Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925

Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in c9f4040f7f in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.
2026-05-11 14:38:17 +02:00 · 2023-09-25 16:16:26 +02:00
parent 76059e5ef8 87fe99627f
commit ca1e605b9c
201 changed files with 5318 additions and 2759 deletions
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -25,6 +25,8 @@

 #include "test/drivers/aead.h"

+#include "mbedtls/constant_time.h"
+
 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
 #include "libtestdriver1/library/psa_crypto_aead.h"
 #endif
@@ -431,7 +433,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(

        if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
            if (tag_length != check_tag_length ||
-                mbedtls_psa_safer_memcmp(tag, check_tag, tag_length)
+                mbedtls_ct_memcmp(tag, check_tag, tag_length)
                != 0) {
                mbedtls_test_driver_aead_hooks.driver_status =
                    PSA_ERROR_INVALID_SIGNATURE;
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -149,6 +149,17 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
    }
 }

+uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
+{
+    uint64_t result = 0;
+    TEST_LE_U(bin_string->len, 8);
+    for (size_t i = 0; i < bin_string->len; i++) {
+        result = result << 8 | bin_string->x[i];
+    }
+exit:
+    return result; /* returns 0 if len > 8 */
+}
+
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)

 #include <mbedtls/entropy.h>
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -437,6 +437,17 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
        PSA_ASSERT(psa_key_derivation_input_bytes(operation,
                                                  PSA_KEY_DERIVATION_INPUT_LABEL,
                                                  input2, input2_length));
+    } else if (PSA_ALG_IS_PBKDF2(alg)) {
+        PSA_ASSERT(psa_key_derivation_input_integer(operation,
+                                                    PSA_KEY_DERIVATION_INPUT_COST,
+                                                    1U));
+        PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+                                                  PSA_KEY_DERIVATION_INPUT_SALT,
+                                                  input2,
+                                                  input2_length));
+        PSA_ASSERT(psa_key_derivation_input_key(operation,
+                                                PSA_KEY_DERIVATION_INPUT_PASSWORD,
+                                                key));
    } else {
        TEST_FAIL("Key derivation algorithm not supported");
    }