The only occurrences found by git grep were the definitions and the
comment saying these are kept for backwards compatibility.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Don't interleave defining functions with running some code.
The only exception is calling shopt, which needs to come first as it
affects how the following function definitions are parsed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit fixes failing psasim tests by ensuring that
MBEDTLS_VERSION_C is defined before attempting to access version
information.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit improves support for submodules within code_style.py. A new
function get_submodule_hash retrieves the submodule hash at the time of
a commit allowing an appropriate diff to be seen.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This is harmless, but we might as well remove the unreachable line. If we
ever add a break to the loop and we don't think of changing the surrounding
code, it would make more sense not to set exit_code to SUCCESS.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.
Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document the return value of mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw().
Document that mbedtls_ecdsa_raw_to_der() has undefined behavior when the
output buffer parameter is null, even with a size of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use TEST_CALLOC instead of a fixed-size buffer, so that Asan/Valgrind builds
will detect a buffer overflow.
Honor output_size regardless of the value of the number.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit moves version.h back into /include/mbedtls from
tf-psa-crypto/drivers/builtin/include. This commit also changes the
necessary build files and scripts to generate version_features.c
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Place the code of outcome analysis (auxiliary functions, tasks, command line
entry point) into a separate module, which will be moved to the
version-independent framework repository so that it can be shared between
maintained branches. Keep the branch-specific list of driver components and
ignore lists in the per-repository script.
We keep the executable script at `tests/scripts/analyze_outcomes.py`. It's
simpler that way, because that path is hard-coded in CI scripts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Always have tasks_list be a list, not potentially some fancier iterable.
Bypass mypy's somewhat legitimate complaint about REFERENCE and DRIVER in
task_class: they could potentially be instance attributes, but we rely on
them being class attributes. Python does normally guarantee their existence
as class attributes (unless a derived class explicitly deletes them), but
they could be overridden by an instance attribute; that's just something
we don't do, so the class attribute's value is legitimate. We can't
expect mypy to know that, so work around its complaint.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use different names for task name, a task class and a task instance. The
interpreter doesn't care, but it's less confusing for both humans and type
checkers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The ignore list for coverage only has two test cases out of ~10000 that are
currently reported as not executed. This is a drop in the sea and not
useful. Remove them so that the class can be used generically. A follow-up
will construct a comprehensive ignore list.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the test case collection code out of check_test_cases.py and into its
own module. This allows outcome analysis to depend only on the new module
and not on check_test_cases.py.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that dtls_server doesn't print "error" when it receives stray messages
while it's waiting for a second handshake, have the tests fail if "error" is
printed for some other reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.
Fixes#9652.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
