Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This program can be used to validate that things that should be detected as
test failures are indeed caught, either by setting the test result to
MBEDTLS_TEST_RESULT_FAILED or by aborting the program.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.
Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.
Also suppress macro redefinition warning for intsafe.h:
Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In case of an out-of-tree build with the CMake build
system the path to crypto_config.h has to be defined
as the path to mbedtls_config.h. Add this possibility
tp generate_query_config.pl.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
They're included by build_info.h and must not be included directly.
Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).
We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change the hash data to not include the null byte used to terminate
the string. Pass sizeof() - 1 to the hash operation API functions
so that the null byte can be ignored.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Restructure the start of the program to make it
clear to a user exactly what this program is for.
Add a comment for additional clarity.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Change wording from "failed" since this implied the
function had returned an error status instead of
producing the wrong result.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Remove the mbedtls and psa prefixes from variable
names in order to make clearer what is part of
the API and what is just part of the demo program.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Replace MBEDTLS_SHA256_C for PSA_WANT_ALG_SHA_256
everywhere, including comments and print statements.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Demo scripts should declare their build-time dependencies, to make
them more user-friendly. If a dependency is not met, users should see
an explicit message rather than an incomprehensible error.
Don't rely on the dependencies of individual programs because some
demo scripts use multiple programs and because some scripts might have
additional requirements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The new file programs/demo_common.sh contains initialization code,
utility functions and cleanup code meant to be used by all demo
scripts written in sh.
Initial features:
* msg: Display a message.
* run, run_bad: Run a command, visibly.
* $root_dir, $programs_dir: location of the mbedtls source tree.
* $files_to_clean: files that are cleaned up on exit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define HALH_ALG to the desired PSA algorithm
to demostrate the ease of swapping algorithms
with the PSA API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This PR was originally created before the code
style was changed. This commit updates the style.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit adds the example program for PSA
hash as well as the relevant changes to
CMakeLists.txt and the Makefile.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)
Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
All options have reasonable default so the programs don't need arguments
to do something useful.
It is widely accepted for programs that can work without arguments need
not insist on the user passing arguments, see 'ls', 'wc', 'sort', 'more'
and any number of POSIX utilities that all work without arguments.
It is also the historical behaviour of those programs, and something
relied one by at least a few team members.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
