CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.
Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.
Also suppress macro redefinition warning for intsafe.h:
Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In case of an out-of-tree build with the CMake build
system the path to crypto_config.h has to be defined
as the path to mbedtls_config.h. Add this possibility
tp generate_query_config.pl.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
They're included by build_info.h and must not be included directly.
Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).
We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change the hash data to not include the null byte used to terminate
the string. Pass sizeof() - 1 to the hash operation API functions
so that the null byte can be ignored.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Restructure the start of the program to make it
clear to a user exactly what this program is for.
Add a comment for additional clarity.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Change wording from "failed" since this implied the
function had returned an error status instead of
producing the wrong result.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Remove the mbedtls and psa prefixes from variable
names in order to make clearer what is part of
the API and what is just part of the demo program.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Replace MBEDTLS_SHA256_C for PSA_WANT_ALG_SHA_256
everywhere, including comments and print statements.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Demo scripts should declare their build-time dependencies, to make
them more user-friendly. If a dependency is not met, users should see
an explicit message rather than an incomprehensible error.
Don't rely on the dependencies of individual programs because some
demo scripts use multiple programs and because some scripts might have
additional requirements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The new file programs/demo_common.sh contains initialization code,
utility functions and cleanup code meant to be used by all demo
scripts written in sh.
Initial features:
* msg: Display a message.
* run, run_bad: Run a command, visibly.
* $root_dir, $programs_dir: location of the mbedtls source tree.
* $files_to_clean: files that are cleaned up on exit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define HALH_ALG to the desired PSA algorithm
to demostrate the ease of swapping algorithms
with the PSA API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This PR was originally created before the code
style was changed. This commit updates the style.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit adds the example program for PSA
hash as well as the relevant changes to
CMakeLists.txt and the Makefile.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)
Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
All options have reasonable default so the programs don't need arguments
to do something useful.
It is widely accepted for programs that can work without arguments need
not insist on the user passing arguments, see 'ls', 'wc', 'sort', 'more'
and any number of POSIX utilities that all work without arguments.
It is also the historical behaviour of those programs, and something
relied one by at least a few team members.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
crypt_and_hash decryption fails when used with a stream cipher
mode of operation due to the input not being multiple of block
size, this only applies to block cipher modes and not stream
ciphers.This change exempts CTR, CFB & OFB modes from this check.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This will be used for comparison in unit tests.
Add a possibility to write certificates with SAN
in cert_write.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
We don't commit *.o files anywhere, not even as test data. So ignore them
everywhere.
This resolves *.o files not being ignored under 3rdparty/p256-m.
Also remove a redundant ignore of *.exe in a subdirectory.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The fuzz programs were returning a nonzero status if they failed to load the
reproducer, but that's discreet and not informative. Make them also print an
error message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Allow demo scripts to be run from the build directory for out-of-tree
builds.
If the executable is not found in the source tree then search in the
current directory in case the script is being run from a build
directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:
git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'
and I think all the files listed fall into one of the following
acceptable categories:
- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
suites
- two example programs using a low-level hash API: hash/hello.c,
pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
implementations
- a function in test_suite_psa_crypto_storage_format that is
specifically for checking if the hash is built in.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712, this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
The following code:
#ifndef asm
#define asm __asm
#endif
causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.
Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
