MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.
Signed-off-by: Daniel Axtens <dja@axtens.net>
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.
Signed-off-by: Daniel Axtens <dja@axtens.net>
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Make it safe to import the config multiple times without having
multiple definition errors.
(This prevents errors in the fuzzers in a later patch.)
Signed-off-by: Daniel Axtens <dja@axtens.net>
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is reflected there.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit changes name of check_iv to
iv_len_vlaidity as this seems to better describe
its functionality.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
None of these options had any impact on the generated output.
Checked after turning off the HTML_TIMESTAMP option
and running sha256sum <(find . -type f -exec sha256sum {} \; | sort) in
the apidoc directory.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM.
GCM and CCM need the cipher module.
ChaChaPoly needs ChaCha20 and Poly1305.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We had this check in the non-PSA case, but it was missing in the PSA
case.
Backport of 141be6cc7faeb68296625670b851670542481ab6 with just the
error code change to adapt to 2.28.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>