt_ec[];
extern const size_t mbedtls_test_cli_crt_ec_len;
extern const char mbedtls_test_cli_key_ec[];
extern const size_t mbedtls_test_cli_key_ec_len;
#endif
#if defined(MBEDTLS_RSA_C)
extern const char mbedtls_test_ca_crt_rsa[];
extern const size_t mbedtls_test_ca_crt_rsa_len;
extern const char mbedtls_test_ca_key_rsa[];
extern const size_t mbedtls_test_ca_key_rsa_len;
extern const char mbedtls_test_ca_pwd_rsa[];
extern const size_t mbedtls_test_ca_pwd_rsa_len;
extern const char mbedtls_test_srv_crt_rsa[];
extern const size_t mbedtls_test_srv_crt_rsa_len;
extern const char mbedtls_test_srv_key_rsa[];
extern const size_t mbedtls_test_srv_key_rsa_len;
extern const char mbedtls_test_cli_crt_rsa[];
extern const size_t mbedtls_test_cli_crt_rsa_len;
extern const char mbedtls_test_cli_key_rsa[];
extern const size_t mbedtls_test_cli_key_rsa_len;
#endif
#ifdef __cplusplus
}
#endif
#endif /* certs.h */

View file

@ -34,7 +34,7 @@
#define MBEDTLS_CHACHA20_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -34,13 +34,13 @@
#define MBEDTLS_CHACHAPOLY_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/* for shared error codes */
#include "poly1305.h"
#include "mbedtls/poly1305.h"
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 /**< The requested operation is not permitted in the current state. */
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 /**< Authenticated decryption failed: data was not authentic. */
@ -58,7 +58,7 @@ mbedtls_chachapoly_mode_t;
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
#include "chacha20.h"
#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{

View file

@ -30,13 +30,13 @@
#define MBEDTLS_CIPHER_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include "platform_util.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD

View file

@ -27,12 +27,12 @@
#define MBEDTLS_CIPHER_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "cipher.h"
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"

View file

@ -29,12 +29,12 @@
#define MBEDTLS_CMAC_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "cipher.h"
#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {

View file

@ -26,7 +26,7 @@
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -277,28 +277,52 @@
* For example, when a function accepts as input a pointer to a buffer that may
* contain untrusted data, and its documentation mentions that this pointer
* must not be NULL:
* - the pointer is checked to be non-NULL only if this option is enabled
* - the content of the buffer is always validated
* - The pointer is checked to be non-NULL only if this option is enabled.
* - The content of the buffer is always validated.
*
* When this flag is defined, if a library function receives a parameter that
* is invalid, it will:
* - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
* call to the function mbedtls_param_failed()
* - immediately return (with a specific error code unless the function
* returns void and can't communicate an error).
* is invalid:
* 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
* 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
* will immediately return. If the function returns an Mbed TLS error code,
* the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
*
* When defining this flag, you also need to:
* - either provide a definition of the function mbedtls_param_failed() in
* your application (see platform_util.h for its prototype) as the library
* calls that function, but does not provide a default definition for it,
* - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
* below if the above mechanism is not flexible enough to suit your needs.
* See the documentation of this macro later in this file.
* When defining this flag, you also need to arrange a definition for
* MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
* - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
* function mbedtls_param_failed(), but the library does not define this
* function. If you do not make any other arrangements, you must provide
* the function mbedtls_param_failed() in your application.
* See `platform_util.h` for its prototype.
* - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
* library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
* You can still supply an alternative definition of
* MBEDTLS_PARAM_FAILED(), which may call `assert`.
* - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
* or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
* the library will call the macro that you defined and will not supply
* its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
* you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
* files include `<assert.h>`.
*
* Uncomment to enable validation of application-controlled parameters.
*/
//#define MBEDTLS_CHECK_PARAMS
/**
* \def MBEDTLS_CHECK_PARAMS_ASSERT
*
* Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
* `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
*
* If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
* calling a function mbedtls_param_failed(). See the documentation of
* #MBEDTLS_CHECK_PARAMS for details.
*
* Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
*/
//#define MBEDTLS_CHECK_PARAMS_ASSERT
/* \} name SECTION: System support */
/**
@ -1007,18 +1031,27 @@
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
* Make the X.509 and TLS library use PSA for cryptographic operations, see
* #MBEDTLS_PSA_CRYPTO_C.
* Make the X.509 and TLS library use PSA for cryptographic operations, and
* enable new APIs for using keys handled by PSA Crypto.
*
* Note: this option is still in progress, the full X.509 and TLS modules are
* not covered yet, but parts that are not ported to PSA yet will still work
* as usual, so enabling this option should not break backwards compatibility.
* \note Development of this option is currently in progress, and parts of Mbed
* TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
* will still continue to work as usual, so enabling this option should not
* break backwards compatibility.
*
* \warning Support for PSA is still an experimental feature.
* Any public API that depends on this option may change
* at any time until this warning is removed.
* \warning Support for PSA is still an experimental feature.
* Any public API that depends on this option may change
* at any time until this warning is removed.
*
* \warning This option enables new Mbed TLS APIs that are dependent on the
* PSA Crypto API, so can't come with the same stability guarantees as the
* rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
* now, access to these APIs is opt-in (via enabling the present option), in
* order to clearly differentiate them from the stable Mbed TLS APIs.
*
* Requires: MBEDTLS_PSA_CRYPTO_C.
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
//#define MBEDTLS_USE_PSA_CRYPTO
@ -1702,6 +1735,10 @@
*
* Enable the Platform Security Architecture cryptography API.
*
* \warning The PSA Crypto API is still beta status. While you're welcome to
* experiment using it, incompatible API changes are still possible, and some
* parts may not have reached the same quality as the rest of Mbed TLS yet.
*
* Module: library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
@ -1966,6 +2003,42 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
/**
* \brief This macro is invoked by the library when an invalid parameter
* is detected that is only checked with #MBEDTLS_CHECK_PARAMS
* (see the documentation of that option for context).
*
* When you leave this undefined here, the library provides
* a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
* is defined, the default definition is `assert(cond)`,
* otherwise the default definition calls a function
* mbedtls_param_failed(). This function is declared in
* `platform_util.h` for the benefit of the library, but
* you need to define in your application.
*
* When you define this here, this replaces the default
* definition in platform_util.h (which no longer declares the
* function mbedtls_param_failed()) and it is your responsibility
* to make sure this macro expands to something suitable (in
* particular, that all the necessary declarations are visible
* from within the library - you can ensure that by providing
* them in this file next to the macro definition).
* If you define this macro to call `assert`, also define
* #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
* include `<assert.h>`.
*
* Note that you may define this macro to expand to nothing, in
* which case you don't have to worry about declarations or
* definitions. However, you will then be notified about invalid
* parameters only in non-void functions, and void function will
* just silently return early on invalid parameters, which
* partially negates the benefits of enabling
* #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
*
* \param cond The expression that should evaluate to true, but doesn't.
*/
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
/**
* Uncomment the macro to let mbed TLS use your alternate implementation of
* mbedtls_platform_zeroize(). This replaces the default implementation in
@ -2016,6 +2089,6 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
#include "check_config.h"
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

View file

@ -37,15 +37,15 @@
#define MBEDTLS_CTR_DRBG_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "aes.h"
#include "mbedtls/aes.h"
#if defined(MBEDTLS_THREADING_C)
#include "threading.h"
#include "mbedtls/threading.h"
#endif
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */

View file

@ -30,7 +30,7 @@
#define MBEDTLS_DES_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -66,11 +66,11 @@
#define MBEDTLS_DHM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
#include "mbedtls/bignum.h"
/*
* DHM Error codes

View file

@ -35,12 +35,12 @@
#define MBEDTLS_ECDH_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "ecp.h"
#include "mbedtls/ecp.h"
#ifdef __cplusplus
extern "C" {

View file

@ -33,13 +33,13 @@
#define MBEDTLS_ECDSA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "ecp.h"
#include "md.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
/**
* \brief Maximum ECDSA signature size for a given curve bit size

View file

@ -41,13 +41,13 @@
* also be use outside TLS.
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "ecp.h"
#include "md.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
#ifdef __cplusplus
extern "C" {

View file

@ -37,12 +37,12 @@
#define MBEDTLS_ECP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
#include "mbedtls/bignum.h"
/*
* ECP error codes

View file

@ -62,7 +62,7 @@
#define MBEDTLS_ECP_INTERNAL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_ENTROPY_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -33,21 +33,21 @@
#include <stddef.h>
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#include "sha512.h"
#include "mbedtls/sha512.h"
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#else
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#include "sha256.h"
#include "mbedtls/sha256.h"
#endif
#endif
#if defined(MBEDTLS_THREADING_C)
#include "threading.h"
#include "mbedtls/threading.h"
#endif
#if defined(MBEDTLS_HAVEGE_C)
#include "havege.h"
#include "mbedtls/havege.h"
#endif
#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */

View file

@ -25,7 +25,7 @@
#define MBEDTLS_ENTROPY_POLL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_ERROR_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -100,8 +100,8 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
* CIPHER 6 8
* SSL 6 23 (Started from top)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)

View file

@ -34,12 +34,12 @@
#define MBEDTLS_GCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "cipher.h"
#include "mbedtls/cipher.h"
#include <stdint.h>

View file

@ -25,12 +25,13 @@
#define MBEDTLS_HAVEGE_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include <stdint.h>
#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
@ -43,9 +44,9 @@ extern "C" {
*/
typedef struct mbedtls_havege_state
{
int PT1, PT2, offset[2];
int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
int WALK[8192];
uint32_t PT1, PT2, offset[2];
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
uint32_t WALK[8192];
}
mbedtls_havege_state;

View file

@ -28,12 +28,12 @@
#define MBEDTLS_HKDF_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "md.h"
#include "mbedtls/md.h"
/**
* \name HKDF Error codes

View file

@ -25,15 +25,15 @@
#define MBEDTLS_HMAC_DRBG_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "md.h"
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
#include "threading.h"
#include "mbedtls/threading.h"
#endif
/*

View file

@ -30,7 +30,7 @@
#include <stddef.h>
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -30,7 +30,7 @@
#define MBEDTLS_MD2_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -30,7 +30,7 @@
#define MBEDTLS_MD4_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -29,7 +29,7 @@
#define MBEDTLS_MD5_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -29,12 +29,12 @@
#define MBEDTLS_MD_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "md.h"
#include "mbedtls/md.h"
#ifdef __cplusplus
extern "C" {

View file

@ -25,7 +25,7 @@
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -38,12 +38,12 @@
#define MBEDTLS_NIST_KW_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "cipher.h"
#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {

View file

@ -25,22 +25,22 @@
#define MBEDTLS_OID_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "asn1.h"
#include "pk.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
#include <stddef.h>
#if defined(MBEDTLS_CIPHER_C)
#include "cipher.h"
#include "mbedtls/cipher.h"
#endif
#if defined(MBEDTLS_MD_C)
#include "md.h"
#include "mbedtls/md.h"
#endif
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */

View file

@ -29,12 +29,12 @@
#define MBEDTLS_PADLOCK_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "aes.h"
#include "mbedtls/aes.h"
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */

View file

@ -25,7 +25,7 @@
#define MBEDTLS_PEM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -112,17 +112,27 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx );
* \brief Write a buffer of PEM information from a DER encoded
* buffer.
*
* \param header header string to write
* \param footer footer string to write
* \param der_data DER data to write
* \param der_len length of the DER data
* \param buf buffer to write to
* \param buf_len length of output buffer
* \param olen total length written / required (if buf_len is not enough)
* \param header The header string to write.
* \param footer The footer string to write.
* \param der_data The DER data to encode.
* \param der_len The length of the DER data \p der_data in Bytes.
* \param buf The buffer to write to.
* \param buf_len The length of the output buffer \p buf in Bytes.
* \param olen The address at which to store the total length written
* or required (if \p buf_len is not enough).
*
* \return 0 on success, or a specific PEM or BASE64 error code. On
* MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
* size.
* \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
* to request the length of the resulting PEM buffer in
* `*olen`.
*
* \note This function may be called with overlapping \p der_data
* and \p buf buffers.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
* enough to hold the PEM buffer. In this case, `*olen` holds
* the required minimum size of \p buf.
* \return Another PEM or BASE64 error code on other kinds of failure.
*/
int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,

View file

@ -26,23 +26,23 @@
#define MBEDTLS_PK_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "md.h"
#include "mbedtls/md.h"
#if defined(MBEDTLS_RSA_C)
#include "rsa.h"
#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
#include "ecp.h"
#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "ecdsa.h"
#include "mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)

View file

@ -26,12 +26,12 @@
#define MBEDTLS_PK_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "pk.h"
#include "mbedtls/pk.h"
struct mbedtls_pk_info_t
{

View file

@ -25,14 +25,14 @@
#define MBEDTLS_PKCS12_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "md.h"
#include "cipher.h"
#include "asn1.h"
#include "mbedtls/md.h"
#include "mbedtls/cipher.h"
#include "mbedtls/asn1.h"
#include <stddef.h>

View file

@ -27,13 +27,13 @@
#define MBEDTLS_PKCS5_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "asn1.h"
#include "md.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
#include <stddef.h>
#include <stdint.h>

View file

@ -34,13 +34,13 @@
#define MBEDTLS_PLATFORM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_HAVE_TIME)
#include "platform_time.h"
#include "mbedtls/platform_time.h"
#endif
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
@ -256,6 +256,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
* the destination buffer is too short.
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include <stdarg.h>
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_PLATFORM_TIME_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -26,14 +26,14 @@
#define MBEDTLS_PLATFORM_UTIL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
#include "platform_time.h"
#include "mbedtls/platform_time.h"
#include <time.h>
#endif /* MBEDTLS_HAVE_TIME_DATE */
@ -43,6 +43,12 @@ extern "C" {
#if defined(MBEDTLS_CHECK_PARAMS)
#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
* (which is what our config.h suggests). */
#include <assert.h>
#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
#if defined(MBEDTLS_PARAM_FAILED)
/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
*
@ -50,6 +56,11 @@ extern "C" {
* MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
*/
#define MBEDTLS_PARAM_FAILED_ALT
#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
#define MBEDTLS_PARAM_FAILED_ALT
#else /* MBEDTLS_PARAM_FAILED */
#define MBEDTLS_PARAM_FAILED( cond ) \
mbedtls_param_failed( #cond, __FILE__, __LINE__ )

View file

@ -34,7 +34,7 @@
#define MBEDTLS_POLY1305_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -29,7 +29,7 @@
#define MBEDTLS_PSA_UTIL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -38,10 +38,10 @@
#include "psa/crypto.h"
#include "ecp.h"
#include "md.h"
#include "pk.h"
#include "oid.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
#include "mbedtls/pk.h"
#include "mbedtls/oid.h"
#include <string.h>

View file

@ -25,7 +25,7 @@
#define MBEDTLS_RIPEMD160_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@ -57,7 +57,7 @@ typedef struct mbedtls_ripemd160_context
mbedtls_ripemd160_context;
#else /* MBEDTLS_RIPEMD160_ALT */
#include "ripemd160.h"
#include "ripemd160_alt.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
/**

View file

@ -31,16 +31,16 @@
#define MBEDTLS_RSA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
#include "md.h"
#include "mbedtls/bignum.h"
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
#include "threading.h"
#include "mbedtls/threading.h"
#endif
/*

View file

@ -58,12 +58,12 @@
#define MBEDTLS_RSA_INTERNAL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
#include "mbedtls/bignum.h"
#ifdef __cplusplus
extern "C" {

View file

@ -32,7 +32,7 @@
#define MBEDTLS_SHA1_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -28,7 +28,7 @@
#define MBEDTLS_SHA256_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -27,7 +27,7 @@
#define MBEDTLS_SHA512_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_THREADING_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_TIMING_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -29,7 +29,7 @@
#define MBEDTLS_VERSION_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -25,7 +25,7 @@
#define MBEDTLS_XTEA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -45,7 +45,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

View file

@ -1,6 +1,14 @@
option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
# including the top level CMakeLists.txt.
if(NOT DEFINED MBEDTLS_DIR)
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
set(src_crypto
aes.c
@ -73,9 +81,9 @@ set(src_crypto
if(USE_CRYPTO_SUBMODULE)
set(src_crypto
${src_crypto}
${CMAKE_SOURCE_DIR}/library/version.c
${CMAKE_SOURCE_DIR}/library/version_features.c
${CMAKE_SOURCE_DIR}/library/error.c
${MBEDTLS_DIR}/library/version.c
${MBEDTLS_DIR}/library/version_features.c
${MBEDTLS_DIR}/library/error.c
)
else()
set(src_crypto
@ -119,6 +127,10 @@ if(LINK_WITH_PTHREAD)
set(libs ${libs} pthread)
endif()
if(LINK_WITH_TRUSTED_STORAGE)
set(libs ${libs} trusted_storage)
endif()
if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
@ -134,8 +146,8 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} ${libs})
target_include_directories(${mbedcrypto_static_target}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS ${mbedcrypto_static_target}
DESTINATION ${LIB_INSTALL_DIR}
@ -147,8 +159,8 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/)
install(TARGETS mbedcrypto
DESTINATION ${LIB_INSTALL_DIR}

View file

@ -2,7 +2,7 @@
# Also see "include/mbedtls/config.h"
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
CRYPTO_INCLUDES ?= -I../include

View file

@ -649,12 +649,28 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PEM_PARSE_C)
static const char mbedtls_test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n"
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
#else /* MBEDTLS_PEM_PARSE_C */
static const char mbedtls_test_dhm_params[] = {
0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );

View file

@ -2004,8 +2004,10 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
* Make sure w is within bounds.
* (The last test is useful only for very small curves in the test suite.)
*/
#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
if( w > MBEDTLS_ECP_WINDOW_SIZE )
w = MBEDTLS_ECP_WINDOW_SIZE;
#endif
if( w >= grp->nbits )
w = 2;

View file

@ -38,6 +38,7 @@
#include "mbedtls/timing.h"
#include "mbedtls/platform_util.h"
#include <stdint.h>
#include <string.h>
/* ------------------------------------------------------------------------
@ -54,7 +55,7 @@
* ------------------------------------------------------------------------
*/
#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; }
#define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
@ -77,7 +78,7 @@
PTX = (PT1 >> 18) & 7; \
PT1 &= 0x1FFF; \
PT2 &= 0x1FFF; \
CLK = (int) mbedtls_timing_hardclock(); \
CLK = (uint32_t) mbedtls_timing_hardclock(); \
\
i = 0; \
A = &WALK[PT1 ]; RES[i++] ^= *A; \
@ -100,7 +101,7 @@
\
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
*B = IN; CLK = (int) mbedtls_timing_hardclock(); \
*B = IN; CLK = (uint32_t) mbedtls_timing_hardclock(); \
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
\
@ -158,10 +159,11 @@
*/
static void havege_fill( mbedtls_havege_state *hs )
{
int i, n = 0;
int U1, U2, *A, *B, *C, *D;
int PT1, PT2, *WALK, RES[16];
int PTX, PTY, CLK, PTEST, IN;
size_t n = 0;
size_t i;
uint32_t U1, U2, *A, *B, *C, *D;
uint32_t PT1, PT2, *WALK, RES[16];
uint32_t PTX, PTY, CLK, PTEST, IN;
WALK = hs->WALK;
PT1 = hs->PT1;
@ -212,7 +214,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
*/
int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
{
int val;
uint32_t val;
size_t use_len;
mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
unsigned char *p = buf;
@ -220,8 +222,8 @@ int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
while( len > 0 )
{
use_len = len;
if( use_len > sizeof(int) )
use_len = sizeof(int);
if( use_len > sizeof( val ) )
use_len = sizeof( val );
if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
havege_fill( hs );

View file

@ -5828,6 +5828,15 @@ psa_status_t psa_crypto_init( void )
/* Initialize the random generator. */
global_data.entropy_init( &global_data.entropy );
#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
/* The PSA entropy injection feature depends on using NV seed as an entropy
* source. Add NV seed as an entropy source for PSA entropy injection. */
mbedtls_entropy_add_source( &global_data.entropy,
mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED;
status = mbedtls_to_psa_error(

View file

@ -91,6 +91,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
* \param[in] data_offset The starting offset of the data requested
* \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer)
* \param[out] p_data The buffer where the data will be placed upon successful completion
* \param[out] p_data_length The amount of data returned in the p_data buffer
*
*
* \return A status indicating the success/failure of the operation
@ -106,7 +107,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
psa_status_t psa_its_get(psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
void *p_data);
void *p_data,
size_t *p_data_length );
/**
* \brief Retrieve the metadata about the provided uid

View file

@ -102,12 +102,15 @@ static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_storage_info_t data_identifier_info;
size_t data_length = 0;
status = psa_its_get_info( data_identifier, &data_identifier_info );
if( status != PSA_SUCCESS )
return( status );
status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data );
status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
if( data_size != data_length )
return( PSA_ERROR_STORAGE_FAILURE );
return( status );
}

View file

@ -44,7 +44,9 @@
#include <stdio.h>
#include <string.h>
#if !defined(PSA_ITS_STORAGE_PREFIX)
#define PSA_ITS_STORAGE_PREFIX ""
#endif
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
@ -137,7 +139,8 @@ psa_status_t psa_its_get_info( psa_storage_uid_t uid,
psa_status_t psa_its_get( psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
void *p_data )
void *p_data,
size_t *p_data_length )
{
psa_status_t status;
FILE *stream = NULL;
@ -172,6 +175,8 @@ psa_status_t psa_its_get( psa_storage_uid_t uid,
if( n != data_length )
goto exit;
status = PSA_SUCCESS;
if( p_data_length != NULL )
*p_data_length = n;
exit:
if( stream != NULL )

View file

@ -51,7 +51,6 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#include <winbase.h>
#include <process.h>
struct _hr_time

View file

@ -31,7 +31,7 @@
#include <string.h>
static const char *features[] = {
static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
#if defined(MBEDTLS_HAVE_ASM)
"MBEDTLS_HAVE_ASM",
@ -90,6 +90,9 @@ static const char *features[] = {
#if defined(MBEDTLS_CHECK_PARAMS)
"MBEDTLS_CHECK_PARAMS",
#endif /* MBEDTLS_CHECK_PARAMS */
#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
"MBEDTLS_CHECK_PARAMS_ASSERT",
#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
#if defined(MBEDTLS_TIMING_ALT)
"MBEDTLS_TIMING_ALT",
#endif /* MBEDTLS_TIMING_ALT */
@ -597,7 +600,7 @@ static const char *features[] = {
int mbedtls_version_check_feature( const char *feature )
{
const char **idx = features;
const char * const *idx = features;
if( *idx == NULL )
return( -2 );

View file

@ -2,8 +2,8 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
WARNING_CXXFLAGS ?= -Wall -W
WARNING_CFLAGS ?= -Wall -Wextra
WARNING_CXXFLAGS ?= -Wall -Wextra
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
@ -244,6 +244,7 @@ psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
clean:
ifndef WINDOWS
rm -f $(APPS) $(EXTRA_GENERATED)
-rm -f test/cpp_dummy_build$(EXEXT)
else
if exist *.o del /S /Q /F *.o
if exist *.exe del /S /Q /F *.exe

View file

@ -80,17 +80,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -82,17 +82,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -52,17 +52,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
{

View file

@ -48,17 +48,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( void )
{

View file

@ -69,17 +69,6 @@ int main( void )
*/
#define GENERATOR "4"
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char **argv )
{

View file

@ -53,17 +53,6 @@ int main( void )
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ecdh.h"
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -100,17 +100,6 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
#define dump_pubkey( a, b )
#endif
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -137,17 +137,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
/*
* global options

View file

@ -64,7 +64,6 @@
" password_file=%%s default: \"\"\n" \
"\n"
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
@ -75,17 +74,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
/*
* global options

View file

@ -98,17 +98,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
/*
* global options

View file

@ -50,17 +50,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( void )
{

View file

@ -48,7 +48,6 @@
#include <string.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
@ -61,17 +60,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -61,17 +61,6 @@ int main( void )
}
#else
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

View file

@ -60,17 +60,6 @@ int main( void )
#include <stdio.h>
#include <string.h>
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( int argc, char *argv[] )
{

Some files were not shown because too many files have changed in this diff Show more