The link to the DRBG paper points to the March 2007 version, the same as the
original link (rather than the latest version).
The amended Rijndael paper has a two-page "Note on naming" prefix.
Fixes#7193
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Those test cases aren't actually executed due to another typo which is
beyond the scope of this commit and will be resolved in
https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
"tests/data_files/test-ca.key" is now encrypted using AES instead of DES.
Update test dependencies accordingly. This fixes `depends.py cipher_id`.
This is a partial cherry-pick of 1a4cc5e92c
(done manually because the context on the same line is different).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is no longer needed as make.bat has been removed. We do not support
building the documentation on Windows.
This reverts commit d50daedcca.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Building the docs on Windows is not supported in any case, as the apidoc
target in the main Makefile will not run on Windows.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Include the make apidoc and breathe-apidoc steps in the documentation
Makefile for ease of use. In this way, depart from the Makefile
generated automatically by Sphinx.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Regenerate the requirements.txt with Exhale removed and also with Python
3.9 instead of 3.8, for parity with Read The Docs.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Sphinx's breathe plugin cannot readily parse the Mbed TLS macros, so
define the less essential ones away at the doxygen step to reduce the
number of warnings.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We duplicated ecp.c in the anticipation of heavy refactoring there. This
work has been suspended and the duplication is not useful anymore but
imposes an overhead.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We normally don't mention test updates in the changelog, but this one
explains why we're making a patch release.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
After upgrading certificates, some parsing unit tests are failing because
the new certificates have a different expiry date, by design. Switch those
test cases to using the moved copy of the old data (as we did in a more
systematic way in the development branch).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Copy updated test certificates and related data (keys, CSR, etc.) from
development. This replaces certificates that will expire on 2023-09-07,
causing the unit tests to fail. This also adds new data files that are not
used, and moves some files.
The replacement data is good until 2023-12-31.
The update causes some parsing unit tests to fail because the new
certificates have a different expiry date. This will be fixed in a
subsequent commit.
```
git checkout dc2d7cce02 -- tests/data_files tests/src/test_certs.h tests/src/certs.c
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In ecp_new.c mbedtls_ecp_read_key did only check Weierstrass keys. The
behaviour in ecp.c was correct.
This bug has no immediate security impact. (The code with the missing
check wasn't released and we are checking keys at later point.)
After this change ecp.c and ecp_new.c will have a single remaining
difference and unifying them will be more straightforward.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We would like to de-duplicate ecp.c, but ecp_curves.c remains duplicated
and we still want to test for the active variant.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The EXCLUDE_FROM_FULL list in config.py should be, and used to be, but
no longer is, in alphabetical order, and with a comma on the last
element.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Use the standard "experimental" word in the description and make the
wording more similar to other experimental warnings.
Signed-off-by: Janos Follath <janos.follath@arm.com>
By default, the full configuration enables all options. But we
specifically don't want to enable MBEDTLS_ECP_WITH_MPI_UINT except where
it's done explicitly, because it disables the old ecp. So it needs to be
added to the exceptions in config.py (EXCLUDE_FROM_FULL).
Signed-off-by: Janos Follath <janos.follath@arm.com>
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
