eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/development' into development_new

Browse source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
This commit is contained in:
Dave Rodgman 2021-04-07 16:31:09 +01:00
commit 73e3e2cb1a
217 changed files with 23474 additions and 8202 deletions
Download patch file Download diff file Expand all files Collapse all files

154
programs/ssl/ssl_test_lib.h
View file

@ -43,20 +43,33 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_NET_C) || \
#undef HAVE_RNG
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
( defined(MBEDTLS_USE_PSA_CRYPTO) || \
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
#define HAVE_RNG
#endif
#if !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_SSL_TLS_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
"MBEDTLS_CTR_DRBG_C and/or " \
"MBEDTLS_ENTROPY_C and/or " \
"MBEDTLS_NET_C and/or " \
"MBEDTLS_SSL_TLS_C not defined, " \
"and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n"
#elif !defined(HAVE_RNG)
#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
"No random generator is available.\n"
#else
#undef MBEDTLS_SSL_TEST_IMPOSSIBLE
#undef HAVE_RNG
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -65,6 +78,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
@ -72,7 +86,7 @@
#include "mbedtls/base64.h"
#include "test/certs.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#endif
@ -126,7 +140,101 @@ void my_debug( void *ctx, int level,
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
int dummy_entropy( void *data, unsigned char *output, size_t len );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
* mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
*
* The constraints are:
* - Without the entropy module, the PSA RNG is the only option.
* - Without at least one of the DRBG modules, the PSA RNG is the only option.
* - The PSA RNG does not support explicit seeding, so it is incompatible with
* the reproducible mode used by test programs.
* - For good overall test coverage, there should be at least one configuration
* where the test programs use the PSA RNG while the PSA RNG is itself based
* on entropy+DRBG, and at least one configuration where the test programs
* do not use the PSA RNG even though it's there.
*
* A simple choice that meets the constraints is to use the PSA RNG whenever
* MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
* choice to use the PSA RNG in the test programs and the choice to use
* PSA crypto when TLS code needs crypto have to be tied together, but it
* happens to be a good match. It's also a good match from an application
* perspective: either PSA is preferred for TLS (both for crypto and for
* random generation) or it isn't.
*/
#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
#endif
/** A context for random number generation (RNG).
*/
typedef struct
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
unsigned char dummy;
#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context drbg;
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_context drbg;
#else
#error "No DRBG available"
#endif
#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
} rng_context_t;
/** Initialize the RNG.
*
* This function only initializes the memory used by the RNG context.
* Before using the RNG, it must be seeded with rng_seed().
*/
void rng_init( rng_context_t *rng );
/* Seed the random number generator.
*
* \param rng The RNG context to use. It must have been initialized
* with rng_init().
* \param reproducible If zero, seed the RNG from entropy.
* If nonzero, use a fixed seed, so that the program
* will produce the same sequence of random numbers
* each time it is invoked.
* \param pers A null-terminated string. Different values for this
* string cause the RNG to emit different output for
* the same seed.
*
* return 0 on success, a negative value on error.
*/
int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
/** Deinitialize the RNG. Free any embedded resource.
*
* \param rng The RNG context to deinitialize. It must have been
* initialized with rng_init().
*/
void rng_free( rng_context_t *rng );
/** Generate random data.
*
* This function is suitable for use as the \c f_rng argument to Mbed TLS
* library functions.
*
* \param p_rng The random generator context. This must be a pointer to
* a #rng_context_t structure.
* \param output The buffer to fill.
* \param output_len The length of the buffer in bytes.
*
* \return \c 0 on success.
* \return An Mbed TLS error code on error.
*/
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* The test implementation of the PSA external RNG is insecure. When
* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
* function that makes use of an RNG, you must call
* mbedtls_test_enable_insecure_external_rng(). */
#include <test/fake_external_rng_for_test.h>
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
@ -150,5 +258,37 @@ int idle( mbedtls_net_context *fd,
#endif
int idle_reason );
#if defined(MBEDTLS_TEST_HOOKS)
/** Initialize whatever test hooks are enabled by the compile-time
* configuration and make sense for the TLS test programs. */
void test_hooks_init( void );
/** Check if any test hooks detected a problem.
*
* If a problem was detected, it's ok for the calling program to keep going,
* but it should ultimately exit with an error status.
*
* \note When implementing a test hook that detects errors on its own
* (as opposed to e.g. leaving the error for a memory sanitizer to
* report), make sure to print a message to standard error either at
* the time the problem is detected or during the execution of this
* function. This function does not indicate what problem was detected,
* so printing a message is the only way to provide feedback in the
* logs of the calling program.
*
* \return Nonzero if a problem was detected.
* \c 0 if no problem was detected.
*/
int test_hooks_failure_detected( void );
/** Free any resources allocated for the sake of test hooks.
*
* Call this at the end of the program so that resource leak analyzers
* don't complain.
*/
void test_hooks_free( void );
#endif /* !MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */