* development: (87 commits)
entropy: Adjust parameter type of internal function to avoid a cast
entropy: Avoid arithmetic on void pointer
add comment about potential future extension
Adjust comments about SEED synchronisation
entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper
test_suite_x509parse.function improvement
Pass "certificate policies" extension to callback
Update iv and len context pointers manually when reallocating buffers
Add Apache-2.0 headers to all source files
Remove Dangerous Parameter Passing
Add Apache-2.0 headers to all scripts
Add missing copyright dates to scripts and sources
Show failure in ssl-opts.sh when key export fails
Add changelog entry
tests: Reformating due to rnd_* renaming
tests: Add mbedtls_test_ prefix to rnd_* symbols
tests: Reformating due to hexcmp() renaming
tests: Add mbedtls_test_ prefix to hexcmp()
tests: Reformating due to unhexify_alloc() renaming
tests: Add mbedtls_test_ prefix to unhexify_alloc()
...
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
These fields might be shifted accordingly in `ssl_parse_record_header()`
when receiving a connection with CID, so they require a manual update
after calling the generic `mbedtls_ssl_reset_in_out_pointers()`.
This commit also adds a regression test which is run by all.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit uses the previously defined macro to uniformize
bounds checks in several places. It also adds bounds checks to
the ClientHello writing function that were previously missing.
Also, the functions adding extensions to the ClientHello message
can now fail if the buffer is too small or a different error
condition occurs, and moreover they take an additional buffer
end parameter to free them from the assumption that one is
writing to the default output buffer.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Convert all text files to Unix line endings unless they're Windows
stuff.
Make sure that all text files have a trailing newline.
Remove whitespace at the end of lines.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.
Without this change, dual world platforms get error messages like the
following.
[Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)
Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.
Fixes#3300
Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>