diff --git a/.gitignore b/.gitignore index 0f95b4c79..ee2cd4640 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,9 @@ massif-* # CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: *.dir/ +# Microsoft CMake extension for Visual Studio Code generates a build directory by default +/build/ + # Visual Studio artifacts /visualc/VS2010/.localhistory/ /visualc/VS2010/.vs/ diff --git a/.travis.yml b/.travis.yml index 0685bdbb4..c67c0cd33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,28 +1,60 @@ language: c -compiler: -- clang -- gcc +compiler: gcc sudo: false cache: ccache -script: -- tests/scripts/recursion.pl library/*.c -- tests/scripts/check-generated-files.sh -- tests/scripts/check-doxy-blocks.pl -- tests/scripts/check-names.sh -- tests/scripts/check-files.py -- tests/scripts/doxygen.sh -- cmake -D CMAKE_BUILD_TYPE:String="Check" . -- make -- make test -- programs/test/selftest -- OSSL_NO_DTLS=1 tests/compat.sh -- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' -- tests/scripts/test-ref-configs.pl -- tests/scripts/curves.pl -- tests/scripts/key-exchanges.pl +jobs: + include: + - name: basic checks and reference configurations + addons: + apt: + packages: + - gnutls-bin + - doxygen + - graphviz + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi + language: python # Needed to get pip for Python 3 + python: 3.5 # version from Ubuntu 16.04 + install: + - pip install pylint==2.4.4 + script: + - tests/scripts/all.sh -k 'check_*' + - tests/scripts/all.sh -k test_default_out_of_box + - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus + + - name: full configuration + script: + - tests/scripts/all.sh -k test_full_cmake_gcc_asan + + - name: check compilation guards + script: + - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' + + - name: macOS + os: osx + compiler: clang + script: + - tests/scripts/all.sh -k test_default_out_of_box + + - name: Windows + os: windows + before_install: + - choco install python --version=3.5.4 + env: + # Add the directory where the Choco package goes + - PATH=/c/Python35:/c/Python35/Scripts:$PATH + script: + - type python; python --version + - python scripts/generate_psa_constants.py + # Logs appear out of sequence on Windows. Give time to catch up. + - sleep 5 + - scripts/windows_msbuild.bat v141 # Visual Studio 2017 + after_failure: - tests/scripts/travis-log-failure.sh + env: global: - SEED=1 @@ -31,8 +63,7 @@ env: addons: apt: packages: - - doxygen - - graphviz + - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" diff --git a/CMakeLists.txt b/CMakeLists.txt index 4d17af826..c84194c63 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,6 +14,7 @@ option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF) option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) +option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") @@ -140,9 +141,9 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_CHECK "-Werror -Os") + set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") + set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") + set(CMAKE_C_FLAGS_CHECK "-Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") endif(CMAKE_COMPILER_IS_GNU) @@ -151,11 +152,11 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3") - set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") - set(CMAKE_C_FLAGS_CHECK "-Werror -Os") + set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") + set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") + set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3") + set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") + set(CMAKE_C_FLAGS_CHECK "-Os") endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_IAR) @@ -163,11 +164,25 @@ if(CMAKE_COMPILER_IS_IAR) endif(CMAKE_COMPILER_IS_IAR) if(CMAKE_COMPILER_IS_MSVC) - # Strictest warnings, and treat as errors + # Strictest warnings set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") endif(CMAKE_COMPILER_IS_MSVC) +if(MBEDTLS_FATAL_WARNINGS) + if(CMAKE_COMPILER_IS_MSVC) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") + endif(CMAKE_COMPILER_IS_MSVC) + + if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + if(UNSAFE_BUILD) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp") + set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp") + set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp") + endif(UNSAFE_BUILD) + endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) +endif(MBEDTLS_FATAL_WARNINGS) + if(CMAKE_BUILD_TYPE STREQUAL "Coverage") if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG) set(CMAKE_SHARED_LINKER_FLAGS "--coverage") diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c1ae452e2..7a0d95d0e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ Coding Standards Making a Contribution --------------------- -1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. +1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug. 1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. 1. Write a test which shows that the bug was fixed or that the feature works as expected. 1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) diff --git a/ChangeLog.d/fix-masked-hw-record-init-error.txt b/ChangeLog.d/fix-masked-hw-record-init-error.txt new file mode 100644 index 000000000..2ef80daae --- /dev/null +++ b/ChangeLog.d/fix-masked-hw-record-init-error.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix issue with a detected HW accelerated record error not being exposed + due to shadowed variable. Contributed by Sander Visser in #3310. diff --git a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt new file mode 100644 index 000000000..9554aa03c --- /dev/null +++ b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt @@ -0,0 +1,3 @@ +Bugfix + * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a + NULL pointer argument. Contributed by Sander Visser in #3312. \ No newline at end of file diff --git a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt new file mode 100644 index 000000000..d0bd1dc6a --- /dev/null +++ b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix potential linker errors on dual world platforms by inlining + mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately + from psa_crypto.c. Fixes #3300. diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt new file mode 100644 index 000000000..6ac02bc61 --- /dev/null +++ b/ChangeLog.d/psa-lifetime-locations.txt @@ -0,0 +1,8 @@ +Default behavior changes + * In the experimental PSA secure element interface, change the encoding of + key lifetimes to encode a persistence level and the location. Although C + prototypes do not effectively change, code calling + psa_register_se_driver() must be modified to pass the driver's location + instead of the keys' lifetime. If the library is upgraded on an existing + device, keys created with the old lifetime value will not be readable or + removable through Mbed TLS after the upgrade. diff --git a/ChangeLog.d/unified-exit-in-examples.txt b/ChangeLog.d/unified-exit-in-examples.txt new file mode 100644 index 000000000..3ef9798ad --- /dev/null +++ b/ChangeLog.d/unified-exit-in-examples.txt @@ -0,0 +1,4 @@ +Changes + * Unify the example programs termination to call mbedtls_exit() instead of + using a return command. This has been done to enable customization of the + behavior in bare metal environments. diff --git a/README.md b/README.md index f868a0a80..2058d24d6 100644 --- a/README.md +++ b/README.md @@ -85,11 +85,11 @@ In order to build the source using CMake in a separate directory (recommended), mkdir /path/to/build_dir && cd /path/to/build_dir cmake /path/to/mbedtls_source - make + cmake --build . In order to run the tests, enter: - make test + ctest The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with: diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index e9fa31189..84cc5ab0b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -578,8 +578,55 @@ psa_status_t psa_get_key_domain_parameters( * (`PSA_ECC_CURVE_xxx`). * \return \c 0 on failure (\p grpid is not recognized). */ -psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, - size_t *bits ); +static inline psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, + size_t *bits ) +{ + switch( grpid ) + { + case MBEDTLS_ECP_DP_SECP192R1: + *bits = 192; + return( PSA_ECC_CURVE_SECP_R1 ); + case MBEDTLS_ECP_DP_SECP224R1: + *bits = 224; + return( PSA_ECC_CURVE_SECP_R1 ); + case MBEDTLS_ECP_DP_SECP256R1: + *bits = 256; + return( PSA_ECC_CURVE_SECP_R1 ); + case MBEDTLS_ECP_DP_SECP384R1: + *bits = 384; + return( PSA_ECC_CURVE_SECP_R1 ); + case MBEDTLS_ECP_DP_SECP521R1: + *bits = 521; + return( PSA_ECC_CURVE_SECP_R1 ); + case MBEDTLS_ECP_DP_BP256R1: + *bits = 256; + return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + case MBEDTLS_ECP_DP_BP384R1: + *bits = 384; + return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + case MBEDTLS_ECP_DP_BP512R1: + *bits = 512; + return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + case MBEDTLS_ECP_DP_CURVE25519: + *bits = 255; + return( PSA_ECC_CURVE_MONTGOMERY ); + case MBEDTLS_ECP_DP_SECP192K1: + *bits = 192; + return( PSA_ECC_CURVE_SECP_K1 ); + case MBEDTLS_ECP_DP_SECP224K1: + *bits = 224; + return( PSA_ECC_CURVE_SECP_K1 ); + case MBEDTLS_ECP_DP_SECP256K1: + *bits = 256; + return( PSA_ECC_CURVE_SECP_K1 ); + case MBEDTLS_ECP_DP_CURVE448: + *bits = 448; + return( PSA_ECC_CURVE_MONTGOMERY ); + default: + *bits = 0; + return( 0 ); + } +} /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 7ac1ed1c4..0c28579db 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -119,8 +119,10 @@ typedef struct { * \param[in,out] drv_context The driver context structure. * \param[in,out] persistent_data A pointer to the persistent data * that allows writing. - * \param lifetime The lifetime value for which this driver - * is registered. + * \param location The location value for which this driver + * is registered. The driver will be invoked + * for all keys whose lifetime is in this + * location. * * \retval #PSA_SUCCESS * The driver is operational. @@ -132,7 +134,7 @@ typedef struct { */ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime); + psa_key_location_t location); #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Mbed Crypto with secure element support enabled defines this type in @@ -1341,17 +1343,19 @@ typedef struct { * after psa_crypto_init(). * * \note Implementations store metadata about keys including the lifetime - * value. Therefore, from one instantiation of the PSA Cryptography + * value, which contains the driver's location indicator. Therefore, + * from one instantiation of the PSA Cryptography * library to the next one, if there is a key in storage with a certain * lifetime value, you must always register the same driver (or an * updated version that communicates with the same secure element) - * with the same lifetime value. + * with the same location value. * - * \param lifetime The lifetime value through which this driver will + * \param location The location value through which this driver will * be exposed to applications. - * The values #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT are reserved and - * may not be used for drivers. Implementations + * This driver will be used for all keys such that + * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`. + * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved + * and may not be used for drivers. Implementations * may reserve other values. * \param[in] methods The method table of the driver. This structure must * remain valid for as long as the cryptography @@ -1376,7 +1380,7 @@ typedef struct { * \return PSA_ERROR_NOT_PERMITTED */ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods); /**@}*/ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index d96c66e5c..41f1bea77 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -108,18 +108,117 @@ typedef uint32_t psa_algorithm_t; * The lifetime of a key indicates where it is stored and what system actions * may create and destroy it. * - * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically - * destroyed when the application terminates or on a power reset. + * Lifetime values have the following structure: + * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)): + * persistence level. This value indicates what device management + * actions can cause it to be destroyed. In particular, it indicates + * whether the key is _volatile_ or _persistent_. + * See ::psa_key_persistence_t for more information. + * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): + * location indicator. This value indicates where the key is stored + * and where operations on the key are performed. + * See ::psa_key_location_t for more information. + * + * Volatile keys are automatically destroyed when the application instance + * terminates or on a power reset of the device. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). * - * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said - * to be _persistent_. - * Persistent keys are preserved if the application or the system restarts. * Persistent keys have a key identifier of type #psa_key_id_t. + * This identifier remains valid throughout the lifetime of the key, + * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that * it created previously. + * + * This specification defines two basic lifetime values: + * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile. + * All implementations should support this lifetime. + * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent. + * All implementations that have access to persistent storage with + * appropriate security guarantees should support this lifetime. */ typedef uint32_t psa_key_lifetime_t; +/** Encoding of key persistence levels. + * + * What distinguishes different persistence levels is what device management + * events may cause keys to be destroyed. _Volatile_ keys are destroyed + * by a power reset. Persistent keys may be destroyed by events such as + * a transfer of ownership or a factory reset. What management events + * actually affect persistent keys at different levels is outside the + * scope of the PSA Cryptography specification. + * + * This specification defines the following values of persistence levels: + * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key. + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT: + * persistent key with a default lifetime. + * Implementations should support this value if they support persistent + * keys at all. + * Applications should use this value if they have no specific needs that + * are only met by implementation-specific features. + * - \c 2-127: persistent key with a PSA-specified lifetime. + * The PSA Cryptography specification does not define the meaning of these + * values, but other PSA specifications may do so. + * - \c 128-254: persistent key with a vendor-specified lifetime. + * No PSA specification will define the meaning of these values, so + * implementations may choose the meaning freely. + * As a guideline, higher persistence levels should cause a key to survive + * more management events than lower levels. + * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY: + * read-only or write-once key. + * A key with this persistence level cannot be destroyed. + * Implementations that support such keys may either allow their creation + * through the PSA Cryptography API, preferably only to applications with + * the appropriate privilege, or only expose keys created through + * implementation-specific means such as a factory ROM engraving process. + * Note that keys that are read-only due to policy restrictions + * rather than due to physical limitations should not have this + * persistence levels. + * + * \note Key persistence levels are 8-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the persistence as the lower 8 bits of a 32-bit value. + */ +typedef uint8_t psa_key_persistence_t; + +/** Encoding of key location indicators. + * + * If an implementation of this API can make calls to external + * cryptoprocessors such as secure elements, the location of a key + * indicates which secure element performs the operations on the key. + * If an implementation offers multiple physical locations for persistent + * storage, the location indicator reflects at which physical location + * the key is stored. + * + * This specification defines the following values of location indicators: + * - \c 0: primary local storage. + * All implementations should support this value. + * The primary local storage is typically the same storage area that + * contains the key metadata. + * - \c 1: primary secure element. + * Implementations should support this value if there is a secure element + * attached to the operating environment. + * As a guideline, secure elements may provide higher resistance against + * side channel and physical attacks than the primary local storage, but may + * have restrictions on supported key types, sizes, policies and operations + * and may have different performance characteristics. + * - \c 2-0x7fffff: other locations defined by a PSA specification. + * The PSA Cryptography API does not currently assign any meaning to these + * locations, but future versions of this specification or other PSA + * specifications may do so. + * - \c 0x800000-0xffffff: vendor-defined locations. + * No PSA specification will assign a meaning to locations in this range. + * + * \note Key location indicators are 24-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the location as the upper 24 bits of a 32-bit value. + */ +typedef uint32_t psa_key_location_t; + /** Encoding of identifiers of persistent keys. * * - Applications may freely choose key identifiers in the range diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index baaabff1e..18b2d5ad1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1539,12 +1539,20 @@ * @{ */ -/** A volatile key only exists as long as the handle to it is not closed. +/** The default lifetime for volatile keys. + * + * A volatile key only exists as long as the handle to it is not closed. * The key material is guaranteed to be erased on a power reset. + * + * A key with this lifetime is typically stored in the RAM area of the + * PSA Crypto subsystem. However this is an implementation choice. + * If an implementation stores data about the key in a non-volatile memory, + * it must release all the resources associated with the key and erase the + * key material if the calling application terminates. */ #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) -/** The default storage area for persistent keys. +/** The default lifetime for persistent keys. * * A persistent key remains in storage until it is explicitly destroyed or * until the corresponding storage area is wiped. This specification does @@ -1555,9 +1563,77 @@ * This lifetime value is the default storage area for the calling * application. Implementations may offer other storage areas designated * by other lifetime values as implementation-specific extensions. + * See ::psa_key_lifetime_t for more information. */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) +/** The persistence level of volatile keys. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) + +/** The default persistence level for persistent keys. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) + +/** A persistence level indicating that a key is never destroyed. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) + +#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ + ((psa_key_persistence_t)((lifetime) & 0x000000ff)) + +#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \ + ((psa_key_location_t)((lifetime) >> 8)) + +/** Whether a key lifetime indicates that the key is volatile. + * + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * + * A key that is not volatile is persistent. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). + * + * \param lifetime The lifetime value to query (value of type + * ::psa_key_lifetime_t). + * + * \return \c 1 if the key is volatile, otherwise \c 0. + */ +#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \ + (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ + PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) + +/** Construct a lifetime from a persistence level and a location. + * + * \param persistence The persistence level + * (value of type ::psa_key_persistence_t). + * \param location The location indicator + * (value of type ::psa_key_location_t). + * + * \return The constructed lifetime value. + */ +#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \ + ((location) << 8 | (persistence)) + +/** The local storage area for persistent keys. + * + * This storage area is available on all systems that can store persistent + * keys without delegating the storage to a third-party cryptoprocessor. + * + * See ::psa_key_location_t for more information. + */ +#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) + +#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) + /** The minimum value for a key identifier chosen by the application. */ #define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index fd98fa50e..f6a186fae 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -113,12 +113,6 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") endif(CMAKE_COMPILER_IS_CLANG) -if(UNSAFE_BUILD) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error") - set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error") - set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error") -endif(UNSAFE_BUILD) - if(WIN32) set(libs ${libs} ws2_32) endif(WIN32) diff --git a/library/error.c b/library/error.c index d2f1b18a3..22c7b165c 100644 --- a/library/error.c +++ b/library/error.c @@ -216,7 +216,6 @@ const char * mbedtls_high_level_strerr( int error_code ) { int high_level_error_code; - const char *error_description = NULL; if( error_code < 0 ) error_code = -error_code; @@ -229,497 +228,343 @@ const char * mbedtls_high_level_strerr( int error_code ) /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_CIPHER_C) case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): - error_description = "CIPHER - The selected feature is not available"; - break; + return( "CIPHER - The selected feature is not available" ); case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): - error_description = "CIPHER - Bad input parameters"; - break; + return( "CIPHER - Bad input parameters" ); case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED): - error_description = "CIPHER - Failed to allocate memory"; - break; + return( "CIPHER - Failed to allocate memory" ); case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING): - error_description = "CIPHER - Input data contains invalid padding and is rejected"; - break; + return( "CIPHER - Input data contains invalid padding and is rejected" ); case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED): - error_description = "CIPHER - Decryption of block requires a full block"; - break; + return( "CIPHER - Decryption of block requires a full block" ); case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED): - error_description = "CIPHER - Authentication failed (for AEAD modes)"; - break; + return( "CIPHER - Authentication failed (for AEAD modes)" ); case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT): - error_description = "CIPHER - The context is invalid. For example, because it was freed"; - break; + return( "CIPHER - The context is invalid. For example, because it was freed" ); case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED): - error_description = "CIPHER - Cipher hardware accelerator failed"; - break; + return( "CIPHER - Cipher hardware accelerator failed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA): - error_description = "DHM - Bad input parameters"; - break; + return( "DHM - Bad input parameters" ); case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED): - error_description = "DHM - Reading of the DHM parameters failed"; - break; + return( "DHM - Reading of the DHM parameters failed" ); case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED): - error_description = "DHM - Making of the DHM parameters failed"; - break; + return( "DHM - Making of the DHM parameters failed" ); case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED): - error_description = "DHM - Reading of the public values failed"; - break; + return( "DHM - Reading of the public values failed" ); case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED): - error_description = "DHM - Making of the public value failed"; - break; + return( "DHM - Making of the public value failed" ); case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED): - error_description = "DHM - Calculation of the DHM secret failed"; - break; + return( "DHM - Calculation of the DHM secret failed" ); case -(MBEDTLS_ERR_DHM_INVALID_FORMAT): - error_description = "DHM - The ASN.1 data is not formatted correctly"; - break; + return( "DHM - The ASN.1 data is not formatted correctly" ); case -(MBEDTLS_ERR_DHM_ALLOC_FAILED): - error_description = "DHM - Allocation of memory failed"; - break; + return( "DHM - Allocation of memory failed" ); case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR): - error_description = "DHM - Read or write of file failed"; - break; + return( "DHM - Read or write of file failed" ); case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED): - error_description = "DHM - DHM hardware accelerator failed"; - break; + return( "DHM - DHM hardware accelerator failed" ); case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED): - error_description = "DHM - Setting the modulus and generator failed"; - break; + return( "DHM - Setting the modulus and generator failed" ); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA): - error_description = "ECP - Bad input parameters to function"; - break; + return( "ECP - Bad input parameters to function" ); case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL): - error_description = "ECP - The buffer is too small to write to"; - break; + return( "ECP - The buffer is too small to write to" ); case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE): - error_description = "ECP - The requested feature is not available, for example, the requested curve is not supported"; - break; + return( "ECP - The requested feature is not available, for example, the requested curve is not supported" ); case -(MBEDTLS_ERR_ECP_VERIFY_FAILED): - error_description = "ECP - The signature is not valid"; - break; + return( "ECP - The signature is not valid" ); case -(MBEDTLS_ERR_ECP_ALLOC_FAILED): - error_description = "ECP - Memory allocation failed"; - break; + return( "ECP - Memory allocation failed" ); case -(MBEDTLS_ERR_ECP_RANDOM_FAILED): - error_description = "ECP - Generation of random value, such as ephemeral key, failed"; - break; + return( "ECP - Generation of random value, such as ephemeral key, failed" ); case -(MBEDTLS_ERR_ECP_INVALID_KEY): - error_description = "ECP - Invalid private or public key"; - break; + return( "ECP - Invalid private or public key" ); case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH): - error_description = "ECP - The buffer contains a valid signature followed by more data"; - break; + return( "ECP - The buffer contains a valid signature followed by more data" ); case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED): - error_description = "ECP - The ECP hardware accelerator failed"; - break; + return( "ECP - The ECP hardware accelerator failed" ); case -(MBEDTLS_ERR_ECP_IN_PROGRESS): - error_description = "ECP - Operation in progress, call again with the same parameters to continue"; - break; + return( "ECP - Operation in progress, call again with the same parameters to continue" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE): - error_description = "MD - The selected feature is not available"; - break; + return( "MD - The selected feature is not available" ); case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA): - error_description = "MD - Bad input parameters to function"; - break; + return( "MD - Bad input parameters to function" ); case -(MBEDTLS_ERR_MD_ALLOC_FAILED): - error_description = "MD - Failed to allocate memory"; - break; + return( "MD - Failed to allocate memory" ); case -(MBEDTLS_ERR_MD_FILE_IO_ERROR): - error_description = "MD - Opening or reading of file failed"; - break; + return( "MD - Opening or reading of file failed" ); case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED): - error_description = "MD - MD hardware accelerator failed"; - break; + return( "MD - MD hardware accelerator failed" ); #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT): - error_description = "PEM - No PEM header or footer found"; - break; + return( "PEM - No PEM header or footer found" ); case -(MBEDTLS_ERR_PEM_INVALID_DATA): - error_description = "PEM - PEM string is not as expected"; - break; + return( "PEM - PEM string is not as expected" ); case -(MBEDTLS_ERR_PEM_ALLOC_FAILED): - error_description = "PEM - Failed to allocate memory"; - break; + return( "PEM - Failed to allocate memory" ); case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV): - error_description = "PEM - RSA IV is not in hex-format"; - break; + return( "PEM - RSA IV is not in hex-format" ); case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG): - error_description = "PEM - Unsupported key encryption algorithm"; - break; + return( "PEM - Unsupported key encryption algorithm" ); case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED): - error_description = "PEM - Private key password can't be empty"; - break; + return( "PEM - Private key password can't be empty" ); case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH): - error_description = "PEM - Given private key password does not allow for correct decryption"; - break; + return( "PEM - Given private key password does not allow for correct decryption" ); case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE): - error_description = "PEM - Unavailable feature, e.g. hashing/encryption combination"; - break; + return( "PEM - Unavailable feature, e.g. hashing/encryption combination" ); case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA): - error_description = "PEM - Bad input parameters to function"; - break; + return( "PEM - Bad input parameters to function" ); #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ #if defined(MBEDTLS_PK_C) case -(MBEDTLS_ERR_PK_ALLOC_FAILED): - error_description = "PK - Memory allocation failed"; - break; + return( "PK - Memory allocation failed" ); case -(MBEDTLS_ERR_PK_TYPE_MISMATCH): - error_description = "PK - Type mismatch, eg attempt to encrypt with an ECDSA key"; - break; + return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA): - error_description = "PK - Bad input parameters to function"; - break; + return( "PK - Bad input parameters to function" ); case -(MBEDTLS_ERR_PK_FILE_IO_ERROR): - error_description = "PK - Read/write of file failed"; - break; + return( "PK - Read/write of file failed" ); case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION): - error_description = "PK - Unsupported key version"; - break; + return( "PK - Unsupported key version" ); case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT): - error_description = "PK - Invalid key tag or value"; - break; + return( "PK - Invalid key tag or value" ); case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG): - error_description = "PK - Key algorithm is unsupported (only RSA and EC are supported)"; - break; + return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED): - error_description = "PK - Private key password can't be empty"; - break; + return( "PK - Private key password can't be empty" ); case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH): - error_description = "PK - Given private key password does not allow for correct decryption"; - break; + return( "PK - Given private key password does not allow for correct decryption" ); case -(MBEDTLS_ERR_PK_INVALID_PUBKEY): - error_description = "PK - The pubkey tag or value is invalid (only RSA and EC are supported)"; - break; + return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); case -(MBEDTLS_ERR_PK_INVALID_ALG): - error_description = "PK - The algorithm tag or value is invalid"; - break; + return( "PK - The algorithm tag or value is invalid" ); case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE): - error_description = "PK - Elliptic curve is unsupported (only NIST curves are supported)"; - break; + return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE): - error_description = "PK - Unavailable feature, e.g. RSA disabled for RSA key"; - break; + return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH): - error_description = "PK - The buffer contains a valid signature followed by more data"; - break; + return( "PK - The buffer contains a valid signature followed by more data" ); case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED): - error_description = "PK - PK hardware accelerator failed"; - break; + return( "PK - PK hardware accelerator failed" ); #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA): - error_description = "PKCS12 - Bad input parameters to function"; - break; + return( "PKCS12 - Bad input parameters to function" ); case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE): - error_description = "PKCS12 - Feature not available, e.g. unsupported encryption scheme"; - break; + return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT): - error_description = "PKCS12 - PBE ASN.1 data not as expected"; - break; + return( "PKCS12 - PBE ASN.1 data not as expected" ); case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH): - error_description = "PKCS12 - Given private key password does not allow for correct decryption"; - break; + return( "PKCS12 - Given private key password does not allow for correct decryption" ); #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA): - error_description = "PKCS5 - Bad input parameters to function"; - break; + return( "PKCS5 - Bad input parameters to function" ); case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT): - error_description = "PKCS5 - Unexpected ASN.1 data"; - break; + return( "PKCS5 - Unexpected ASN.1 data" ); case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE): - error_description = "PKCS5 - Requested encryption or digest alg not available"; - break; + return( "PKCS5 - Requested encryption or digest alg not available" ); case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH): - error_description = "PKCS5 - Given private key password does not allow for correct decryption"; - break; + return( "PKCS5 - Given private key password does not allow for correct decryption" ); #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_RSA_C) case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA): - error_description = "RSA - Bad input parameters to function"; - break; + return( "RSA - Bad input parameters to function" ); case -(MBEDTLS_ERR_RSA_INVALID_PADDING): - error_description = "RSA - Input data contains invalid padding and is rejected"; - break; + return( "RSA - Input data contains invalid padding and is rejected" ); case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED): - error_description = "RSA - Something failed during generation of a key"; - break; + return( "RSA - Something failed during generation of a key" ); case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED): - error_description = "RSA - Key failed to pass the validity check of the library"; - break; + return( "RSA - Key failed to pass the validity check of the library" ); case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED): - error_description = "RSA - The public key operation failed"; - break; + return( "RSA - The public key operation failed" ); case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED): - error_description = "RSA - The private key operation failed"; - break; + return( "RSA - The private key operation failed" ); case -(MBEDTLS_ERR_RSA_VERIFY_FAILED): - error_description = "RSA - The PKCS#1 verification failed"; - break; + return( "RSA - The PKCS#1 verification failed" ); case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE): - error_description = "RSA - The output buffer for decryption is not large enough"; - break; + return( "RSA - The output buffer for decryption is not large enough" ); case -(MBEDTLS_ERR_RSA_RNG_FAILED): - error_description = "RSA - The random generator failed to generate non-zeros"; - break; + return( "RSA - The random generator failed to generate non-zeros" ); case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION): - error_description = "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality"; - break; + return( "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" ); case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED): - error_description = "RSA - RSA hardware accelerator failed"; - break; + return( "RSA - RSA hardware accelerator failed" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE): - error_description = "SSL - The requested feature is not available"; - break; + return( "SSL - The requested feature is not available" ); case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA): - error_description = "SSL - Bad input parameters to function"; - break; + return( "SSL - Bad input parameters to function" ); case -(MBEDTLS_ERR_SSL_INVALID_MAC): - error_description = "SSL - Verification of the message MAC failed"; - break; + return( "SSL - Verification of the message MAC failed" ); case -(MBEDTLS_ERR_SSL_INVALID_RECORD): - error_description = "SSL - An invalid SSL record was received"; - break; + return( "SSL - An invalid SSL record was received" ); case -(MBEDTLS_ERR_SSL_CONN_EOF): - error_description = "SSL - The connection indicated an EOF"; - break; + return( "SSL - The connection indicated an EOF" ); case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER): - error_description = "SSL - An unknown cipher was received"; - break; + return( "SSL - An unknown cipher was received" ); case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN): - error_description = "SSL - The server has no ciphersuites in common with the client"; - break; + return( "SSL - The server has no ciphersuites in common with the client" ); case -(MBEDTLS_ERR_SSL_NO_RNG): - error_description = "SSL - No RNG was provided to the SSL module"; - break; + return( "SSL - No RNG was provided to the SSL module" ); case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): - error_description = "SSL - No client certification received from the client, but required by the authentication mode"; - break; + return( "SSL - No client certification received from the client, but required by the authentication mode" ); case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE): - error_description = "SSL - Our own certificate(s) is/are too large to send in an SSL message"; - break; + return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): - error_description = "SSL - The own certificate is not set, but needed by the server"; - break; + return( "SSL - The own certificate is not set, but needed by the server" ); case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): - error_description = "SSL - The own private key or pre-shared key is not set, but needed"; - break; + return( "SSL - The own private key or pre-shared key is not set, but needed" ); case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): - error_description = "SSL - No CA Chain is set, but required to operate"; - break; + return( "SSL - No CA Chain is set, but required to operate" ); case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE): - error_description = "SSL - An unexpected message was received from our peer"; - break; + return( "SSL - An unexpected message was received from our peer" ); case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): - error_description = "SSL - A fatal alert message was received from our peer"; - break; + return( "SSL - A fatal alert message was received from our peer" ); case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED): - error_description = "SSL - Verification of our peer failed"; - break; + return( "SSL - Verification of our peer failed" ); case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): - error_description = "SSL - The peer notified us that the connection is going to be closed"; - break; + return( "SSL - The peer notified us that the connection is going to be closed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO): - error_description = "SSL - Processing of the ClientHello handshake message failed"; - break; + return( "SSL - Processing of the ClientHello handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO): - error_description = "SSL - Processing of the ServerHello handshake message failed"; - break; + return( "SSL - Processing of the ServerHello handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE): - error_description = "SSL - Processing of the Certificate handshake message failed"; - break; + return( "SSL - Processing of the Certificate handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST): - error_description = "SSL - Processing of the CertificateRequest handshake message failed"; - break; + return( "SSL - Processing of the CertificateRequest handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE): - error_description = "SSL - Processing of the ServerKeyExchange handshake message failed"; - break; + return( "SSL - Processing of the ServerKeyExchange handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE): - error_description = "SSL - Processing of the ServerHelloDone handshake message failed"; - break; + return( "SSL - Processing of the ServerHelloDone handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE): - error_description = "SSL - Processing of the ClientKeyExchange handshake message failed"; - break; + return( "SSL - Processing of the ClientKeyExchange handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP): - error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public"; - break; + return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS): - error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret"; - break; + return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY): - error_description = "SSL - Processing of the CertificateVerify handshake message failed"; - break; + return( "SSL - Processing of the CertificateVerify handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC): - error_description = "SSL - Processing of the ChangeCipherSpec handshake message failed"; - break; + return( "SSL - Processing of the ChangeCipherSpec handshake message failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED): - error_description = "SSL - Processing of the Finished handshake message failed"; - break; + return( "SSL - Processing of the Finished handshake message failed" ); case -(MBEDTLS_ERR_SSL_ALLOC_FAILED): - error_description = "SSL - Memory allocation failed"; - break; + return( "SSL - Memory allocation failed" ); case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED): - error_description = "SSL - Hardware acceleration function returned with error"; - break; + return( "SSL - Hardware acceleration function returned with error" ); case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH): - error_description = "SSL - Hardware acceleration function skipped / left alone data"; - break; + return( "SSL - Hardware acceleration function skipped / left alone data" ); case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED): - error_description = "SSL - Processing of the compression / decompression failed"; - break; + return( "SSL - Processing of the compression / decompression failed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION): - error_description = "SSL - Handshake protocol not within min/max boundaries"; - break; + return( "SSL - Handshake protocol not within min/max boundaries" ); case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET): - error_description = "SSL - Processing of the NewSessionTicket handshake message failed"; - break; + return( "SSL - Processing of the NewSessionTicket handshake message failed" ); case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED): - error_description = "SSL - Session ticket has expired"; - break; + return( "SSL - Session ticket has expired" ); case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH): - error_description = "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)"; - break; + return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY): - error_description = "SSL - Unknown identity received (eg, PSK identity)"; - break; + return( "SSL - Unknown identity received (eg, PSK identity)" ); case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR): - error_description = "SSL - Internal error (eg, unexpected failure in lower-level module)"; - break; + return( "SSL - Internal error (eg, unexpected failure in lower-level module)" ); case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING): - error_description = "SSL - A counter would wrap (eg, too many messages exchanged)"; - break; + return( "SSL - A counter would wrap (eg, too many messages exchanged)" ); case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO): - error_description = "SSL - Unexpected message at ServerHello in renegotiation"; - break; + return( "SSL - Unexpected message at ServerHello in renegotiation" ); case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED): - error_description = "SSL - DTLS client must retry for hello verification"; - break; + return( "SSL - DTLS client must retry for hello verification" ); case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL): - error_description = "SSL - A buffer is too small to receive or write a message"; - break; + return( "SSL - A buffer is too small to receive or write a message" ); case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE): - error_description = "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)"; - break; + return( "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); case -(MBEDTLS_ERR_SSL_WANT_READ): - error_description = "SSL - No data of requested type currently available on underlying transport"; - break; + return( "SSL - No data of requested type currently available on underlying transport" ); case -(MBEDTLS_ERR_SSL_WANT_WRITE): - error_description = "SSL - Connection requires a write call"; - break; + return( "SSL - Connection requires a write call" ); case -(MBEDTLS_ERR_SSL_TIMEOUT): - error_description = "SSL - The operation timed out"; - break; + return( "SSL - The operation timed out" ); case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT): - error_description = "SSL - The client initiated a reconnect from the same port"; - break; + return( "SSL - The client initiated a reconnect from the same port" ); case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD): - error_description = "SSL - Record header looks valid but is not expected"; - break; + return( "SSL - Record header looks valid but is not expected" ); case -(MBEDTLS_ERR_SSL_NON_FATAL): - error_description = "SSL - The alert message received indicates a non-fatal error"; - break; + return( "SSL - The alert message received indicates a non-fatal error" ); case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH): - error_description = "SSL - Couldn't set the hash for verifying CertificateVerify"; - break; + return( "SSL - Couldn't set the hash for verifying CertificateVerify" ); case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): - error_description = "SSL - Internal-only message signaling that further message-processing should be done"; - break; + return( "SSL - Internal-only message signaling that further message-processing should be done" ); case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): - error_description = "SSL - The asynchronous operation is not completed yet"; - break; + return( "SSL - The asynchronous operation is not completed yet" ); case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE): - error_description = "SSL - Internal-only message signaling that a message arrived early"; - break; + return( "SSL - Internal-only message signaling that a message arrived early" ); case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID): - error_description = "SSL - An encrypted DTLS-frame with an unexpected CID was received"; - break; + return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH): - error_description = "SSL - An operation failed due to an unexpected version or configuration"; - break; + return( "SSL - An operation failed due to an unexpected version or configuration" ); case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): - error_description = "SSL - A cryptographic operation is in progress. Try again later"; - break; + return( "SSL - A cryptographic operation is in progress. Try again later" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE): - error_description = "X509 - Unavailable feature, e.g. RSA hashing/encryption combination"; - break; + return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); case -(MBEDTLS_ERR_X509_UNKNOWN_OID): - error_description = "X509 - Requested OID is unknown"; - break; + return( "X509 - Requested OID is unknown" ); case -(MBEDTLS_ERR_X509_INVALID_FORMAT): - error_description = "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected"; - break; + return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); case -(MBEDTLS_ERR_X509_INVALID_VERSION): - error_description = "X509 - The CRT/CRL/CSR version element is invalid"; - break; + return( "X509 - The CRT/CRL/CSR version element is invalid" ); case -(MBEDTLS_ERR_X509_INVALID_SERIAL): - error_description = "X509 - The serial tag or value is invalid"; - break; + return( "X509 - The serial tag or value is invalid" ); case -(MBEDTLS_ERR_X509_INVALID_ALG): - error_description = "X509 - The algorithm tag or value is invalid"; - break; + return( "X509 - The algorithm tag or value is invalid" ); case -(MBEDTLS_ERR_X509_INVALID_NAME): - error_description = "X509 - The name tag or value is invalid"; - break; + return( "X509 - The name tag or value is invalid" ); case -(MBEDTLS_ERR_X509_INVALID_DATE): - error_description = "X509 - The date tag or value is invalid"; - break; + return( "X509 - The date tag or value is invalid" ); case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE): - error_description = "X509 - The signature tag or value invalid"; - break; + return( "X509 - The signature tag or value invalid" ); case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS): - error_description = "X509 - The extension tag or value is invalid"; - break; + return( "X509 - The extension tag or value is invalid" ); case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION): - error_description = "X509 - CRT/CRL/CSR has an unsupported version number"; - break; + return( "X509 - CRT/CRL/CSR has an unsupported version number" ); case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG): - error_description = "X509 - Signature algorithm (oid) is unsupported"; - break; + return( "X509 - Signature algorithm (oid) is unsupported" ); case -(MBEDTLS_ERR_X509_SIG_MISMATCH): - error_description = "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)"; - break; + return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" ); case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED): - error_description = "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"; - break; + return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT): - error_description = "X509 - Format not recognized as DER or PEM"; - break; + return( "X509 - Format not recognized as DER or PEM" ); case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA): - error_description = "X509 - Input invalid"; - break; + return( "X509 - Input invalid" ); case -(MBEDTLS_ERR_X509_ALLOC_FAILED): - error_description = "X509 - Allocation of memory failed"; - break; + return( "X509 - Allocation of memory failed" ); case -(MBEDTLS_ERR_X509_FILE_IO_ERROR): - error_description = "X509 - Read/write of file failed"; - break; + return( "X509 - Read/write of file failed" ); case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL): - error_description = "X509 - Destination buffer is too small"; - break; + return( "X509 - Destination buffer is too small" ); case -(MBEDTLS_ERR_X509_FATAL_ERROR): - error_description = "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"; - break; + return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ /* End Auto-Generated Code. */ @@ -727,13 +572,12 @@ const char * mbedtls_high_level_strerr( int error_code ) break; } - return error_description; + return( NULL ); } const char * mbedtls_low_level_strerr( int error_code ) { int low_level_error_code; - const char *error_description = NULL; if( error_code < 0 ) error_code = -error_code; @@ -746,398 +590,299 @@ const char * mbedtls_low_level_strerr( int error_code ) /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_AES_C) case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): - error_description = "AES - Invalid key length"; - break; + return( "AES - Invalid key length" ); case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): - error_description = "AES - Invalid data input length"; - break; + return( "AES - Invalid data input length" ); case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA): - error_description = "AES - Invalid input data"; - break; + return( "AES - Invalid input data" ); case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE): - error_description = "AES - Feature not available. For example, an unsupported AES key size"; - break; + return( "AES - Feature not available. For example, an unsupported AES key size" ); case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED): - error_description = "AES - AES hardware accelerator failed"; - break; + return( "AES - AES hardware accelerator failed" ); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ARC4_C) case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED): - error_description = "ARC4 - ARC4 hardware accelerator failed"; - break; + return( "ARC4 - ARC4 hardware accelerator failed" ); #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA): - error_description = "ARIA - Bad input data"; - break; + return( "ARIA - Bad input data" ); case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH): - error_description = "ARIA - Invalid data input length"; - break; + return( "ARIA - Invalid data input length" ); case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE): - error_description = "ARIA - Feature not available. For example, an unsupported ARIA key size"; - break; + return( "ARIA - Feature not available. For example, an unsupported ARIA key size" ); case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED): - error_description = "ARIA - ARIA hardware accelerator failed"; - break; + return( "ARIA - ARIA hardware accelerator failed" ); #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA): - error_description = "ASN1 - Out of data when parsing an ASN1 data structure"; - break; + return( "ASN1 - Out of data when parsing an ASN1 data structure" ); case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG): - error_description = "ASN1 - ASN1 tag was of an unexpected value"; - break; + return( "ASN1 - ASN1 tag was of an unexpected value" ); case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH): - error_description = "ASN1 - Error when trying to determine the length or invalid length"; - break; + return( "ASN1 - Error when trying to determine the length or invalid length" ); case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH): - error_description = "ASN1 - Actual length differs from expected length"; - break; + return( "ASN1 - Actual length differs from expected length" ); case -(MBEDTLS_ERR_ASN1_INVALID_DATA): - error_description = "ASN1 - Data is invalid"; - break; + return( "ASN1 - Data is invalid" ); case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED): - error_description = "ASN1 - Memory allocation failed"; - break; + return( "ASN1 - Memory allocation failed" ); case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL): - error_description = "ASN1 - Buffer too small when writing ASN.1 data structure"; - break; + return( "ASN1 - Buffer too small when writing ASN.1 data structure" ); #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_BASE64_C) case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL): - error_description = "BASE64 - Output buffer too small"; - break; + return( "BASE64 - Output buffer too small" ); case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER): - error_description = "BASE64 - Invalid character in input"; - break; + return( "BASE64 - Invalid character in input" ); #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_BIGNUM_C) case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR): - error_description = "BIGNUM - An error occurred while reading from or writing to a file"; - break; + return( "BIGNUM - An error occurred while reading from or writing to a file" ); case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA): - error_description = "BIGNUM - Bad input parameters to function"; - break; + return( "BIGNUM - Bad input parameters to function" ); case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER): - error_description = "BIGNUM - There is an invalid character in the digit string"; - break; + return( "BIGNUM - There is an invalid character in the digit string" ); case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL): - error_description = "BIGNUM - The buffer is too small to write to"; - break; + return( "BIGNUM - The buffer is too small to write to" ); case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE): - error_description = "BIGNUM - The input arguments are negative or result in illegal output"; - break; + return( "BIGNUM - The input arguments are negative or result in illegal output" ); case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO): - error_description = "BIGNUM - The input argument for division is zero, which is not allowed"; - break; + return( "BIGNUM - The input argument for division is zero, which is not allowed" ); case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE): - error_description = "BIGNUM - The input arguments are not acceptable"; - break; + return( "BIGNUM - The input arguments are not acceptable" ); case -(MBEDTLS_ERR_MPI_ALLOC_FAILED): - error_description = "BIGNUM - Memory allocation failed"; - break; + return( "BIGNUM - Memory allocation failed" ); #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA): - error_description = "BLOWFISH - Bad input data"; - break; + return( "BLOWFISH - Bad input data" ); case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH): - error_description = "BLOWFISH - Invalid data input length"; - break; + return( "BLOWFISH - Invalid data input length" ); case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED): - error_description = "BLOWFISH - Blowfish hardware accelerator failed"; - break; + return( "BLOWFISH - Blowfish hardware accelerator failed" ); #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA): - error_description = "CAMELLIA - Bad input data"; - break; + return( "CAMELLIA - Bad input data" ); case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH): - error_description = "CAMELLIA - Invalid data input length"; - break; + return( "CAMELLIA - Invalid data input length" ); case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED): - error_description = "CAMELLIA - Camellia hardware accelerator failed"; - break; + return( "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) case -(MBEDTLS_ERR_CCM_BAD_INPUT): - error_description = "CCM - Bad input parameters to the function"; - break; + return( "CCM - Bad input parameters to the function" ); case -(MBEDTLS_ERR_CCM_AUTH_FAILED): - error_description = "CCM - Authenticated decryption failed"; - break; + return( "CCM - Authenticated decryption failed" ); case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED): - error_description = "CCM - CCM hardware accelerator failed"; - break; + return( "CCM - CCM hardware accelerator failed" ); #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHA20_C) case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA): - error_description = "CHACHA20 - Invalid input parameter(s)"; - break; + return( "CHACHA20 - Invalid input parameter(s)" ); case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE): - error_description = "CHACHA20 - Feature not available. For example, s part of the API is not implemented"; - break; + return( "CHACHA20 - Feature not available. For example, s part of the API is not implemented" ); case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED): - error_description = "CHACHA20 - Chacha20 hardware accelerator failed"; - break; + return( "CHACHA20 - Chacha20 hardware accelerator failed" ); #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE): - error_description = "CHACHAPOLY - The requested operation is not permitted in the current state"; - break; + return( "CHACHAPOLY - The requested operation is not permitted in the current state" ); case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED): - error_description = "CHACHAPOLY - Authenticated decryption failed: data was not authentic"; - break; + return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED): - error_description = "CMAC - CMAC hardware accelerator failed"; - break; + return( "CMAC - CMAC hardware accelerator failed" ); #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED): - error_description = "CTR_DRBG - The entropy source failed"; - break; + return( "CTR_DRBG - The entropy source failed" ); case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG): - error_description = "CTR_DRBG - The requested random buffer length is too big"; - break; + return( "CTR_DRBG - The requested random buffer length is too big" ); case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG): - error_description = "CTR_DRBG - The input (entropy + additional data) is too large"; - break; + return( "CTR_DRBG - The input (entropy + additional data) is too large" ); case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR): - error_description = "CTR_DRBG - Read or write error in file"; - break; + return( "CTR_DRBG - Read or write error in file" ); #endif /* MBEDTLS_CTR_DRBG_C */ #if defined(MBEDTLS_DES_C) case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH): - error_description = "DES - The data input has an invalid length"; - break; + return( "DES - The data input has an invalid length" ); case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED): - error_description = "DES - DES hardware accelerator failed"; - break; + return( "DES - DES hardware accelerator failed" ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED): - error_description = "ENTROPY - Critical entropy source failure"; - break; + return( "ENTROPY - Critical entropy source failure" ); case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES): - error_description = "ENTROPY - No more sources can be added"; - break; + return( "ENTROPY - No more sources can be added" ); case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED): - error_description = "ENTROPY - No sources have been added to poll"; - break; + return( "ENTROPY - No sources have been added to poll" ); case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE): - error_description = "ENTROPY - No strong sources have been added to poll"; - break; + return( "ENTROPY - No strong sources have been added to poll" ); case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR): - error_description = "ENTROPY - Read/write error in file"; - break; + return( "ENTROPY - Read/write error in file" ); #endif /* MBEDTLS_ENTROPY_C */ #if defined(MBEDTLS_ERROR_C) case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): - error_description = "ERROR - Generic error"; - break; + return( "ERROR - Generic error" ); case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): - error_description = "ERROR - This is a bug in the library"; - break; + return( "ERROR - This is a bug in the library" ); #endif /* MBEDTLS_ERROR_C */ #if defined(MBEDTLS_GCM_C) case -(MBEDTLS_ERR_GCM_AUTH_FAILED): - error_description = "GCM - Authenticated decryption failed"; - break; + return( "GCM - Authenticated decryption failed" ); case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED): - error_description = "GCM - GCM hardware accelerator failed"; - break; + return( "GCM - GCM hardware accelerator failed" ); case -(MBEDTLS_ERR_GCM_BAD_INPUT): - error_description = "GCM - Bad input parameters to function"; - break; + return( "GCM - Bad input parameters to function" ); #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_HKDF_C) case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA): - error_description = "HKDF - Bad input parameters to function"; - break; + return( "HKDF - Bad input parameters to function" ); #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_HMAC_DRBG_C) case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG): - error_description = "HMAC_DRBG - Too many random requested in single call"; - break; + return( "HMAC_DRBG - Too many random requested in single call" ); case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG): - error_description = "HMAC_DRBG - Input too large (Entropy + additional)"; - break; + return( "HMAC_DRBG - Input too large (Entropy + additional)" ); case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR): - error_description = "HMAC_DRBG - Read/write error in file"; - break; + return( "HMAC_DRBG - Read/write error in file" ); case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED): - error_description = "HMAC_DRBG - The entropy source failed"; - break; + return( "HMAC_DRBG - The entropy source failed" ); #endif /* MBEDTLS_HMAC_DRBG_C */ #if defined(MBEDTLS_MD2_C) case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED): - error_description = "MD2 - MD2 hardware accelerator failed"; - break; + return( "MD2 - MD2 hardware accelerator failed" ); #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED): - error_description = "MD4 - MD4 hardware accelerator failed"; - break; + return( "MD4 - MD4 hardware accelerator failed" ); #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED): - error_description = "MD5 - MD5 hardware accelerator failed"; - break; + return( "MD5 - MD5 hardware accelerator failed" ); #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_NET_C) case -(MBEDTLS_ERR_NET_SOCKET_FAILED): - error_description = "NET - Failed to open a socket"; - break; + return( "NET - Failed to open a socket" ); case -(MBEDTLS_ERR_NET_CONNECT_FAILED): - error_description = "NET - The connection to the given server / port failed"; - break; + return( "NET - The connection to the given server / port failed" ); case -(MBEDTLS_ERR_NET_BIND_FAILED): - error_description = "NET - Binding of the socket failed"; - break; + return( "NET - Binding of the socket failed" ); case -(MBEDTLS_ERR_NET_LISTEN_FAILED): - error_description = "NET - Could not listen on the socket"; - break; + return( "NET - Could not listen on the socket" ); case -(MBEDTLS_ERR_NET_ACCEPT_FAILED): - error_description = "NET - Could not accept the incoming connection"; - break; + return( "NET - Could not accept the incoming connection" ); case -(MBEDTLS_ERR_NET_RECV_FAILED): - error_description = "NET - Reading information from the socket failed"; - break; + return( "NET - Reading information from the socket failed" ); case -(MBEDTLS_ERR_NET_SEND_FAILED): - error_description = "NET - Sending information through the socket failed"; - break; + return( "NET - Sending information through the socket failed" ); case -(MBEDTLS_ERR_NET_CONN_RESET): - error_description = "NET - Connection was reset by peer"; - break; + return( "NET - Connection was reset by peer" ); case -(MBEDTLS_ERR_NET_UNKNOWN_HOST): - error_description = "NET - Failed to get an IP address for the given hostname"; - break; + return( "NET - Failed to get an IP address for the given hostname" ); case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL): - error_description = "NET - Buffer is too small to hold the data"; - break; + return( "NET - Buffer is too small to hold the data" ); case -(MBEDTLS_ERR_NET_INVALID_CONTEXT): - error_description = "NET - The context is invalid, eg because it was free()ed"; - break; + return( "NET - The context is invalid, eg because it was free()ed" ); case -(MBEDTLS_ERR_NET_POLL_FAILED): - error_description = "NET - Polling the net context failed"; - break; + return( "NET - Polling the net context failed" ); case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA): - error_description = "NET - Input invalid"; - break; + return( "NET - Input invalid" ); #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) case -(MBEDTLS_ERR_OID_NOT_FOUND): - error_description = "OID - OID is not found"; - break; + return( "OID - OID is not found" ); case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL): - error_description = "OID - output buffer is too small"; - break; + return( "OID - output buffer is too small" ); #endif /* MBEDTLS_OID_C */ #if defined(MBEDTLS_PADLOCK_C) case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED): - error_description = "PADLOCK - Input data should be aligned"; - break; + return( "PADLOCK - Input data should be aligned" ); #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED): - error_description = "PLATFORM - Hardware accelerator failed"; - break; + return( "PLATFORM - Hardware accelerator failed" ); case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED): - error_description = "PLATFORM - The requested feature is not supported by the platform"; - break; + return( "PLATFORM - The requested feature is not supported by the platform" ); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA): - error_description = "POLY1305 - Invalid input parameter(s)"; - break; + return( "POLY1305 - Invalid input parameter(s)" ); case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE): - error_description = "POLY1305 - Feature not available. For example, s part of the API is not implemented"; - break; + return( "POLY1305 - Feature not available. For example, s part of the API is not implemented" ); case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED): - error_description = "POLY1305 - Poly1305 hardware accelerator failed"; - break; + return( "POLY1305 - Poly1305 hardware accelerator failed" ); #endif /* MBEDTLS_POLY1305_C */ #if defined(MBEDTLS_RIPEMD160_C) case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED): - error_description = "RIPEMD160 - RIPEMD160 hardware accelerator failed"; - break; + return( "RIPEMD160 - RIPEMD160 hardware accelerator failed" ); #endif /* MBEDTLS_RIPEMD160_C */ #if defined(MBEDTLS_SHA1_C) case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED): - error_description = "SHA1 - SHA-1 hardware accelerator failed"; - break; + return( "SHA1 - SHA-1 hardware accelerator failed" ); case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA): - error_description = "SHA1 - SHA-1 input data was malformed"; - break; + return( "SHA1 - SHA-1 input data was malformed" ); #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED): - error_description = "SHA256 - SHA-256 hardware accelerator failed"; - break; + return( "SHA256 - SHA-256 hardware accelerator failed" ); case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA): - error_description = "SHA256 - SHA-256 input data was malformed"; - break; + return( "SHA256 - SHA-256 input data was malformed" ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED): - error_description = "SHA512 - SHA-512 hardware accelerator failed"; - break; + return( "SHA512 - SHA-512 hardware accelerator failed" ); case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA): - error_description = "SHA512 - SHA-512 input data was malformed"; - break; + return( "SHA512 - SHA-512 input data was malformed" ); #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE): - error_description = "THREADING - The selected feature is not available"; - break; + return( "THREADING - The selected feature is not available" ); case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA): - error_description = "THREADING - Bad input parameters to function"; - break; + return( "THREADING - Bad input parameters to function" ); case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR): - error_description = "THREADING - Locking / unlocking / free failed with error code"; - break; + return( "THREADING - Locking / unlocking / free failed with error code" ); #endif /* MBEDTLS_THREADING_C */ #if defined(MBEDTLS_XTEA_C) case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH): - error_description = "XTEA - The data input has an invalid length"; - break; + return( "XTEA - The data input has an invalid length" ); case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED): - error_description = "XTEA - XTEA hardware accelerator failed"; - break; + return( "XTEA - XTEA hardware accelerator failed" ); #endif /* MBEDTLS_XTEA_C */ /* End Auto-Generated Code. */ @@ -1145,7 +890,7 @@ const char * mbedtls_low_level_strerr( int error_code ) break; } - return error_description; + return( NULL ); } void mbedtls_strerror( int ret, char *buf, size_t buflen ) diff --git a/library/net_sockets.c b/library/net_sockets.c index dbde510db..5c1e665ea 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -54,8 +54,7 @@ #define IS_EINTR( ret ) ( ( ret ) == WSAEINTR ) -#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501) -#undef _WIN32_WINNT +#if !defined(_WIN32_WINNT) /* Enables getaddrinfo() & Co */ #define _WIN32_WINNT 0x0501 #endif @@ -64,6 +63,9 @@ #include #include +#if (_WIN32_WINNT < 0x0501) +#include +#endif #if defined(_MSC_VER) #if defined(_WIN32_WCE) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 733a2e46c..69323184d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -375,55 +375,6 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_ECP_C) -psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, - size_t *bits ) -{ - switch( grpid ) - { - case MBEDTLS_ECP_DP_SECP192R1: - *bits = 192; - return( PSA_ECC_CURVE_SECP_R1 ); - case MBEDTLS_ECP_DP_SECP224R1: - *bits = 224; - return( PSA_ECC_CURVE_SECP_R1 ); - case MBEDTLS_ECP_DP_SECP256R1: - *bits = 256; - return( PSA_ECC_CURVE_SECP_R1 ); - case MBEDTLS_ECP_DP_SECP384R1: - *bits = 384; - return( PSA_ECC_CURVE_SECP_R1 ); - case MBEDTLS_ECP_DP_SECP521R1: - *bits = 521; - return( PSA_ECC_CURVE_SECP_R1 ); - case MBEDTLS_ECP_DP_BP256R1: - *bits = 256; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - case MBEDTLS_ECP_DP_BP384R1: - *bits = 384; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - case MBEDTLS_ECP_DP_BP512R1: - *bits = 512; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - case MBEDTLS_ECP_DP_CURVE25519: - *bits = 255; - return( PSA_ECC_CURVE_MONTGOMERY ); - case MBEDTLS_ECP_DP_SECP192K1: - *bits = 192; - return( PSA_ECC_CURVE_SECP_K1 ); - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; - return( PSA_ECC_CURVE_SECP_K1 ); - case MBEDTLS_ECP_DP_SECP256K1: - *bits = 256; - return( PSA_ECC_CURVE_SECP_K1 ); - case MBEDTLS_ECP_DP_CURVE448: - *bits = 448; - return( PSA_ECC_CURVE_MONTGOMERY ); - default: - return( 0 ); - } -} - mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, size_t byte_length ) { diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index b7fa0c5c5..087c768f4 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -64,16 +64,16 @@ typedef struct uintptr_t transient_data; } psa_drv_se_internal_context_t; -typedef struct psa_se_drv_table_entry_s +struct psa_se_drv_table_entry_s { - psa_key_lifetime_t lifetime; + psa_key_location_t location; const psa_drv_se_t *methods; union { psa_drv_se_internal_context_t internal; psa_drv_se_context_t context; - }; -} psa_se_drv_table_entry_t; + } u; +}; static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS]; @@ -81,15 +81,16 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry( psa_key_lifetime_t lifetime ) { size_t i; - /* In the driver table, lifetime=0 means an entry that isn't used. - * No driver has a lifetime of 0 because it's a reserved value - * (which designates volatile keys). Make sure we never return - * a driver entry for lifetime 0. */ - if( lifetime == 0 ) + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); + /* In the driver table, location=0 means an entry that isn't used. + * No driver has a location of 0 because it's a reserved value + * (which designates transparent keys). Make sure we never return + * a driver entry for location 0. */ + if( location == 0 ) return( NULL ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( &driver_table[i] ); } return( NULL ); @@ -104,7 +105,7 @@ const psa_drv_se_t *psa_get_se_driver_methods( psa_drv_se_context_t *psa_get_se_driver_context( psa_se_drv_table_entry_t *driver ) { - return( &driver->context ); + return( &driver->u.context ); } int psa_get_se_driver( psa_key_lifetime_t lifetime, @@ -115,7 +116,7 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime, if( p_methods != NULL ) *p_methods = ( driver ? driver->methods : NULL ); if( p_drv_context != NULL ) - *p_drv_context = ( driver ? &driver->context : NULL ); + *p_drv_context = ( driver ? &driver->u.context : NULL ); return( driver != NULL ); } @@ -129,17 +130,17 @@ static psa_status_t psa_get_se_driver_its_file_uid( const psa_se_drv_table_entry_t *driver, psa_storage_uid_t *uid ) { - if( driver->lifetime > PSA_MAX_SE_LIFETIME ) + if( driver->location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); #if SIZE_MAX > UINT32_MAX /* ITS file sizes are limited to 32 bits. */ - if( driver->internal.persistent_data_size > UINT32_MAX ) + if( driver->u.internal.persistent_data_size > UINT32_MAX ) return( PSA_ERROR_NOT_SUPPORTED ); #endif /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ - *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime; + *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; return( PSA_SUCCESS ); } @@ -162,8 +163,8 @@ psa_status_t psa_load_se_persistent_data( * persistent_data_size is in range, but compilers don't know that, * so cast to reassure them. */ return( psa_its_get( uid, 0, - (uint32_t) driver->internal.persistent_data_size, - driver->internal.persistent_data, + (uint32_t) driver->u.internal.persistent_data_size, + driver->u.internal.persistent_data, &length ) ); } @@ -181,17 +182,17 @@ psa_status_t psa_save_se_persistent_data( * persistent_data_size is in range, but compilers don't know that, * so cast to reassure them. */ return( psa_its_set( uid, - (uint32_t) driver->internal.persistent_data_size, - driver->internal.persistent_data, + (uint32_t) driver->u.internal.persistent_data_size, + driver->u.internal.persistent_data, 0 ) ); } -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ) +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ) { psa_storage_uid_t uid; - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); - uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime; + uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location; return( psa_its_remove( uid ) ); } @@ -202,9 +203,11 @@ psa_status_t psa_find_se_slot_for_key( psa_key_slot_number_t *slot_number ) { psa_status_t status; + psa_key_location_t key_location = + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); - /* If the lifetime is wrong, it's a bug in the library. */ - if( driver->lifetime != psa_get_key_lifetime( attributes ) ) + /* If the location is wrong, it's a bug in the library. */ + if( driver->location != key_location ) return( PSA_ERROR_CORRUPTION_DETECTED ); /* If the driver doesn't support key creation in any way, give up now. */ @@ -221,8 +224,8 @@ psa_status_t psa_find_se_slot_for_key( driver->methods->key_management->p_validate_slot_number; if( p_validate_slot_number == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - status = p_validate_slot_number( &driver->context, - driver->internal.persistent_data, + status = p_validate_slot_number( &driver->u.context, + driver->u.internal.persistent_data, attributes, method, *slot_number ); } @@ -240,8 +243,8 @@ psa_status_t psa_find_se_slot_for_key( driver->methods->key_management->p_allocate; if( p_allocate == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - status = p_allocate( &driver->context, - driver->internal.persistent_data, + status = p_allocate( &driver->u.context, + driver->u.internal.persistent_data, attributes, method, slot_number ); } @@ -265,8 +268,8 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, driver->methods->key_management->p_destroy == NULL ) return( PSA_ERROR_NOT_PERMITTED ); status = driver->methods->key_management->p_destroy( - &driver->context, - driver->internal.persistent_data, + &driver->u.context, + driver->u.internal.persistent_data, slot_number ); storage_status = psa_save_se_persistent_data( driver ); return( status == PSA_SUCCESS ? storage_status : status ); @@ -278,15 +281,15 @@ psa_status_t psa_init_all_se_drivers( void ) for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { psa_se_drv_table_entry_t *driver = &driver_table[i]; - if( driver->lifetime == 0 ) + if( driver->location == 0 ) continue; /* skipping unused entry */ const psa_drv_se_t *methods = psa_get_se_driver_methods( driver ); if( methods->p_init != NULL ) { psa_status_t status = methods->p_init( - &driver->context, - driver->internal.persistent_data, - driver->lifetime ); + &driver->u.context, + driver->u.internal.persistent_data, + driver->location ); if( status != PSA_SUCCESS ) return( status ); status = psa_save_se_persistent_data( driver ); @@ -304,7 +307,7 @@ psa_status_t psa_init_all_se_drivers( void ) /****************************************************************/ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods) { size_t i; @@ -313,42 +316,39 @@ psa_status_t psa_register_se_driver( if( methods->hal_version != PSA_DRV_SE_HAL_VERSION ) return( PSA_ERROR_NOT_SUPPORTED ); /* Driver table entries are 0-initialized. 0 is not a valid driver - * lifetime because it means a volatile key. */ + * location because it means a transparent key. */ #if defined(static_assert) - static_assert( PSA_KEY_LIFETIME_VOLATILE == 0, - "Secure element support requires 0 to mean a volatile key" ); + static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0, + "Secure element support requires 0 to mean a local key" ); #endif - if( lifetime == PSA_KEY_LIFETIME_VOLATILE || - lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - { + if( location == PSA_KEY_LOCATION_LOCAL_STORAGE ) return( PSA_ERROR_INVALID_ARGUMENT ); - } - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == 0 ) + if( driver_table[i].location == 0 ) break; - /* Check that lifetime isn't already in use up to the first free + /* Check that location isn't already in use up to the first free * entry. Since entries are created in order and never deleted, * there can't be a used entry after the first free entry. */ - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( PSA_ERROR_ALREADY_EXISTS ); } if( i == PSA_MAX_SE_DRIVERS ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - driver_table[i].lifetime = lifetime; + driver_table[i].location = location; driver_table[i].methods = methods; - driver_table[i].internal.persistent_data_size = + driver_table[i].u.internal.persistent_data_size = methods->persistent_data_size; if( methods->persistent_data_size != 0 ) { - driver_table[i].internal.persistent_data = + driver_table[i].u.internal.persistent_data = mbedtls_calloc( 1, methods->persistent_data_size ); - if( driver_table[i].internal.persistent_data == NULL ) + if( driver_table[i].u.internal.persistent_data == NULL ) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto error; @@ -373,8 +373,8 @@ void psa_unregister_all_se_drivers( void ) size_t i; for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].internal.persistent_data != NULL ) - mbedtls_free( driver_table[i].internal.persistent_data ); + if( driver_table[i].u.internal.persistent_data != NULL ) + mbedtls_free( driver_table[i].u.internal.persistent_data ); } memset( driver_table, 0, sizeof( driver_table ) ); } diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 86bf7a7b1..c1450656c 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -31,31 +31,30 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -/** The maximum lifetime value that this implementation supports +/** The maximum location value that this implementation supports * for a secure element. * * This is not a characteristic that each PSA implementation has, but a * limitation of the current implementation due to the constraints imposed * by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. * - * The minimum lifetime value for a secure element is 2, like on any - * PSA implementation (0=volatile and 1=internal-storage are taken). + * The minimum location value for a secure element is 1, like on any + * PSA implementation (0 means a transparent key). */ -#define PSA_MAX_SE_LIFETIME 255 +#define PSA_MAX_SE_LOCATION 255 /** The base of the range of ITS file identifiers for secure element * driver persistent data. * * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff, * specifically the range 0xfffffe00..0xfffffeff. The length of this range - * drives the value of #PSA_MAX_SE_LIFETIME. - * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since - * they correspond to #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver. + * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is + * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE + * which doesn't have a driver. */ #define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) -/** The maximum number of registered secure element driver lifetimes. */ +/** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 /** Unregister all secure element drivers. @@ -173,10 +172,10 @@ psa_status_t psa_save_se_persistent_data( * * This is currently only used for testing. * - * \param[in] lifetime The driver lifetime whose persistent data should - * be erased. + * \param[in] location The location identifier for the driver whose + * persistent data is to be erased. */ -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ); +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); /** The storage representation of a key whose data is in a secure element. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dbc5a3e88..fd0c8a7ab 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -863,7 +863,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, unsigned char *key2; unsigned char *mac_enc; unsigned char *mac_dec; - size_t mac_key_len; + size_t mac_key_len = 0; size_t iv_copy_len; unsigned keylen; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1175,7 +1175,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( mbedtls_ssl_hw_record_init != NULL ) { - int ret = 0; + ret = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); @@ -2747,9 +2747,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) - ret = 0; - else + if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL ) ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; goto exit; @@ -6663,14 +6661,6 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *context, */ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; - size_t out_buf_len = ssl->out_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - if( ssl == NULL ) return; @@ -6678,6 +6668,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + size_t out_buf_len = ssl->out_buf_len; +#else + size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; +#endif + mbedtls_platform_zeroize( ssl->out_buf, out_buf_len ); mbedtls_free( ssl->out_buf ); ssl->out_buf = NULL; @@ -6685,6 +6681,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) if( ssl->in_buf != NULL ) { +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + size_t in_buf_len = ssl->in_buf_len; +#else + size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; +#endif + mbedtls_platform_zeroize( ssl->in_buf, in_buf_len ); mbedtls_free( ssl->in_buf ); ssl->in_buf = NULL; diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 8edf85f33..f17c641b0 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -76,7 +76,7 @@ int main( void ) mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C " "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -465,6 +465,6 @@ exit: mbedtls_aes_free( &aes_ctx ); mbedtls_md_free( &sha_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index e2949f25b..1e03d43ae 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -78,14 +78,15 @@ int main( void ) { mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else int main( int argc, char *argv[] ) { - int ret = 1, i, n; + int ret = 1, i; + unsigned n; int exit_code = MBEDTLS_EXIT_FAILURE; int mode; size_t keylen, ilen, olen; @@ -562,6 +563,6 @@ exit: mbedtls_cipher_free( &cipher_ctx ); mbedtls_md_free( &md_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 709a149e0..97f7a46f9 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -48,7 +48,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -203,7 +203,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } /* @@ -213,12 +213,12 @@ int main( int argc, char *argv[] ) if( md_info == NULL ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( mbedtls_md_setup( &md_ctx, md_info, 0 ) ) { mbedtls_fprintf( stderr, "Failed to initialize context.\n" ); - return( exit_code ); + mbedtls_exit( exit_code ); } ret = 0; @@ -237,6 +237,6 @@ int main( int argc, char *argv[] ) exit: mbedtls_md_free( &md_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 55a0c7e74..66fd31554 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -44,7 +44,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -58,7 +58,7 @@ int main( void ) mbedtls_printf( "\n MD5('%s') = ", str ); if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 ) - return( MBEDTLS_EXIT_FAILURE ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) mbedtls_printf( "%02x", digest[i] ); @@ -70,6 +70,6 @@ int main( void ) fflush( stdout ); getchar(); #endif - return( MBEDTLS_EXIT_SUCCESS ); + mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); } #endif /* MBEDTLS_MD5_C */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 86b260ca0..90fc4e546 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -68,7 +68,7 @@ int main( void ) "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -307,7 +307,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index bf5482ed0..5293f899c 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -45,7 +45,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_GENPRIME not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -91,7 +91,7 @@ int main( int argc, char **argv ) { usage: mbedtls_printf( USAGE ); - return( exit_code ); + mbedtls_exit( exit_code ); } for( i = 1; i < argc; i++ ) @@ -197,7 +197,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c01177485..06676c08d 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -68,7 +68,7 @@ int main( void ) "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -330,7 +330,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 9f849dd29..e79dce09a 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -45,7 +45,7 @@ int main( void ) "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -238,7 +238,7 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 9feb16090..72744e75f 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -66,7 +66,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else #if defined(VERBOSE) @@ -248,7 +248,7 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && ECPARAMS */ diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 9c1a91c00..c5d8ac9b9 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -133,7 +133,7 @@ int main( void ) "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_PEM_WRITE_C" "not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -446,7 +446,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 345b7b884..d7387f3e3 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -70,7 +70,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -311,6 +311,6 @@ cleanup: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 937fe9033..46cb70410 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -94,7 +94,7 @@ int main( void ) { mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -436,6 +436,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index ecdcd329a..816378137 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -46,7 +46,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -112,6 +112,6 @@ cleanup: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index bccfde072..494bb80ad 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -56,7 +56,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -64,7 +64,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i, olen = 0; mbedtls_pk_context pk; @@ -171,7 +172,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 16cd3f0d0..673e2cb5a 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -57,7 +57,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -176,7 +176,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 4e755c089..3504bffe0 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -47,7 +47,7 @@ int main( void ) "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -173,7 +173,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 2e0876304..b1374b6cf 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -45,7 +45,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +147,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 3327909b1..6aca217e0 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -55,7 +55,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -65,7 +65,7 @@ int main( int argc, char *argv[] ) FILE *f; int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - int c; + unsigned c; size_t i; mbedtls_rsa_context rsa; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; @@ -207,6 +207,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4a71c15dd..48f01abbc 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -55,7 +55,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -184,7 +184,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index f2b7b5078..719923a96 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -59,7 +59,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -172,7 +172,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 78ab176f8..38a1f3d4c 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -46,7 +46,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -188,7 +188,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 5019f28f5..938b93af4 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -47,7 +47,7 @@ int main( void ) "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -175,7 +175,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index b53177594..8ea5d51a3 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -45,7 +45,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -59,7 +59,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i; mbedtls_rsa_context rsa; @@ -161,7 +162,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index de28337c8..5e4e98e8b 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -47,7 +47,7 @@ int main( void ) "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -151,7 +151,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index c60aec966..e981b9a62 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -47,7 +47,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -63,13 +63,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_entropy_init( &entropy ); @@ -99,6 +99,6 @@ cleanup: fclose( f ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 59df34b66..b0882767a 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -50,7 +50,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -69,13 +69,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_entropy_init( &entropy ); @@ -132,6 +132,6 @@ cleanup: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index 5ea52aec9..6a65de093 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -48,7 +48,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -65,13 +65,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_havege_init( &hs ); @@ -104,6 +104,6 @@ int main( int argc, char *argv[] ) exit: mbedtls_havege_free( &hs ); fclose( f ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_HAVEGE_C */ diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index ce1056fa2..a0f4a5fbd 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_exit exit @@ -48,7 +49,7 @@ int main( void ) "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -355,7 +356,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C && MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index f63741f25..dd88f95a6 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_time_t time_t @@ -61,7 +62,7 @@ int main( void ) "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or " "MBEDTLS_TIMING_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -430,7 +431,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C && diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index b4346bb54..5a153ccf2 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -60,7 +60,7 @@ int main( void ) mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -296,6 +296,6 @@ exit: mbedtls_x509_crt_free( &ca ); #endif - return( ret ); + mbedtls_exit( ret ); } #endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 3724c6411..00fbe7f3c 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -51,7 +51,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -312,7 +312,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6b09a895a..486b6a6b0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -50,7 +50,7 @@ int main( void ) mbedtls_printf("MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -377,7 +377,9 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_name=%%s default: localhost\n" \ @@ -401,7 +403,8 @@ int main( void ) "\n" \ USAGE_DTLS \ USAGE_CID \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ USAGE_IO \ @@ -411,7 +414,8 @@ int main( void ) USAGE_PSK \ USAGE_ECJPAKE \ USAGE_ECRESTART \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -434,7 +438,8 @@ int main( void ) USAGE_CURVES \ USAGE_RECSPLIT \ USAGE_DHMLEN \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -1244,7 +1249,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) @@ -1710,7 +1718,7 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - return query_config( q ); + mbedtls_exit( query_config( q ) ); } else if( strcmp( p, "serialize") == 0 ) { @@ -3417,7 +3425,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 851bc0536..d36aacbc0 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -54,14 +54,14 @@ int main( int argc, char *argv[] ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #elif defined(_WIN32) int main( void ) { mbedtls_printf("_WIN32 defined. This application requires fork() and signals " "to work correctly.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -417,7 +417,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 3163e2124..08ff02595 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -56,7 +56,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -853,7 +853,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 0624d3363..3496ef6a5 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -54,7 +54,7 @@ int main( void ) "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD " "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -524,7 +524,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 9668cf93e..9cba88714 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -52,7 +52,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -397,7 +397,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ca557caaf..5dd18715f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -50,7 +50,7 @@ int main( void ) mbedtls_printf("MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -463,7 +463,9 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_addr=%%s default: (all interfaces)\n" \ @@ -484,7 +486,8 @@ int main( void ) USAGE_COOKIES \ USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ @@ -496,7 +499,8 @@ int main( void ) USAGE_PSK \ USAGE_CA_CALLBACK \ USAGE_ECJPAKE \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -513,7 +517,8 @@ int main( void ) USAGE_EMS \ USAGE_ETM \ USAGE_CURVES \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -1910,7 +1915,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) @@ -2409,7 +2417,7 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - return query_config( q ); + mbedtls_exit( query_config( q ) ); } else if( strcmp( p, "serialize") == 0 ) { @@ -4376,7 +4384,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 157593066..0c04cd8f7 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -38,7 +38,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_TIMING_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -101,7 +101,7 @@ int main( void ) #define OPTIONS \ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ "arc4, des3, des, camellia, blowfish, chacha20,\n" \ - "aes_cbc, aes_gcm, aes_ccm, aes_ctx, chachapoly,\n" \ + "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ "aes_cmac, des3_cmac, poly1305\n" \ "havege, ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" @@ -1065,7 +1065,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( 0 ); + mbedtls_exit( 0 ); } #endif /* MBEDTLS_TIMING_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index bd28e9a36..3fa05f315 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -500,7 +500,5 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - /* return() is here to prevent compiler warnings */ - return( MBEDTLS_EXIT_SUCCESS ); + mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); } - diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index d601dcc69..94bae4334 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -42,6 +42,7 @@ #define mbedtls_printf printf #define mbedtls_calloc calloc #define mbedtls_free free +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,7 +51,7 @@ int main( void ) { mbedtls_printf( "MBEDTLS_NET_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -181,7 +182,7 @@ static void exit_usage( const char *name, const char *value ) mbedtls_printf( " option %s: illegal value: %s\n", name, value ); mbedtls_printf( USAGE ); - exit( 1 ); + mbedtls_exit( 1 ); } static void get_options( int argc, char *argv[] ) @@ -1019,7 +1020,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_NET_C */ diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 29cc0ac3c..c670a6b58 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -42,6 +42,7 @@ #else #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -72,14 +73,14 @@ int main( int argc, char** argv ) { mbedtls_printf( "This program takes exactly 1 agument\n" ); usage(); - return( exit_code ); + mbedtls_exit( exit_code ); } fp = fopen( argv[1], "r" ); if( fp == NULL ) { mbedtls_printf( "Could not open file '%s'\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } while( ( c = fgetc( fp ) ) != EOF && p < end - 1 ) @@ -97,5 +98,5 @@ int main( int argc, char** argv ) fclose( fp ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); - return( exit_code ); + mbedtls_exit( exit_code ); } diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index f18493926..f1961a145 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -61,7 +61,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -290,6 +290,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */ diff --git a/programs/util/strerror.c b/programs/util/strerror.c index b0487c08e..45ddd4e20 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -29,7 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf +#define mbedtls_exit exit #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) @@ -48,7 +50,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else int main( int argc, char *argv[] ) @@ -59,7 +61,7 @@ int main( int argc, char *argv[] ) if( argc != 2 ) { mbedtls_printf( USAGE ); - return( 0 ); + mbedtls_exit( 0 ); } val = strtol( argv[1], &end, 10 ); @@ -87,6 +89,6 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( val ); + mbedtls_exit( val ); } #endif /* MBEDTLS_ERROR_C */ diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 7723a372e..1b364ddae 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -51,7 +51,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -497,7 +497,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index f3d915750..81e0d8c94 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -46,7 +46,7 @@ int main( void ) "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -444,7 +444,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 9a7dc591d..318f22660 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -47,7 +47,7 @@ int main( void ) "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_ERROR_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -815,7 +815,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 127320a13..cebc724e7 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -42,7 +42,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +147,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 3bb4277fd..3182d30bc 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -42,7 +42,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +147,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C && MBEDTLS_FS_IO */ diff --git a/scripts/config.py b/scripts/config.py index 20521a57a..7f94587f6 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -159,45 +159,68 @@ def realfull_adapter(_name, active, section): return active return True +# The goal of the full configuration is to have everything that can be tested +# together. This includes deprecated or insecure options. It excludes: +# * Options that require additional build dependencies or unusual hardware. +# * Options that make testing less effective. +# * Options that are incompatible with other options, or more generally that +# interact with other parts of the code in such a way that a bulk enabling +# is not a good way to test them. +# * Options that remove features. +EXCLUDE_FROM_FULL = frozenset([ + #pylint: disable=line-too-long + 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 + 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options + 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options + 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS + 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO + 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY + 'MBEDTLS_HAVE_SSE2', # hardware dependency + 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C + 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective + 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C + 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum + 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature + 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature + 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum + 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) + 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature + 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time) + 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) + 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) + 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature + 'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', # removes a feature + 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS + 'MBEDTLS_SHA512_NO_SHA384', # removes a feature + 'MBEDTLS_SSL_HW_RECORD_ACCEL', # build dependency (hook functions) + 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature + 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS + 'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz) +]) + +def is_seamless_alt(name): + """Whether the xxx_ALT symbol should be included in the full configuration. + + Include alternative implementations of platform functions, which are + configurable function pointers that default to the built-in function. + This way we test that the function pointers exist and build correctly + without changing the behavior, and tests can verify that the function + pointers are used by modifying those pointers. + + Exclude alternative implementations of library functions since they require + an implementation of the relevant functions and an xxx_alt.h header. + """ + if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT': + # Similar to non-platform xxx_ALT, requires platform_alt.h + return False + return name.startswith('MBEDTLS_PLATFORM_') + def include_in_full(name): """Rules for symbols in the "full" configuration.""" - if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name): - return True - if name in [ - 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', - 'MBEDTLS_DEPRECATED_REMOVED', - 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', - 'MBEDTLS_ECP_RESTARTABLE', - 'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately - 'MBEDTLS_HAVE_SSE2', - 'MBEDTLS_MEMORY_BACKTRACE', - 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', - 'MBEDTLS_MEMORY_DEBUG', - 'MBEDTLS_NO_64BIT_MULTIPLICATION', - 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', - 'MBEDTLS_NO_PLATFORM_ENTROPY', - 'MBEDTLS_NO_UDBL_DIVISION', - 'MBEDTLS_PKCS11_C', - 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', - 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', - 'MBEDTLS_PSA_CRYPTO_SE_C', - 'MBEDTLS_PSA_CRYPTO_SPM', - 'MBEDTLS_PSA_INJECT_ENTROPY', - 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', - 'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', - 'MBEDTLS_RSA_NO_CRT', - 'MBEDTLS_SHA512_NO_SHA384', - 'MBEDTLS_SSL_HW_RECORD_ACCEL', - 'MBEDTLS_SSL_PROTO_SSL3', - 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO', - 'MBEDTLS_TEST_NULL_ENTROPY', - 'MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3', - 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', - 'MBEDTLS_ZLIB_SUPPORT', - ]: + if name in EXCLUDE_FROM_FULL: return False if name.endswith('_ALT'): - return False + return is_seamless_alt(name) return True def full_adapter(name, active, section): @@ -206,25 +229,33 @@ def full_adapter(name, active, section): return active return include_in_full(name) +# The baremetal configuration excludes options that require a library or +# operating system feature that is typically not present on bare metal +# systems. Features that are excluded from "full" won't be in "baremetal" +# either (unless explicitly turned on in baremetal_adapter) so they don't +# need to be repeated here. +EXCLUDE_FROM_BAREMETAL = frozenset([ + #pylint: disable=line-too-long + 'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks + 'MBEDTLS_FS_IO', # requires a filesystem + 'MBEDTLS_HAVEGE_C', # requires a clock + 'MBEDTLS_HAVE_TIME', # requires a clock + 'MBEDTLS_HAVE_TIME_DATE', # requires a clock + 'MBEDTLS_NET_C', # requires POSIX-like networking + 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h + 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED + 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME + 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C + 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem + 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem + 'MBEDTLS_THREADING_C', # requires a threading interface + 'MBEDTLS_THREADING_PTHREAD', # requires pthread + 'MBEDTLS_TIMING_C', # requires a clock +]) + def keep_in_baremetal(name): """Rules for symbols in the "baremetal" configuration.""" - if name in [ - 'MBEDTLS_DEPRECATED_WARNING', - 'MBEDTLS_ENTROPY_NV_SEED', - 'MBEDTLS_FS_IO', - 'MBEDTLS_HAVEGE_C', - 'MBEDTLS_HAVE_TIME', - 'MBEDTLS_HAVE_TIME_DATE', - 'MBEDTLS_NET_C', - 'MBEDTLS_PLATFORM_FPRINTF_ALT', - 'MBEDTLS_PLATFORM_TIME_ALT', - 'MBEDTLS_PSA_CRYPTO_SE_C', - 'MBEDTLS_PSA_CRYPTO_STORAGE_C', - 'MBEDTLS_PSA_ITS_FILE_C', - 'MBEDTLS_THREADING_C', - 'MBEDTLS_THREADING_PTHREAD', - 'MBEDTLS_TIMING_C', - ]: + if name in EXCLUDE_FROM_BAREMETAL: return False return True @@ -233,6 +264,7 @@ def baremetal_adapter(name, active, section): if not is_full_section(section): return active if name == 'MBEDTLS_NO_PLATFORM_ENTROPY': + # No OS-provided entropy source return True return include_in_full(name) and keep_in_baremetal(name) @@ -243,10 +275,10 @@ def include_in_crypto(name): name.startswith('MBEDTLS_KEY_EXCHANGE_'): return False if name in [ - 'MBEDTLS_CERTS_C', - 'MBEDTLS_DEBUG_C', - 'MBEDTLS_NET_C', - 'MBEDTLS_PKCS11_C', + 'MBEDTLS_CERTS_C', # part of libmbedx509 + 'MBEDTLS_DEBUG_C', # part of libmbedtls + 'MBEDTLS_NET_C', # part of libmbedtls + 'MBEDTLS_PKCS11_C', # part of libmbedx509 ]: return False return True @@ -265,6 +297,28 @@ def crypto_adapter(adapter): return adapter(name, active, section) return continuation +DEPRECATED = frozenset([ + 'MBEDTLS_SSL_PROTO_SSL3', + 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO', +]) + +def no_deprecated_adapter(adapter): + """Modify an adapter to disable deprecated symbols. + + ``no_deprecated_adapter(adapter)(name, active, section)`` is like + ``adapter(name, active, section)``, but unsets all deprecated symbols + and sets ``MBEDTLS_DEPRECATED_REMOVED``. + """ + def continuation(name, active, section): + if name == 'MBEDTLS_DEPRECATED_REMOVED': + return True + if name in DEPRECATED: + return False + if adapter is None: + return active + return adapter(name, active, section) + return continuation + class ConfigFile(Config): """Representation of the Mbed TLS configuration read for a file. @@ -430,6 +484,10 @@ if __name__ == '__main__': Exclude alternative implementations and platform support options, as well as some options that are awkward to test. """) + add_adapter('full_no_deprecated', no_deprecated_adapter(full_adapter), + """Uncomment most non-deprecated features. + Like "full", but without deprecated features. + """) add_adapter('realfull', realfull_adapter, """Uncomment all boolean #defines. Suitable for generating documentation, but not for building.""") diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 97b74bcd9..f65881bc8 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -45,7 +45,6 @@ HEADER_INCLUDED const char * mbedtls_high_level_strerr( int error_code ) { int high_level_error_code; - const char *error_description = NULL; if( error_code < 0 ) error_code = -error_code; @@ -63,13 +62,12 @@ HIGH_LEVEL_CODE_CHECKS break; } - return error_description; + return( NULL ); } const char * mbedtls_low_level_strerr( int error_code ) { int low_level_error_code; - const char *error_description = NULL; if( error_code < 0 ) error_code = -error_code; @@ -87,7 +85,7 @@ LOW_LEVEL_CODE_CHECKS break; } - return error_description; + return( NULL ); } void mbedtls_strerror( int ret, char *buf, size_t buflen ) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cb596694c..0512d5982 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -161,8 +161,7 @@ foreach my $line (@matches) } ${$code_check} .= "${white_space}case -($error_name):\n". - "${white_space} error_description = \"$module_name - $description\";\n". - "${white_space} break;\n" + "${white_space} return( \"$module_name - $description\" );\n" }; if ($ll_old_define ne "") diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat new file mode 100644 index 000000000..e41993101 --- /dev/null +++ b/scripts/windows_msbuild.bat @@ -0,0 +1,20 @@ +@rem Build and test Mbed TLS with Visual Studio using msbuild. +@rem Usage: windows_msbuild [RETARGET] +@rem RETARGET: version of Visual Studio to emulate +@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset + +@rem These parameters are hard-coded for now. +set "arch=x64" & @rem "x86" or "x64" +set "cfg=Release" & @rem "Debug" or "Release" +set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" + +if not "%~1"=="" set "retarget=,PlatformToolset=%1" + +@rem If the %USERPROFILE%\Source directory exists, then running +@rem vcvarsall.bat will silently change the directory to that directory. +@rem Setting the VSCMD_START_DIR environment variable causes it to change +@rem to that directory instead. +set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010" + +"%vcvarsall%" x64 && ^ +msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5b70caa22..5ea1c35d1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -138,6 +138,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} + : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -203,6 +204,9 @@ General options: -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --append-outcome Append to the outcome file (if used). + --arm-none-eabi-gcc-prefix= + Prefix for a cross-compiler for arm-none-eabi + (default: "${ARM_NONE_EABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -295,9 +299,13 @@ armc6_build_test() { FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" + msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-xc -std=c99' make lib + + msg "size: ARM Compiler 6 ($FLAGS)" + "$ARMC6_FROMELF" -z library/*.o + make clean } @@ -335,6 +343,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in --append-outcome) append_outcome=1;; + --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -547,7 +556,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -562,9 +571,12 @@ pre_check_tools () { *_armcc*) ARMC5_CC="$ARMC5_BIN_DIR/armcc" ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" ARMC6_CC="$ARMC6_BIN_DIR/armclang" ARMC6_AR="$ARMC6_BIN_DIR/armar" - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ + "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac msg "info: output_env.sh" @@ -645,7 +657,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest + if_build_succeeded programs/test/selftest export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" unset SAVE_MBEDTLS_TEST_OUTCOME_FILE @@ -659,6 +671,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh @@ -678,6 +693,9 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (full config, ASan build)" if_build_succeeded tests/ssl-opt.sh @@ -909,26 +927,58 @@ component_test_full_cmake_clang () { if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } -component_build_deprecated () { - msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s +component_test_default_no_deprecated () { + # Test that removing the deprecated features from the default + # configuration leaves something consistent. + msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s + scripts/config.py set MBEDTLS_DEPRECATED_REMOVED + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s + make test +} + +component_test_full_no_deprecated () { + msg "build: make, full_no_deprecated config" # ~ 30s + scripts/config.py full_no_deprecated + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, full_no_deprecated config" # ~ 5s + make test +} + +component_test_full_no_deprecated_deprecated_warning () { + # Test that there is nothing deprecated in "full_no_deprecated". + # A deprecated feature would trigger a warning (made fatal) from + # MBEDTLS_DEPRECATED_WARNING. + msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s + scripts/config.py full_no_deprecated + scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED + scripts/config.py set MBEDTLS_DEPRECATED_WARNING + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s + make test +} + +component_test_full_deprecated_warning () { + # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes + # with only certain whitelisted types of warnings. + msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s scripts/config.py full scripts/config.py set MBEDTLS_DEPRECATED_WARNING - # Build with -O -Wextra to catch a maximum of issues. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + # Expect warnings from '#warning' directives in check_config.h. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs - msg "test: make, full config + DEPRECATED_WARNING, expect warnings" # ~ 30s - make -C tests clean - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -DMBEDTLS_TEST_DEPRECATED' tests + msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s + # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. + # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. + # Expect warnings from '#warning' directives in check_config.h and + # from the use of deprecated functions in test suites. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests - msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s - # No cleanup, just tweak the configuration and rebuild - make clean - scripts/config.py unset MBEDTLS_DEPRECATED_WARNING - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - # Build with -O -Wextra to catch a maximum of issues. - make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s + make test } # Check that the specified libraries exist and are empty. @@ -997,6 +1047,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1035,6 +1086,7 @@ component_test_check_params_without_platform () { scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_MEMORY + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -1064,6 +1116,7 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_FS_IO scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C @@ -1081,6 +1134,7 @@ component_build_no_std_function () { scripts/config.py full scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' } @@ -1270,6 +1324,7 @@ component_test_null_entropy () { scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.py set MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.py unset MBEDTLS_HAVEGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . @@ -1387,16 +1442,6 @@ component_test_se_default () { make test } -component_test_se_full () { - msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C - make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full config + MBEDTLS_PSA_CRYPTO_SE_C" - make test -} - component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check @@ -1415,7 +1460,7 @@ test_build_opt () { info=$1 cc=$2; shift 2 for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror" + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 @@ -1566,45 +1611,63 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.py baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o +} + +component_build_arm_none_eabi_gcc_m0plus () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s + scripts/config.py baremetal + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } component_build_armcc () { - msg "build: ARM Compiler 5, make" + msg "build: ARM Compiler 5" scripts/config.py baremetal - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + + msg "size: ARM Compiler 5" + "$ARMC5_FROMELF" -z library/*.o + make clean # ARM Compiler 6 - Target ARMv7-A diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index aca2f11fb..08c141052 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,10 +68,6 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -# Enable some deprecated or experimental features that are not in the -# full config, but are compatible with it and have tests. -scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 -scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C make -j diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 7474ac798..e8abd751e 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -103,7 +103,7 @@ class LineIssueTracker(FileIssueTracker): def is_windows_file(filepath): _root, ext = os.path.splitext(filepath) - return ext in ('.dsp', '.sln', '.vcxproj') + return ext in ('.bat', '.dsp', '.sln', '.vcxproj') class PermissionIssueTracker(FileIssueTracker): @@ -224,6 +224,7 @@ class IntegrityChecker: self.logger = None self.setup_logger(log_file) self.extensions_to_check = ( + ".bat", ".c", ".data", ".dsp", diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 9dde6c275..db65c0f24 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -551,7 +551,7 @@ int execute_tests( int argc , const char ** argv ) return( 1 ); } - if( outcome_file_name != NULL ) + if( outcome_file_name != NULL && *outcome_file_name != '\0' ) { outcome_file = fopen( outcome_file_name, "a" ); if( outcome_file == NULL ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 598675802..ff4cf2015 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -19,6 +19,12 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#if !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 1 // for fileno() from +#endif +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include #else diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 9f10a9043..d9ea44149 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/md.h" #include "string.h" typedef enum diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 0c2411b34..55c34266b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -6,14 +6,11 @@ register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS Register SE driver: good, again register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS -Register SE driver: invalid lifetime (0) +Register SE driver: invalid location (0) register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT -Register SE driver: invalid lifetime (VOLATILE) -register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT - -Register SE driver: invalid lifetime (PERSISTENT) -register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT +Register SE driver: invalid location (local) +register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT Register SE driver: invalid version (ancient) register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED @@ -121,7 +118,7 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS Key registration: invalid lifetime (volatile) register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT @@ -130,13 +127,13 @@ Key registration: invalid lifetime (internal storage) register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index b468d5e5c..f95f7e526 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -18,8 +18,14 @@ /* Test driver helpers */ /****************************************************************/ -/** The minimum valid lifetime value for a secure element driver. */ -#define MIN_DRIVER_LIFETIME 2 +/** The minimum valid location value for a secure element driver. */ +#define MIN_DRIVER_LOCATION 1 + +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) /** The driver detected a condition that shouldn't happen. * This is probably a bug in the library. */ @@ -547,7 +553,7 @@ static int check_key_attributes( psa_get_key_lifetime( &actual_attributes ); psa_status_t status = psa_get_key_slot_number( &actual_attributes, &actual_slot_number ); - if( lifetime < MIN_DRIVER_LIFETIME ) + if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION ) { /* The key is not in a secure element. */ TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); @@ -571,23 +577,23 @@ exit: return( ok ); } -/* Get the file UID corresponding to the specified lifetime. +/* Get the file UID corresponding to the specified location. * If this changes, the storage format version must change. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. */ -psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime ) +psa_storage_uid_t file_uid_for_location( psa_key_location_t location ) { - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( 0 ); - return( 0xfffffe00 + lifetime ); + return( 0xfffffe00 + location ); } /* Check that the persistent data of a driver has its expected content. */ -static int check_persistent_data( psa_key_lifetime_t lifetime, +static int check_persistent_data( psa_key_location_t location, const void *expected_data, size_t size ) { - psa_storage_uid_t uid = file_uid_for_lifetime( lifetime ); + psa_storage_uid_t uid = file_uid_for_location( location ); struct psa_storage_info_t info; uint8_t *loaded = NULL; int ok = 0; @@ -737,7 +743,7 @@ exit: static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -746,8 +752,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } /* END_HEADER */ @@ -758,7 +764,7 @@ static void psa_purge_storage( void ) */ /* BEGIN_CASE */ -void register_one( int lifetime, int version, int expected_status_arg ) +void register_one( int location, int version, int expected_status_arg ) { psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; @@ -766,7 +772,7 @@ void register_one( int lifetime, int version, int expected_status_arg ) memset( &driver, 0, sizeof( driver ) ); driver.hal_version = version; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_status ); PSA_ASSERT( psa_crypto_init( ) ); @@ -780,16 +786,16 @@ exit: void register_twice( int count ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + count; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_ALREADY_EXISTS ); PSA_ASSERT( psa_crypto_init( ) ); @@ -803,16 +809,16 @@ exit: void register_max( ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_INSUFFICIENT_MEMORY ); PSA_ASSERT( psa_crypto_init( ) ); @@ -827,7 +833,8 @@ void key_creation_import_export( int min_slot, int restart ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -846,7 +853,7 @@ void key_creation_import_export( int min_slot, int restart ) key_management.p_export = ram_export; ram_min_slot = min_slot; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -857,7 +864,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -866,9 +873,9 @@ void key_creation_import_export( int min_slot, int restart ) if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -894,7 +901,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -921,7 +928,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_status_t status; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -937,7 +945,7 @@ void key_creation_in_chosen_slot( int slot_arg, key_management.p_destroy = ram_destroy; key_management.p_export = ram_export; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -953,7 +961,7 @@ void key_creation_in_chosen_slot( int slot_arg, if( status != PSA_SUCCESS ) goto exit; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -962,9 +970,9 @@ void key_creation_in_chosen_slot( int slot_arg, if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -980,7 +988,7 @@ void key_creation_in_chosen_slot( int slot_arg, PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -1002,7 +1010,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1016,7 +1025,7 @@ void import_key_smoke( int type_arg, int alg_arg, key_management.p_import = null_import; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1031,7 +1040,7 @@ void import_key_smoke( int type_arg, int alg_arg, PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1041,9 +1050,9 @@ void import_key_smoke( int type_arg, int alg_arg, /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1053,7 +1062,7 @@ void import_key_smoke( int type_arg, int alg_arg, /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1073,7 +1082,8 @@ void generate_key_not_supported( int type_arg, int bits_arg ) size_t bits = bits_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1086,7 +1096,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) key_management.p_allocate = counter_allocate; /* No p_generate method */ - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1111,7 +1121,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1125,7 +1136,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) key_management.p_generate = null_generate; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1139,7 +1150,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1149,9 +1160,9 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1161,7 +1172,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1190,7 +1201,8 @@ void sign_verify( int flow, psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t drv_handle = 0; /* key managed by the driver */ psa_key_handle_t sw_handle = 0; /* transparent key */ @@ -1229,7 +1241,7 @@ void sign_verify( int flow, } asymmetric.p_verify = ram_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Prepare to create two keys with the same key material: a transparent @@ -1347,6 +1359,7 @@ void register_key_smoke_test( int lifetime_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; @@ -1371,7 +1384,7 @@ void register_key_smoke_test( int lifetime_arg, ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) ); + PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1395,7 +1408,7 @@ void register_key_smoke_test( int lifetime_arg, /* Restart and try again. */ PSA_DONE( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_open_key( id, &handle ) ); if( ! check_key_attributes( handle, &attributes ) ) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data index f60bd7602..23e035a41 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data @@ -1,11 +1,14 @@ SE init mock test: success -mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 +mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 SE init mock test: failure -mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 +mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 -SE init mock test: invalid lifetime -mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 +SE init mock test: invalid location (0) +mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 + +SE init mock test: location not supported (INT_MAX) +mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 SE key importing mock test mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 9f17b84f1..f6acb0727 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -5,10 +5,16 @@ #include "psa_crypto_se.h" #include "psa_crypto_storage.h" +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) + static struct { uint16_t called; - psa_key_lifetime_t lifetime; + psa_key_location_t location; psa_status_t return_value; } mock_init_data; @@ -84,7 +90,7 @@ static struct static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -93,8 +99,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } static void mock_teardown( void ) @@ -113,13 +119,13 @@ static void mock_teardown( void ) static psa_status_t mock_init( psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime ) + psa_key_location_t location ) { (void) drv_context; (void) persistent_data; mock_init_data.called++; - mock_init_data.lifetime = lifetime; + mock_init_data.location = location; return( mock_init_data.return_value ); } @@ -279,13 +285,13 @@ psa_status_t mock_destroy( psa_drv_se_context_t *context, */ /* BEGIN_CASE */ -void mock_init( int lifetime_arg, +void mock_init( int location_arg, int expected_register_status_arg, int driver_status_arg, int expected_psa_status_arg, int expected_called ) { - psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = location_arg; psa_status_t expected_register_status = expected_register_status_arg; psa_status_t driver_status = driver_status_arg; psa_status_t expected_psa_status = expected_psa_status_arg; @@ -297,7 +303,7 @@ void mock_init( int lifetime_arg, mock_init_data.return_value = driver_status; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_register_status ); psa_crypto_init_called = 1; @@ -305,7 +311,7 @@ void mock_init( int lifetime_arg, TEST_EQUAL( mock_init_data.called, expected_called ); if( expected_called ) - TEST_EQUAL( mock_init_data.lifetime, lifetime ); + TEST_EQUAL( mock_init_data.location, location ); exit: if( psa_crypto_init_called ) @@ -322,7 +328,8 @@ void mock_import( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -339,7 +346,7 @@ void mock_import( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -378,7 +385,8 @@ void mock_export( int mock_export_return_value, int expected_result ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -397,7 +405,7 @@ void mock_export( int mock_export_return_value, int expected_result ) key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -431,7 +439,8 @@ void mock_generate( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -446,7 +455,7 @@ void mock_generate( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -485,7 +494,8 @@ void mock_export_public( int mock_export_public_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -503,7 +513,7 @@ void mock_export_public( int mock_export_public_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -534,7 +544,8 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -559,7 +570,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_sign = mock_sign; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -594,7 +605,8 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -618,7 +630,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_verify = mock_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7012e8e36..23a9932d8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -176,7 +176,7 @@ x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial X509 certificate v1 with extension depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C -x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n" +x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n \n" X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C @@ -1563,7 +1563,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed) @@ -1583,13 +1583,21 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3) +depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3) +depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CRT ASN1 (TBS, inv v3Ext, inv tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG @@ -1838,12 +1846,24 @@ X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) +X509 CRT (TBS, valid v3Ext in v1 CRT, ALLOW_EXTENSIONS_NON_V3) +depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 + +X509 CRT (TBS, valid v3Ext in v2 CRT, ALLOW_EXTENSIONS_NON_V3) +depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 2\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 + +X509 CRT (TBS, valid v3Ext in v3 CRT) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 + +X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) +depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)