Namespace BEFORE_COLON and BC defines by prepending MBEDTLS_
and expanding BC to BEFORE_COLON_STR. This is to avoid naming
conflicts with third-party code. No functional change.
Signed-off-by: Stefan Gloor <stefan.gloor@siemens.com>
BEFORE_COLON and BC defines with the accompanying comment are only
required in x509_crt and x509_csr, but not used in x509_crl.c.
Signed-off-by: Stefan Gloor <stefan.gloor@siemens.com>
Don't call a macro that does `goto exit` on failure after the `exit:` label:
that would cause an infinite loop if something does go wrong.
Generally, cleanup functions don't error out, so it is unlikely to be a
problem in practice. If an error does happen during cleanup, it's probably
due to memory corruption caused by a bug that happened earlier, and that is
likely to have been detected in an earlier function. So we don't really need
to assert the return code of functions called during cleanup, and normally
we don't. Only a few places did so, wrongly.
I found the problematic places with
```
ag 'exit:[^}]*(PSA_ASSERT|TEST_ASSERT|TEST_EQUAL)' tests/suites/*.function
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In a PAKE operation that has been initialized with `PSA_PAKE_OPERATION_INIT`
or `psa_pake_operation_init()`, the content of the driver-specific part is
indeterminate. It is actually all-bits-zero on most platforms, but not all,
e.g. not with GCC 15 or CompCert. So don't assert anything about it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This directory is currently excluded from `check-python-files.sh`, because
we run it on the CI in an old Python version that doesn't support some of
our new maintainer scripts.
There are no such scripts in mbedtls for now (only in TF-PSA-Crypto), but be
ready if we want to add some.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When initializing a PAKE operation structure, use an
auxiliary function that doesn't initialize union members to all-bits-zero.
Context: on most compilers, initializing a union to `{0}` initializes it to
all bits zero; but on some compilers, the trailing part of members other
than the first is left uninitialized. This way, we can run the tests on any
platform and validate that the code would work correctly on platforms where
union initialization is short, such as GCC 15.
This commit extends 93dd99571b to
`test_suite_psa_crypto_pake.function`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a couple of missing ifdefs to avoid having unreachable code with
AT_LEAST_ONE_BUILTIN_KDF not defined, which otherwise causes a build
warning with clang.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
commit 4ac4008fa0 ("Access
ssl->hostname through abstractions in certificate verification").
Due to this an unused function warning can occur if neither SNI nor
handshake is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Move a bunch of files from `scripts` and `mbedtls/scripts` to the framework.
Most are not called from any scripts invoked by the CI, but a couple are.
A subsequent commit will adapt the scripts. None of these scripts are
referenced from other repositories except in documentation.
The following files will be removed, and added to `mbedtls-framework`:
* `scripts/ecp_comb_table.py`
* `scripts/massif_max.pl`
* `tests/scripts/audit-validity-dates.py` (moved to `scripts/`)
* `tests/scripts/gen_ctr_drbg.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_decrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_encrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_pkcs1_v21_sign_verify.pl` (moved to `scripts/`)
* `tests/scripts/generate-afl-tests.sh` (moved to `scripts/`)
* `tests/scripts/generate_server9_bad_saltlen.py` (moved to `scripts/`)
* `tests/scripts/run-metatests.sh` (moved to `scripts/`)
* `tests/scripts/run_demos.py` (moved to `scripts/`)
* `tests/scripts/test_config_script.py` (moved to `scripts/`)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
For each received ClientHello fragment, check
that its epoch is zero and update the
record-level sequence number.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
