Most of the documentation and some of the function names use
"asymmetric", so use "asymmetric" everywhere. Mention "public-key" in
key places to make the relevant functions easy to find if someone is
looking for that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.
Without this change, dual world platforms get error messages like the
following.
[Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)
Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.
Fixes#3300
Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Clear bits in mbedtls_ecc_group_to_psa() to avoid static analyzers and
possibly compilers from warning that bits may be used uninitialized in
certain code paths.
For example, if mbedtls_ecc_group_to_psa() were to be inlined in
crypto_extra.h, the following compiler warning is likely.
In file included from ../include/psa/crypto.h:3774:0,
from ../include/mbedtls/pk.h:49,
from pk.c:29:
pk.c: In function 'mbedtls_pk_wrap_as_opaque':
../include/psa/crypto_struct.h:460:33: error: 'bits' may be used uninitialized in this function [-Werror=maybe-uninitialized]
attributes->core.bits = (psa_key_bits_t) bits;
^~~~~~~~~~~~~~~~~~~~~
pk.c:608:12: note: 'bits' was declared here
size_t bits;
^~~~
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a
handy point of comparison for code size. Put that one last so that
it's easy to find in the log.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Travis Windows machines currently don't have Python 3 preinstalled.
We need it to run scripts/generate_psa_constants.py which is needed
to build mbedTLS.sln.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only the Visual Studio 2017 toolset is currently preinstalled on Travis.
Use this, instead of our solution's default which is VS 2010.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Travis now offers a Windows environment. Do a build with Visual
Studio. This brings diversity into the Travis CI which otherwise only
uses GCC and Clang.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Keep it simple and mostly non-parametrizable for now.
A path to Visual Studio 2017 is hard-coded.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Just do the default build with Clang and run the unit tests. The
objective is to have one build on a Unix-like platform other than
Linux.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a baremetal build to Travis, to catch inadvertent dependencies on
platform functions.
The exact choice of target platform doesn't matter for this purpose.
Pick one that's present in all.sh, that uses a compiler that's
available in the Travis build environment (Ubuntu 16.04), and that
happens to be close to the Debian "armel" distribution.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Call all.sh to run all the available test_depends_* components. This
adds a run of depends-hashes.pl and depends-pkgalgs.pl.
Keep invoking test-ref-configs.pl rather than via all.sh so that it
doesn't run with ASan. This saves some time and ASan there doesn't
turn up much more than in the full config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some jobs don't actually test against GnuTLS, but all.sh checks its
presence in all test jobs, so it needs to be installed regardless.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
For the one long job with ASan, use the full configuration.
We get more coverage this way, at the cost of a slightly longer
runtime which we can afford since the "enumerated configurations" job
is slower.
Add a default-configuration build to the "basic checks" job. This job
is fairly quick (no ASan, no SSL testing).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way anything we change in all.sh, such as adding tests for
programs/*/*, will be reflected here.
The build now uses GCC instead of Clang, which doesn't make much
difference in practice. The build now enables ASan and UBSan.
The tests now run compat.sh and ssl-opt.sh fully.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Different releases have different sets of sanity checks. Keep the list
in one place, namely all.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Declare an explicit Python version. Pick 3.5 which is the default
version on Ubuntu 16.04. This is necessary on Travis to have a working
pip for Python 3.
Install Pylint 2.4.4. There's nothing special about this version, it's
just the latest version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Split the build between:
* Basic checks
* A build in the default configuration with extensive tests
* Builds in other configurations with less testing
The intent is to have one shorter job with basic tests, and two longer
jobs that take roughly the same amount of time (split as evenly as
possible while keeping an easy-to-understand separation).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In practice, we hardly ever get different outcomes, so there is no
gain in running tests with different compilers.
Experimentally, with the builds and tests we currently do and with the
compiler versions on a Travis Ubuntu 16.04, gcc jobs are significantly
faster than clang jobs (13 min vs 24 min). So use gcc.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible to use a compiler that isn't in $PATH, or that's
installed with a different name, or even a compiler for a different
target such as arm-linux-gnueabi.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Almost everything the selftest program does is in the test suites. But
just in case run the selftest program itself once in the full
configuration, and once in the default configuration with ASan, in
addition to running it out of box.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This routine is functionally equivalent to mbedtls_x509_crt_parse_der(),
but it accepts an additional callback function which it calls with
every unsupported certificate extension.
Proposed solution to https://github.com/ARMmbed/mbedtls/issues/3241
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
getaddrinfo() is not available on win2k. By including wspiapi.h (if
_WIN32_WINNT is defined as value < 0x0501) then a compatibility layer
will be used when running on win2k. For more details, refer to Microsoft
docs for getaddrinfo().
Signed-off-by: opatomic <j@opatomic.com>
ecp_double_add_mxz wrongly does an MPI addition followed by a call to
MOD_MUL instead of MOD_ADD. This is more visible since the
mbedtls_mpi_xxx_mod functions have been added in commit 3b3b34f608
("Replace some macros by functions").
Fix that by using mbedtls_mpi_add_mod instead. The testsuite still
passes after that change.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>