Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution: * `scripts/config.pl`: Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch. Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from the development branch. * `tests/scripts/all.sh`: Multiple instances of factoring a sequence of `config.pl` calls into a mere `config.pl baremetal` in the development branch, and a change in the composition of `baremetal` in the API branch. In each case, take the version from development. * `tests/suites/test_suite_psa_crypto_slot_management.function`: A function became non-static in development and disappeared in the API branch. Keep the version from the API branch. Functions need to be non-static if they're defined but unused in some configurations, which is not the case for any function in this file at the moment. * `tests/suites/test_suite_psa_crypto.function`: Consecutive changes in the two branches, reconciled.
This commit is contained in:
Gilles Peskine
commit
72c8c5b352
183 changed files with 1195 additions and 927 deletions
|
|
@ -277,28 +277,52 @@
|
|||
* For example, when a function accepts as input a pointer to a buffer that may
|
||||
* contain untrusted data, and its documentation mentions that this pointer
|
||||
* must not be NULL:
|
||||
* - the pointer is checked to be non-NULL only if this option is enabled
|
||||
* - the content of the buffer is always validated
|
||||
* - The pointer is checked to be non-NULL only if this option is enabled.
|
||||
* - The content of the buffer is always validated.
|
||||
*
|
||||
* When this flag is defined, if a library function receives a parameter that
|
||||
* is invalid, it will:
|
||||
* - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
|
||||
* call to the function mbedtls_param_failed()
|
||||
* - immediately return (with a specific error code unless the function
|
||||
* returns void and can't communicate an error).
|
||||
* is invalid:
|
||||
* 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
|
||||
* 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
|
||||
* will immediately return. If the function returns an Mbed TLS error code,
|
||||
* the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
|
||||
*
|
||||
* When defining this flag, you also need to:
|
||||
* - either provide a definition of the function mbedtls_param_failed() in
|
||||
* your application (see platform_util.h for its prototype) as the library
|
||||
* calls that function, but does not provide a default definition for it,
|
||||
* - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
|
||||
* below if the above mechanism is not flexible enough to suit your needs.
|
||||
* See the documentation of this macro later in this file.
|
||||
* When defining this flag, you also need to arrange a definition for
|
||||
* MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
|
||||
* - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
|
||||
* function mbedtls_param_failed(), but the library does not define this
|
||||
* function. If you do not make any other arrangements, you must provide
|
||||
* the function mbedtls_param_failed() in your application.
|
||||
* See `platform_util.h` for its prototype.
|
||||
* - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
|
||||
* library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
|
||||
* You can still supply an alternative definition of
|
||||
* MBEDTLS_PARAM_FAILED(), which may call `assert`.
|
||||
* - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
|
||||
* or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
|
||||
* the library will call the macro that you defined and will not supply
|
||||
* its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
|
||||
* you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
|
||||
* files include `<assert.h>`.
|
||||
*
|
||||
* Uncomment to enable validation of application-controlled parameters.
|
||||
*/
|
||||
//#define MBEDTLS_CHECK_PARAMS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CHECK_PARAMS_ASSERT
|
||||
*
|
||||
* Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
|
||||
* `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
|
||||
*
|
||||
* If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
|
||||
* calling a function mbedtls_param_failed(). See the documentation of
|
||||
* #MBEDTLS_CHECK_PARAMS for details.
|
||||
*
|
||||
* Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
|
||||
*/
|
||||
//#define MBEDTLS_CHECK_PARAMS_ASSERT
|
||||
|
||||
/* \} name SECTION: System support */
|
||||
|
||||
/**
|
||||
|
|
@ -1007,18 +1031,27 @@
|
|||
/**
|
||||
* \def MBEDTLS_USE_PSA_CRYPTO
|
||||
*
|
||||
* Make the X.509 and TLS library use PSA for cryptographic operations, see
|
||||
* #MBEDTLS_PSA_CRYPTO_C.
|
||||
* Make the X.509 and TLS library use PSA for cryptographic operations, and
|
||||
* enable new APIs for using keys handled by PSA Crypto.
|
||||
*
|
||||
* Note: this option is still in progress, the full X.509 and TLS modules are
|
||||
* not covered yet, but parts that are not ported to PSA yet will still work
|
||||
* as usual, so enabling this option should not break backwards compatibility.
|
||||
* \note Development of this option is currently in progress, and parts of Mbed
|
||||
* TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
|
||||
* will still continue to work as usual, so enabling this option should not
|
||||
* break backwards compatibility.
|
||||
*
|
||||
* \warning Support for PSA is still an experimental feature.
|
||||
* Any public API that depends on this option may change
|
||||
* at any time until this warning is removed.
|
||||
* \warning Support for PSA is still an experimental feature.
|
||||
* Any public API that depends on this option may change
|
||||
* at any time until this warning is removed.
|
||||
*
|
||||
* \warning This option enables new Mbed TLS APIs that are dependent on the
|
||||
* PSA Crypto API, so can't come with the same stability guarantees as the
|
||||
* rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
|
||||
* now, access to these APIs is opt-in (via enabling the present option), in
|
||||
* order to clearly differentiate them from the stable Mbed TLS APIs.
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
||||
*
|
||||
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
|
||||
*/
|
||||
//#define MBEDTLS_USE_PSA_CRYPTO
|
||||
|
||||
|
|
@ -1702,6 +1735,10 @@
|
|||
*
|
||||
* Enable the Platform Security Architecture cryptography API.
|
||||
*
|
||||
* \warning The PSA Crypto API is still beta status. While you're welcome to
|
||||
* experiment using it, incompatible API changes are still possible, and some
|
||||
* parts may not have reached the same quality as the rest of Mbed TLS yet.
|
||||
*
|
||||
* Module: library/psa_crypto.c
|
||||
*
|
||||
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
|
||||
|
|
@ -1966,6 +2003,42 @@
|
|||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
|
||||
/**
|
||||
* \brief This macro is invoked by the library when an invalid parameter
|
||||
* is detected that is only checked with #MBEDTLS_CHECK_PARAMS
|
||||
* (see the documentation of that option for context).
|
||||
*
|
||||
* When you leave this undefined here, the library provides
|
||||
* a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
|
||||
* is defined, the default definition is `assert(cond)`,
|
||||
* otherwise the default definition calls a function
|
||||
* mbedtls_param_failed(). This function is declared in
|
||||
* `platform_util.h` for the benefit of the library, but
|
||||
* you need to define in your application.
|
||||
*
|
||||
* When you define this here, this replaces the default
|
||||
* definition in platform_util.h (which no longer declares the
|
||||
* function mbedtls_param_failed()) and it is your responsibility
|
||||
* to make sure this macro expands to something suitable (in
|
||||
* particular, that all the necessary declarations are visible
|
||||
* from within the library - you can ensure that by providing
|
||||
* them in this file next to the macro definition).
|
||||
* If you define this macro to call `assert`, also define
|
||||
* #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
|
||||
* include `<assert.h>`.
|
||||
*
|
||||
* Note that you may define this macro to expand to nothing, in
|
||||
* which case you don't have to worry about declarations or
|
||||
* definitions. However, you will then be notified about invalid
|
||||
* parameters only in non-void functions, and void function will
|
||||
* just silently return early on invalid parameters, which
|
||||
* partially negates the benefits of enabling
|
||||
* #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
|
||||
*
|
||||
* \param cond The expression that should evaluate to true, but doesn't.
|
||||
*/
|
||||
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||
|
|
@ -2016,6 +2089,6 @@
|
|||
#include MBEDTLS_USER_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "check_config.h"
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue