This is harmless, but we might as well remove the unreachable line. If we
ever add a break to the loop and we don't think of changing the surrounding
code, it would make more sense not to set exit_code to SUCCESS.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.
Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document the return value of mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw().
Document that mbedtls_ecdsa_raw_to_der() has undefined behavior when the
output buffer parameter is null, even with a size of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use TEST_CALLOC instead of a fixed-size buffer, so that Asan/Valgrind builds
will detect a buffer overflow.
Honor output_size regardless of the value of the number.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that dtls_server doesn't print "error" when it receives stray messages
while it's waiting for a second handshake, have the tests fail if "error" is
printed for some other reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.
Fixes#9652.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Copy of mbedtls top CMakeLists.txt file.
The TF-PSA-Crypto top CMakeList.txt file
will be derived from that file to outline
what is common and what is different
between the two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move library options to the top CMakeLists.txt.
That way:
- we will be able to set the TF-PSA-Crypto
library options according to the Mbed TLS ones.
- we can define the crypto library target names
in the top CMakeLists.txt and not in the library
one that is dedicated to the TLS and x509
libraries now.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove dependency on mbedtls_test_helpers
to build the crypto test suites.
mbedtls_test_helpers is TLS specific.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename MBEDTLS_PSA_CRYPTO_(USER_)CONFIG_FILE to
TF_PSA_CRYPTO_(USER_)CONFIG_FILE as we rename
crypto_config.h to tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-organize "Mbed TLS modules" and "Module configuration options"
into "X.509 feature selection" and "TLS feature selection" for
better alignment with tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-order mbedtls_config.h sections for
the order to be more aligned with the
tf_psa_crypto_config.h one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
