Two declarations for psa_set_key_domain_parameters causes compilation error with [-Werror=redundant-decls]
#6910
Assignees
Labels
Comments
|
Hi! The second declaration of From the GCC manual, this warning is declared as: Warn if anything is declared more than once in the same scope, even in cases where multiple declaration is valid and changes nothing. As such I am not sure whether we can actually fix this, given that in this case the declaration is entirely valid (and required), but the warning will still fire on this (and the documentation states that it will). If you have a suggestion as to how we could fix this, then I am happy to review a PR, however I think in this case the best option is just to remove that warning. |
|
Thanks Paul, for the reply and clarification. As an workaround I have used |
|
In the development branch, we will likely resolve this by removing domain parameters (which has a technical prerequisite). For 2.28, we could avoid repeating the declaration in
|
|
For the sake of gcc, we could use a |
|
Hi Paul / Gilles, Just some observation from my side, [...] [...] |
paul-elliott-arm
added
bug
component-platform
coreboot-bot
pushed a commit
to coreboot/arm-trusted-firmware
that referenced
this issue
Feb 24, 2023
Current CFLAGS if set for library builds could impact entire build, so allow to pass additional CFLAGs for library builds based on format <LIBNAME>_CFLAGS. This support is currently needed to avoid 'redundant declaration' error from latest mbedtls-3.3, the issue is reported to mbedtls[1] and is under consideration to remove any redundant declarations. But till then we have to disable that compiler option while building for mbedtls-3.3 [1]: Mbed-TLS/mbedtls#6910 Change-Id: Ic99af22b229f8089c82110d6545f762c14a62f5c Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
3 tasks
|
Hi there, I had the same error only when compiling a linked library (open62541 ). To bypass this issue, I manually updated the files: include/psa/crypto_extra.h with the following code: Hope this could help... |
mschulz-at-hilscher
added a commit
to mschulz-at-hilscher/mbedtls
that referenced
this issue
Nov 9, 2023
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
3 tasks
clrpackages
pushed a commit
to clearlinux-pkgs/mbedtls
that referenced
this issue
Jun 6, 2024
….6.0
Antonio de Angelis (10):
Add a client view of the multipart contexts
Update the initialization macros
Put the id field at the end of the psa_key_attributes_s structure
Add comments in psa/crypto_struct.h for id layout
Add a client view layout for interruptible hash and pake
Correct the ENCODES_OWNER macro name in comment
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
Fix trailing parenthesis
build_info should look for MBEDTLS_PSA_CRYPTO_CLIENT as well
Fix #ifdef guard in driver wrapper template
Bence Szépkúti (10):
Do not run Valgrind tests in PR jobs
Document release components in all.sh
all.sh: Parse arguments before checking if a test is supported
Set OpenSSL/GnuTLS variables in release components
Migrate to new RTD redirect format
Rename solution files to referece VS2017
Update the MSBuild toolset versions to VS2017
Update compilers list in docs and changelog
Update changelog
Drop reference to Visual Studio 2013 from config
Beniamin Sandu (2):
AES-NI: use target attributes for x86 32-bit intrinsics
tests/scripts/all.sh: add test for 32-bit AES-NI intrinsics with clang
Benson Liou (1):
use mbedtls_ssl_session_init() to init session variable
BensonLiou (4):
Do not generate new random number while receiving HRR
To check if client random number is unchanged while receiving HRR
fix code style
Add change log
Bill Roberts (2):
pkg-config: add initial pkg-config files
project: set version
BrianX7c (1):
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT)
Chien Wong (7):
Add back restriction on AD length of GCM
Add comment on impossible overflows
Handle sizeof(size_t) > sizeof(uint64_t)
Add test cases on GCM AD, input, IV length
Use separate input/output buffer. Explain why error is expected
Fix 1 forgotten separate input/output buffer
Reduce many unnecessary static memory consumption
Dave Rodgman (292):
Improve AES hardware-only check
Restore missing #if
Extend testing of aes.o options
Fix some more incorrect guards in aes.c
Add testing for MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Improve test speed
Use make to parellise tests
Code style
fix make issue
Simplify makefile generation; don't use -j
Remove not-needed edge-case
Separate out a resuable option cross-product test function
Check for incorrect changelog extensions
rename function
Move check into list_files_to_merge
Use make to generate the test command
Improve naming
Introduce MBEDTLS_ARCH_IS_ARMV8
Make SHA256 depend on Armv8, not aarch64
Use lower-case for local variables
Improve docs
Tidy up bash syntax
Tidy-up
tidy up
Introduce MBEDTLS_MAYBE_UNUSED
Use MBEDTLS_MAYBE_UNUSED to simplify aes.c and let compiler remove unused variables
Support MBEDTLS_MAYBE_UNUSED in MSVC and IAR
Add tests for SHA256 on ARMCE for thumb, arm and aarch64
Fix indentation
Improve behaviour on gcc targetting arm or thumb
Improve docs
Add Changelog
Code style
Get MBEDTLS_MAYBE_UNUSED to cover more compilers
require clang 4 for testing
Support MSVS with clang
Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
Improve docs
Enable run-time detection for Thumb and Arm
Add tests for runtime detection
Warn if using runtime detection and no Neon
code style
Fix cast errors on IAR
Update baremetal config to exclude MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT
Fix IAR warnings
Fix arch detection for auto setting of clang flags
Make asm without side-effects not optimisable-out
Fix excess newline
Rename A64 config options
Fix hwcap detection on 32-bit Arm
More config option renaming
Code style
Refer to Armv8-A (not Armv8) in docs
Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A
Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy
Revert renaming of SHA512 options
SHA256 renaming - fix some missed things
Improve Changelog
Fix a couple of typos related to renaming options
Adjust messages in all.sh
Test instructions built/not built
Refer to Armv8-A (not Armv8) in comments
Clarify changelog
Adjust the full config
Fix IAR 'transfer of control bypasses initialization' warnings
Keep initialisation of p in its original location
Use a block to save 12b
Doxygen fixes
Require asm/hwcap.h for testing
Adjust use of deprecated in Doxygen
Fix hwcap test for CI
Include existing Makefile
Tidy up logic for MBEDTLS_MAYBE_UNUSED
Stop IAR warning about goto skipping variable definition
Invert no_hwcap variable
Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS on Windows-on-Arm
Support ARM64EC in the same way as ARM64 in sha256 and sha512
Enable 8-byte fastpath in mbedtls_xor on ARM64 and ARM64EC
Introduce MBEDTLS_HAVE_NEON_INTRINSICS and simplify NEON header inclusion
Use MBEDTLS_HAVE_NEON_INTRINSICS instead of __ARM_NEON
Use new MBEDTLS_ARCH_IS_xxx macros
Simplify Windows-on-Arm macros
Make macro definition more consistent with similar defns
Make component_build_aes_aesce_armcc silent
Improve test for clang presence
Cleanup validation interface
Tidy-up
Remove dependency on asm/hwcap.h
Fix MBEDTLS_MAYBE_UNUSED for IAR
Suppport AESCE on A32 and T32
Fix runtime detection on A32/T32
Add build tests for AESCE on A32/T32
Fix docs for MBEDTLS_AESCE_C
Changelog
Fix behaviour for Armv8 targets without Neon
Improve compiler version checking + docs + testing for armclang
fix tabs
Fix tests for older versions of clang
Update clang version requirements
Add link to ACLE docs in comment
Don't use #ifdef on vreinterpretq_xxx
Code style
Tidy-up: move GCM code into one place
Don't fail tests if hwcap.h not present
Share some definitions that are common for clang and GCC 5
Fix #error typo
Add volatile to prevent asm being optimised out
Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8
Update Changelog to specify Armv8-A
Test for presence/absence of AES instructions
Clarify changelog
Remove dependency on asm/hwcap.h
Support older IAR versions
Introduce MBEDTLS_ASSUME
Restructure mbedtls_cipher_validate_values
Reduce code size in mbedtls_cipher_validate_values
tidy up comments
Use non-empty definition for fallback
Add case for MSVC
Simplify use of __has_builtin
Update comment to mention IAR
update headers
Update documentation
Add Changelog for license
Fix overlooked files
Update license for p256-m
Fix header in ssl_tls13_keys.c
Fix typos in changelog
README improvements to 3rdparty section
Update license and copyright in config files
Standardise some more headers
Remove not-needed sentence
Revert back to v3.5.0
Restore 3.5.1 ChangeLog
Restore bump version
Update BRANCHES
Add docs re Everest license
Use size_t cast for pointer subtractions
Fix types in entropy_poll.c
Use MBEDTLS_GET_UINTxx_BE macro
Use standard byte conversion fns in lms
misc type fixes in ssl
Add casts for NEON
Update tf-m tests in all.sh for P256-M
Simplify test for building P256-M
We no longer need to undef ALT defines
Use latest TF-M config with bare-minimum changes
Disable hw AES on Arm for IAR
Update tests to refer to our tf-m config wrapper
Use common license header
Remove references to 3.4
Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section
Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config
tidy up macros in mbedtls_xor
Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce
Remove redundant check
Remove unused code
Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR
Add MBEDTLS_BSWAPxx intrinsics for IAR
Fix compile warning from IAR
Remove redundant use of -O2 with ASAN_FLAGS
Build with -O2, but without assembly
Use clang as default compiler for Asan
Fix unused function/variable warnings from clang
Use gcc for -m32 Asan builds
Fix a typo
Add explanatory comment
Undo accidental change
Use clang by default
Ensure clang is present
Ensure test_psa_compliance uses gcc
Use gcc in test_psa_compliance
Enable -O2 in depends.py
Use clang -O2 in common_block_cipher_no_decrypt
Don't specify gcc unless the test requires it
Add -O2 to some CFLAGS which were not setting it
Disable automatic setting of clang target flags on old clang
Use gcc in test_full_deprecated_warning
Don't use full path for setting CC
Work around clang 3.8 bug
fix line length
Add supporting files to enable use of verbatim TF-M config
Use verbatim TF-M configs from upstream
Mention copyright in the readme
minor tidy-up
Update check_files.py to accomodate non-standard license headers in TF-M config files
Fix MBEDTLS_NO_PLATFORM_ENTROPY for baremetal aarch64 with armclang
Move MBEDTLS_CIPHER modification to appropriate section
add support for AES-CTR to benchmark
Iterate in 16-byte chunks
Introduce mbedtls_ctr_increment_counter
Add tests for mbedtls_ctr_increment_counter
Use optimised counter increment in AES-CTR and CTR-DRBG
Save 14 bytes in CTR-DRBG
Make gcm counter increment more efficient
add test for multipart AES-CTR
Add NIST AES-CTR test vectors
Add Changelog
Fix ASAN error in test
Fix error in ctr_drbg
Fix test dependencies
Add header guards
Create quiet wrappers for make and cmake
Use quiet make wrappers from all.sh
Spelling fix
Pacify check_files
Improve mbedtls_xor for IAR
Move MBEDTLS_COMPILER_IS_GCC defn into alignment.h
Fix unaligned access on old compilers
Make unaligned accessors always inline
Make mbedtls_xor always inline
Improve mbedtls_xor docs
Add changelog entry
Improve comments
Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info
Remove include of build_info.h
Assemble Changelog
Bump version
Limit compiler hint to compilers that are known to benefit from it
Fix comment typo
Update BRANCHES.md
Remove already-assmebled Changelog entry
Use constant_time module from cmac
Support SHA-512 hwcap detection on old libc
Fix compile warning in tests
Fix test dependencies
Add calls to BLOCK_CIPHER_PSA_INIT / BLOCK_CIPHER_PSA_DONE
Change unaligned access method for old gcc
Improve gcc guards
Improve docs
Use struct not union
Improve docs
Pacify check-names
Remind contributors not to force-push
Remove comments about rebasing vs merging; link to longer RTD document
Slightly soften force-push suggestion
Fix IAR cast warning
Fix remaining warnings from -Wshorten-64-to-32
Update ChangeLog.d/pkg-config-files-addition.txt
Rotate right instead of left
Read rho table in 4-byte chunks
Read pi table in 4-byte chunks
fix cast warning
Roll/unroll various bits
Improve docs; pacify check-names
pacify check-names
roll-up chi loop on clang
pacify check-names
roll up chi loop for gcc -Os
Docs; minor tidy-up
Always display make/cmake invocation command
Improve output from make/cmake wrapper
Improve quote_args output readability
Move quiet wrapper setup
Tidy up quiet wrappers
Extract common parts of quiet wrapper
Avoid infinite loop
Allow wrappers to be missing; quote directory name from make
Undo not-needed change
Quote directory name from cmake wrapper
Improve docs
remove shebang from quiet
Improve simplified quoting
remove trailing space from printed command
Send printed command to stderr
Test all unroll variations
Simplify pi rolled-up variant
Add missing casts
Rename quiet to quiet.sh
Add editor hint for emacs
improve docs
simplify printf call
Fix docs
Use export to set VERBOSE_LOGS
blank line for readability
Fix formatting
Adjust default unroll settings
Adjust defaults
Improve PBKDF2 with CMAC perf by ~16%
Ensure blocksize is compile-time const when DES not present
Follow-up for less verbose logging
Avoid recursion for relative paths
Fix IAR warning
Remove unnecessary use of export
Simplify locating original tool
Fix gcc -O3 warnings
Check gcc version
Check file content to see if it looks auto-generated
line length fix
Minor relaxation to auto-gen regex
Update BRANCHES
Replace reference to master
David Horstmann (208):
Fix 3rdparty target names for custom config
Reword error message on format of SAN arguments
Reword error message on format of SAN arguments
Detailed design of memory protection strategy
Change unsigned int to uint8_t
Add more detail in design of memory poisoning
Move implementation by module table earlier
Modify optimize-testing instructions
Expand design for validation of careful access
Add section on possible use of Valgrind tracing
Tweak compiler optimization evaluation section
Explore sanitizers for memory poisoning
Rewrite design exploration of copy validation
Add skeleton of detailed design rewrite
Add example wrapper function implementation
Replace vague 'above' with a reference for ease-of-navigation
Fix broken reference
Add C language annotation to code block
Use ASan for memory poisoning as well as Valgrind
Refactor note on preferred poison-test approach
Add reference to test hooks in detailed design
Add notes about configuration of poisoning tests
Rewrite incorrect description of psa_exercise_key
Add lengths to convenience interface sketch
Add exploration section on FVP testing
Add detailed design section for careful access
Clarify use of new tests for careful-access
Fix broken links
Add blank lines before lists
De-duplicate section titles
Remove references to new-test approach in design
Careful-access prototyping to design exploration
Rename and specify config options
Discuss plain-overwriting memory poisoning
Add portability consideration to careful-access
Add sections on validation of validation
Add note on platform-specific barriers
Add auto-generation of test wrappers to design
Add function prototypes for copying functions
Downgrade auto testing testing to a nice-to-have
Remove auto-generation of test wrappers
Add testcases for psa_crypto_copy_input()
Add implementation of psa_crypto_copy_input()
Add testcases for psa_crypto_copy_output()
Add implementation of psa_crypto_copy_output()
Add buffers struct and prototypes for alloc API
Add testcases for psa_crypto_alloc_and_copy()
Add implementation of psa_crypto_alloc_and_copy()
Add extra testcases for buffer copying
Zero-length test for psa_crypto_alloc_and_copy()
Simplify zero-length buffers to always be NULL
Add testcases for psa_crypto_copy_and_free()
Add implementation of psa_crypto_copy_and_free()
Reject NULL original_output with non-NULL output
Reject zero-lengths in psa_crypto_copy_and_free()
Add test case for overlapping buffers
Add full round-trip tests for buffer copying
Refactor: move buffer pattern fills into helper
Replace compound-initializers with memset
Remove superfluous comment
Remove psa_crypto_ prefix from test functions
Switch from int to psa_status_t for test args
Switch from ret to status as naming convention
Switch to TEST_CALLOC_NONNULL()
Switch error code to more appropriate value
Move buffer copy tests into new testsuite
Remove extra blank line at end of file
Remove psa_crypto_alloc_and_copy() API
Add prototypes for psa_crypto_input_copy API
Add testcase for psa_crypto_input_copy_alloc()
Add psa_crypto_input_copy_alloc() implementation
Add testcase for psa_crypto_input_copy_free()
Add implementation of psa_crypto_input_copy_free()
Add function prototypes for psa_crypto_output fns
Add testcase for psa_crypto_output_copy_alloc()
Add implementation of psa_crypto_output_alloc()
Add testcase for psa_crypto_output_copy_free()
Add psa_crypto_output_copy_free() implementation
Add input round-trip testcase
Add output round-trip testcase
Fix unintentional direct use of memcpy()
Make copy functions static-testable
Skip call to memcpy if buffer length is zero
Remove redundant NULL check
Change data pattern to simpler one
Use TEST_CALLOC_NONNULL
Compare buffers even for zero-length cases
Fix code style in psa_crypto_core.h
Check for len == 0 rather than buffer == NULL
Remove unnecessary checks for NULL-ness of copies
Add initializers for input / output copies
Change psa_crypto_copy_output error code
De-abbreviate "len" -> "length"
Rename "input_copy" -> "local_input"
Rename "output_copy" -> "local_output"
Add casts to local input / output initializers
Use initializers in alloc functions
Improve description of psa_crypto_input_copy_alloc
Fix possible integer overflows before widening
Fix potential double-free in calloc selftest
Move MPI initialization to start of function
Add memory poisoning hooks
Add explicit UNPOISON calls to memory tests
Create memory poisoning wrapper for cipher encrypt
Copy input and output in psa_cipher_encrypt()
Change to use test-hook-based approach
Remove write check in driver wrappers tests
Use macros to manage buffer copies
Add MBEDTLS_PSA_COPY_CALLER_BUFFERS config option
Remove unnecessary include directory from CMake
Add missing license header
Add more information to comment on test hooks
Add comment explaining the purpose of header
Improve FREE_LOCAL_INPUT() and FREE_LOCAL_OUTPUT()
Make return statuses unique in FREE_LOCAL_OUTPUT()
Remove spaces around token-pasting macro operator
Put local output status in scope
Redesign local copy handling macros
Move test hook setup functions into a C file
Move test hook setup and teardown to helpers.c
Move wrapper include to psa_crypto_helpers.h
Add note about support for buffer overlap
Add missing newline at end of file
Tweak the behaviour of copy handling macros
Improve guards around memory poisoning setup
Remove accidental addition of MBEDTLS_TEST_HOOKS
Add extra MBEDTLS_PSA_CRYPTO_C guard for header
Add missing newline at end of file
Invert note about buffer overlap support
Add all.sh coponent to test with copying disabled
Only poison memory when buffer copying is enabled
Stop enforcing C99 in CMakeLists.txt
Use thread-local flag to enable memory poisoning
Only run memory poisoning metatests when poisoning
Request C11 in CMake (but only for tests)
Change memory poisoning flag to a count
Separate memory poisoning tests from generic ASan
Add underflow check to UNPOISON counter decrement
Add copying in PAKE set peer and user functions
Add copying to PAKE input and output
Fix magic number buffer length in J-PAKE tests
Generate poisoning in PAKE test wrappers
Fix magic numbers in more J-PAKE tests
Disable poisoning with PSA_CRYPTO_DRIVER_TEST
Copy buffers in psa_aead_encrypt()
Add buffer copying to psa_aead_decrypt()
Add buffer copying to psa_aead_generate_nonce()
Fix bug in PSA AEAD test
Add buffer copying to psa_aead_set_nonce()
Refactor: Use wrapper around internal set_nonce()
Add buffer copying to psa_aead_update_ad()
Add buffer copying to psa_aead_update()
Add buffer copying to psa_aead_finish()
Add buffer copying to psa_aead_verify()
Prevent unused warnings in psa_aead_set_nonce()
Generate poisoning wrappers for AEAD
Add testcase to fail multipart cipher tests
Update buffer start and length in multipart test
Remove unnecessary setting of status variable
Restore X509 functions erroneously made private
Add ChangeLog entry for restoring X509 functions
Unrestore mbedtls_x509_string_to_names()
Remove unnecessary ChangeLog entry
Un-unrestore mbedtls_x509_string_to_names()
Add buffer copying to psa_generate_random()
Generate test wrappers for psa_generate_random()
Add missing guards around exit label
Fix incorrect conflict resolution
Add session config bit for KEEP_PEER_CERTIFICATE
Update ssl session serialization config bitflag
Move session functions to same part of file
Add config guards to session struct comments
Move session descriptions into a single comment
Fix missing fields in ssl session struct comment
Fix naming inconsistencies in config bits
Add ChangeLog entry for ssl serialization bitflags
Fixup: add peer_cert_digest_type to comment
Fix code style
Tell ReadTheDocs to include framework submodule
Add buffer copying to psa_sign_hash_start/complete
Add buffer copying to psa_verify_hash_start()
Generate memory poisoning in wrappers
Flip logic of generate_psa_wrappers.py
Do not attempt to wipe output buffer if it is NULL
Add ChangeLog for PSA buffer sharing fix
Change goto exit into direct return
Fix removed space in merge resolution
Reword ChangeLog entry for shared memory work
Add bugfix section about buffer sharing
Regenerate PSA wrappers for new PSA functions
Reword ChangeLog entry. Specifically:
Mention the CVE number that is fixed
Use the exact phrase 'shared memory'
Reference issue #3266
Invert and rename config option
Update wrapper generation script and regenerate
Remove MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS from full
Preserve alphabetical sorting of config options
Rewrite section on PSA copy functions
Clarify design decision in light of actions
Rename mbedtls_psa_core_poison_memory()
Abstractify example in design exploration
Add discussion of copying conveience macros
Discuss test wrappers and updating them
Mention MBEDTLS_TEST_MEMORY_CAN_POISON
Mention metatest.c
Remove 'Question' line around testing
Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
Gabor Mezei (16):
Initial changelog support for changelog assembling
Enable to specify the name of the project in the changelog
Remove initial changelog entry creation support
Remove leftover code from initial changelog support
Add allocate and copy style output buffer handling
Add buffer protection for cipher functions
Add test wrapper functions for cipher buffer protection
Fix ASAN error for `psa_cipher_update`
Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled
Move local buffer allocation just before usage
Add buffer protection for `cipher_generate_iv` and `cipher_set_iv`
Update test wrapper functions for ciper buffer protection
Fix buffer protection handling for `cipher_generate_iv`
Remove write check in driver wrappers tests
Do not copy the content to the local output buffer with allocation
Fix merge
Gilles Peskine (347):
Legacy-to-PSA transition guide
Mention mbedtls_psa_get_random
Mention self-tests
Cover ECDH and DHM
Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC
Cover ecp.h
The ECP curve name is the one from TLS, not one we made up
Show how to extract curve information from an ecp_keypair
Run demo scripts and check that they work
Move common code of demo scripts into a library
Demo scripts: create a seedfile if the configuration requires it
Let demo scripts declare their dependencies
Declare the dependencies of key_ladder_demo.sh
Run demo scripts in some builds
cleanup is part of the external interface
Print only missing dependencies
Explain why $root_dir needs a complicated calculation
Minor readability improvements
Fix some mistakes in descriptive messages
Add --quiet option to suppress demos' output
Error out if run from the wrong directory
Make --quiet a little less quiet
Pacify Pylint
Use demo_common.sh in dlopen test script
Skip dlopen demo in static builds
PermissionIssueTracker is obsoleted by ShebangIssueTracker
Update old dependency to MBEDTLS_MD_CAN
Add missing PSA init
ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it
Minor robustness improvement
Stop using "legacy" OpenSSL and GnuTLS
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
compat.sh: add --preserve-logs option
ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function
Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Update location of TFM config files
Disable PK_PARSE and PK_WRITE
Documentation improvements
Keep the list in alphabetical order
Support running unit tests from another directory
Print a notice if chdir fails
Note about the lack of Windows support
Automatically pick up all Markdown files
Analyze requirements for protection of arguments in shared memory
Revert "Fix a few IAR warnings"
Fix 3rdparty/Makefile.inc when included recursively
Fix typos and copypasta
Expand explanations of the vulnerabilities
Simplify the relaxed output-output rule
Add a section on write-read feedback
Clarify terminology: built-in driver
Design change for cipher/AEAD
Distinguish whole-message signature from other asymmetric cryptography
Short explanations of what is expected in the design sections
Add a section skeleton for copy bypass
Suggest validating copy by memory poisoning
Typos
Fix editorial error with semantic consequences
Test for read-read inconsistency with mprotect and ptrace/gdb
Convey that it's ok for mbedtls_ssl_session_save to fail
Fix missing initializations on some error paths
Remove redundant null check
Use modern macros for calloc in test code
Close file on error path
Fix code style
Define try_chdir everywhere
Fix invocation with explicit .datax file
Fix test suite never executed due to an undefined symbol
Sort imports
Check copyright statements and SPDX license identifier
Also complain if licenses are mentioned
Pacify mypy
Add a metatest program
Validate that test_fail causes a test failure
Metatests for null pointer dereference
Script to run all the metatests (with platform filtering)
Metatests for basic Asan and Msan features
Strengthen against Clang optimizations
Run metatests in selected components
Use casts when doing nonstandard pointer conversions
Don't cast a function pointer to a data pointer
Fix cast from pointer to integer of different size
Don't use %llx in printf
Add metatests for mutex usage
Add missing program to .gitignore
programs/test/metatest indirectly includes library/common.h
No more limitations accelerated algorithms using a built-in hash
Strengthen against possible compiler optimizations
More consistent usage of volatile
Uninitialized read: make the pointer non-volatile rather than the buffer
Add documentation
Update to TEST_EQUAL macros for easier debuggability
Update PSA init for md-ligt
Readability improvement
Uniformly use MBEDTLS_THREADING_C guards
Improve explanations of what bad thing a metatest does
Fix the build with gcc-12 -Wuse-after-free
Detect enabled GCC/Clang sanitizers
Disable check_mbedtls_calloc overallocation under ASan
MSan and TSan complain as well, not just ASan
Skip calloc overallocation test case
Create legacy-API bridge API design document
Clarify "functions that facilitate the transition"
typos
Add links to newly added functions
Expand on the removal of RNG boilerplate
New files for memory-related test functions
Add memory poisoning framework
Fix memory poisoning with Asan on arbitrary byte boundaries
Basic functional test for memory poisoning
Fix MSVC build failure
Port to platforms where printf doesn't have %zu
Use the existing definition of MBEDTLS_TEST_HAVE_ASAN
Avoid unused variable warnings in some plausible usage
Memory poisoning: meta-test writes as well as reads
Protect against compiler optimizations
Use the existing definition of __func__
Allow PSA test cases to depend on test conditions
Fix typos and make minor style improvements
Say who to contact
Explain interruptible operations
Editorial corrections
Corrections and clarifications around asymmetric key formats
Correct lists of sign/verify functions
That's not what mbedtls_ecdh_get_params does
Be more informative about "No change"
Correct function names prefixes where they diverge from module names
Update PBKDF2 availability for 3.5
typo
Minor clarification
fixup! Correct function names prefixes where they diverge from module names
typos and minor clarifications
Use "workflow" rather than "flow" for clarity
Note a few things about PAKE (thanks Manuel)
Diffie-Hellman: several clarifications and corrections
More information about output buffer sizes
Add a generic section about key management
Add a section about ALT implementations
Fix some MAC-related function names
Correct and clarify discussion of AES-CMAC-PRF-128
Clarify psa_constant_names
Document the domain_parameters_size==SIZE_MAX hack
Remove DSA and DH domain parameters from the documentation
Note that domain parameters are not supported with drivers
Indent nested conditionals
Unify treatment of MBEDTLS_TEST_OBJS
Partly unify LOCAL_CFLAGS
Create common.make with LOCAL_CFLAGS and friends
Unify common variables of programs/Makefile and tests/Makefile
Unify some common rules of programs/Makefile and tests/Makefile
Auto-detect the need to link with pthread on Unix-like platforms
Revert "Add ability to pass make variables to psa_collect_statuses.py"
Revert "Add option to pass make variables to depends.py"
Explain the use of control
Allow *.make to contain tabs
Correct name and documentation of preprocessor symbol check function
New function mbedtls_ecp_keypair_get_group_id
Support partial export from mbedtls_ecp_keypair
Promise mbedtls_ecp_read_key doesn't overwrite the public key
New function mbedtls_ecp_set_public_key
New function mbedtls_ecp_keypair_calc_public
mbedtls_ecp_read_key: explain how to set the public key
Rename variable that's a C++ keyword
New function mbedtls_ecp_write_public_key
Use new mbedtls_ecp_keypair functions in sample programs
Declare dependency on bignum in sample programs
Add ECP-heavy-only test cases to the driver parity analysis ignore list
Changelog entry for the new ECP functions
Asymmetric cryptography: rough draft
Minor clarifications
Our TLS 1.3 API doesn't actually require PSA key identifiers
Resolve ECDSA conversion API: don't use an ASN.1 interface
Clarify PSA-to-PK copy intent
Make input parameter const
Improve readability of null-argument tests
Finish unifying LOCAL_CFLAGS
Minor readability improvement
Fix name in documentation
Unify MBEDTLS_TEST_OBJS
Remove useless guards on MBEDTLS_BIGNUM_C
Fix mixup between secp224r1 and secp224k1 in test scripts
Add test data for secp192r1
Fix typo in curve name
Note unusual curve size
Indicate which curves Mbed TLS supports
Python module to parse function declarations from a header file
C function wrapper generator
Guard the macro definition
PSA wrapper generator
Commit generated PSA wrappers
Declare the outputs from generate_psa_wrappers.py as generated files
Enable generated PSA wrappers
Generated PSA wrappers: poison/unpoison buffer parameters
Update generated PSA wrappers
Remove the manually written poisoning wrapper
Add review exception warning
PSA wrappers: don't poison buffers when buffer copying is disabled
Disable PSA wrappers psa_collect_statuses builds
Fix parsing of C line comments
Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO
typo
Reference ongoing work
Reference filed issues
Resolve several open questions as nothing special to do
Add a usage parameter to mbedtls_pk_get_psa_attributes
Open question for ECDSA signature that can be resolved during implementation
Introduce mbedtls_pk_get_psa_attributes
mbedtls_pk_get_psa_attributes: force enrollment algorithm off
mbedtls_pk_get_psa_attributes: RSA support
mbedtls_pk_get_psa_attributes: ECC support
mbedtls_pk_get_psa_attributes: test bad usage value
mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE
Allow building with MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_ECP_C
mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA
Unify want_private detection
Allow context types with an ALT version to be linked in Doxygen
Fix the build with MBEDTLS_RSA_ALT
Missing dependency for MBEDTLS_PK_ECDSA
Disable MBEDTLS_PSA_CRYPTO_CLIENT in no-PSA builds
mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
Implement pick-a-curve when ECP_LIGHT is disabled
Depend on legacy RSA key generation for test code
Remove now-redundant guard
Update some msg descriptions
Update preprocessor guard comment
Always call psa_crypto_init when testing mbedtls_pk_get_psa_attributes
Switch pk_setup_for_type() to return MBEDTLS_ERR_xxx
Update ECDSA signature conversion based on experimentation
Changelog for building SHA-256 and 512 with old libc
Minor documentation improvements
Test enrollment algorithm for the non-OPAQUE case
Create auxiliary function for repeated code
Don't use mbedtls_pk_ec in our own code
Copypasta
Copypasta
Use PSA_INIT with test that requires PSA
Clearer variable names
Fix comment
mbedtls_pk_get_psa_attributes: opaque: require specified usage
Fix typo in dependency
Add missing implied usage
Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
Smoke tests for mbedtls_pk_get_psa_attributes after parsing
Fix builds with secp224k1 as the only curve
ECDSA signature conversion: put bits first
Wording improvement
Inline the SHA3 parameters table into a switch
Choose a curve for tests at compile time
mbedtls_pk_import_into_psa: documentation
New function mbedtls_rsa_get_bitlen()
Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add missing dependency on PEM
Cosmetic fix
Also check the RSA length for public keys
exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA
mbedtls_pk_import_into_psa: implement and test
mbedtls_pk_import_into_psa: negative tests for different ECC curve
mbedtls_pk_import_into_psa: positive tests with pkparse output
depends.py: set unique configuration names in outcome file
Don't define pk_sign_verify in configurations where it's unused
Fix some preprocessor guards
Don't exercise if the algorithm is not supported
Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG
Pack the iota round constants
Document new functions psa_generate_key_ext, psa_key_derivation_output_key_ext
Refactoring: extract rsa_test_e
Implement psa_generate_key_ext, psa_key_derivation_output_key_ext
psa_generate_key_ext: RSA: support custom public exponent
generate/derive key ext: pass method_data_length rather than method_length
generate key ext: skip driver invocation with non-default method
Only test custom-e RSA key generation when built in
Rename identifier for consistency
Fix encrypt/decrypt confusion
Use named constants FROM_PAIR/FROM_PUBLIC for readability
Test mbedtls_pk_import_into_psa with different bits
Fix copypasta
New test helper: mbedtls_test_key_consistency_psa_pk
After pk_import_into_psa, test that the keys match
mbedtls_pk_import_into_psa: fix Montgomery keys in the legacy case
test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt)
mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error
mbedtls_ecp_write_key: document and test larger output buffer
mbedtls_ecp_write_key: document and test smaller output buffer
ECP write/export key: document that these functions don't detect unset data
Fix copypasta
Remove initialization function for variable-length struct
Rename "key generation method" to "key production parameters"
More renaming: method -> production parameters
Benchmark: remove the legacy-context ECDH block
Benchmark: not using private fields anymore
fuzz_pubkey, fuzz_privkey: no real need to access private fields
fuzz_dtlsserver: explicitly note the one access to a private field
Don't authorize private access to fields where not actually needed
ssl_context_info: explicitly note accesses to private fields
Improve validation in mpi_exp_mod_min_RR
Changelog entry for benchmark improvement
Remove cruft
typo
Ignore domain parameters in RSA key generation
Rename variables
Remove domain parameters from the public API
Remove domain parameters from psa_key_attributes_t
Finish cleaning up override that's no longer needed
Use attribute accessor functions in driver wrappers
psa_key_attributes_t: move slot_number to core structure
Switch key slots to psa_key_attributes_t
Get rid of intermediate full-attributes local variables
Don't access psa_key_attributes_t.core
Get rid of psa_core_key_attributes_t
In attributes, keep track of slot number through a dedicated field
Get rid of flags in attributes
Fix code style
mbedtls_ecp_write_key_ext(): new function
mbedtls_ecp_write_key_ext(): recommend over the old function in documentation
mbedtls_ecp_write_key_ext(): migrate internally
mbedtls_ecp_write_key(): deprecate the old function
mbedtls_ecp_write_key_ext: document error for no private key set
mbedtls_ecp_write_key_ext(): make key const
mbedtls_ecp_write_key_ext(): Upgrade import_pair_into_psa as well
Require framework directory to exist when building
Add framework submodule with makefiles
Framework submodule: fix the libtestdriver1 build
Support Git submodules
Add docstrings to pacify pylint
Note the need to tell git to set up the submodule
Show guidance if the framework is not found
In library, with make, only require the framework for generated files
Update submodule after PR merge
Fix intended code blocks that were not suitably indented
Mention psa_generate_key_ext()
Document mbedtls_pk_import_into_psa
Document mbedtls_pk_setup_opaque and mbedtls_pk_copy_from_psa
List ECDSA signature conversion functions
mbedtls_pk_decrypt/encrypt actually check the padding mode
Discuss mbedtls_pk_copy_public_from_psa
Remind the reader that PK doesn't support DH
MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it
New function mbedtls_pk_copy_public_from_psa
Test mbedtls_pk_copy_public_from_psa on non-exportable keys
Fix and test pk_copy_from_psa with an unsupported algorithm
Fix copypasta
Fix copypasta
missing word
Work around a bug in ancient lcov
tls13: Use a flag not a counter for CCS and HRR handling
pk_import_into_psa: test persistent keys
Hannes Tschofenig (1):
Add example program for PSA hash
Jan Bruckner (2):
Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled
Comply with the received Record Size Limit extension
Janos Follath (70):
Refine thread safety requirements
Tighten thread safety requirements
Improve thread safety presentation
Add threading non-requirement
Fix typo
Add clarifications to the threading requirements
Add PSA threading design
Add reentrancy section to thread safety design
Add clarifications to thread safety design
Add plan for 3.6 to threading design
Clarify reentrancy requirements for drivers
Clarify threading design document structure
Threading design: Update empty slot tracking
Threading design: update and clarify 3.6 plan
Threading design: improve language
Threading Design: emphasise performance requirement
Update operation threading strategy
Threading design: fix internal links
Make RSA unblinding constant flow
Extend blinding to RSA result check
Add Changelog for the Marvin attack fix
Make local function static
Fix style
Add cmake build type for tsan
Add tsan to all.sh
Add multi-threaded unit test
Fix failing multi-threaded unit test
RSA: document Montgomery trick in unblind
RSA: remove unneeded temporaries
RSA: improve readability
Fix typo
Add warning for PKCS 1.5 decryption
Update Marvin fix Changelog entry
Make RSA unblinding constant flow
Extend blinding to RSA result check
Add Changelog for the Marvin attack fix
Make local function static
Fix style
RSA: document Montgomery trick in unblind
RSA: remove unneeded temporaries
RSA: improve readability
Fix typo
Add warning for PKCS 1.5 decryption
Update Marvin fix Changelog entry
Use mpi_core_exp_mod in bignum.
Bignum: remove unused functions
Increase default exponentiation window size
Add Changelog
Bignum: Remove/update obsolete comments
Exp mod: move declarations before use
Exp mod: use assignment instead memcpy
Exp mod: simplify 0 exponent handling
Exp mod: clarify preprocessing
Improve style
Exp mod: Make sure RR has enough limbs
Exp mod: tidy up temporary storage allocation
Use mbedtls_ct_condition_t in mpi_core_check_zero
Exp mod: handle negative zero
Fix MBEDTLS_MPI_WINDOW_SIZE documentation
Fix style
Use TEST_EQUAL instead of TEST_ASSERT in new code
Improve changelog
Hinder unwanted optimisations
Avoid implementation defined behaviour
Improve style
Fix typo
Fix use of volatile
Remove volatile from declaration
Fix code style
Add CVE IDs to Changelog
Jerry Yu (130):
Add max_early_data_size into ticket
Add max_early_data_size into copy list
Add unit test for max_early_data_size of ticket
Share `early_data_status` between server and client
Add not-received status
Add early data status update
Add data file for early data input
Add early data disable tests
fix test fail when ecp disabled
add script for server9_bad_saltlen
Add asn1crypto to python maintainer requirements
Add server9-bad-saltlen generate command
fix wrong typo and indent issue
fix various issues
fix wrong typo
fix various issues
move asn1crypto to ci.requirements.txt
improve document
move script to `tests/scripts`
tls13: add more checks for server early data
write early data indication in EE msg
Add test case for writing early data in EE
disable tests when ecp is not available
Add deprecated flag in document for sig_hashes
Add translation ruler into document
disable stdout in require_*_configs_* functions
fix miss sent extensions mask
fix various issues
fix various issues
move ticket version check
Add selected key and ciphersuite check
move psk check to EE message on client side
Add test-suite parameter to filter tests
Revert "ssl-opt.sh: Make record_outcome record the ssl-opt.sh file only"
check the ticket version unconditional
fix various issues
Revert "fix miss sent extensions mask"
move ext print to the end of write client hello
Update license
Improve documents
improve brief description of conf_sig_algs
improve document
improve document
change time unit of ticket to milliseconds
Add changelog entry for anti_replay_fail
Replace c99 fmt macro
fix various issues
Add ticket_creation field
Replace `start` with `ticket_creation`
update tests
guards ticket creation field
improve comments
Cleanup ticket negative tests.
Change the bottom of tolerance window
Update document of ticket age tolerance
Add maximum ticket lifetime check
rename `ticket_creation` to `ticket_creation_time`
rename ticket received
fix various issues
fix build failure
Add maximum ticket lifetime check
Add freshness check information into document
improve document
Guards ticket_creation_time
improve code style
improve readability
various improvement
replace check string
Change if to switch case
Add early transform computation when accepted
Add wait flight2 state.
Add server side end-of-early-data handler
Update tests to the code status
fix build warning with arm64 gcc 5.4
Revert "fix build warning with arm64 gcc 5.4"
Guards neon path
improve document
add non-gcc arm_neon support
fix wrong gcc version check
remove wait_flight2 state
re-introduce process_wait_flight2
empty process_end_of_early_data
Add dummy framework of eoed state
implement coordinate of eoed
implement parser of eoed
switch inbound transform to handshake
print received early application data
improve comments and output message
fix various issues
Send decode error alert when EOED parsing fail
send unexpected alert when not received eoed or app during reading early data
fix various issues
fix ci test failure
revert output message which used by testing
add early data extension of NST
Add early data permission check
Enable multi max_early_data_size value for connections
Add tests for ticket early data permission bit
rename nst early data write function
fix various issues
add early data flag check function
replace early data permission check
replace ticket permission set
improve early data comments
set init value for max_early_data_size in session
change max_early_data_size source
Revert "set init value for max_early_data_size in session"
Revert "change max_early_data_size source"
Add max_early_data_size check
set max_early_data_size of ticket to keep consistent
improve comments of new session ticket
share write_early_data_ext function
add ticket max_early_data_size check
Add missing debug message
fix various issue
remove assignment for `session->max_early_data_size`
change prototype of `write_early_data_ext`
Some minor improvement
remove misbehavior tests and code
tls: Add internal function ssl_read_application_data()
tls13: srv: Move early data size check placeholder
Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
tls13: srv: Add mbedtls_ssl_read_early_data() API
ssl_server2: Add read early data support
Update early data test
Adjust check order
tls13: srv: Add discard_early_data_record SSL field
tls13: srv: Do not allow early data indication in 2nd ClientHello
Ignore early data app msg before 2nd client hello
tls13: srv: Fail connection if ticket lifetime exceed 7 days
Jerzy Kasenberg (1):
Rename local variable in aes.c
Joakim Andersson (3):
library: Remove unused psa_crypto_core.h include
library: Move mbedtls_ecc helper functions to psa_util
changelog: add changelog for move of mbedtls_ecc psa helper functions
Jonathan Winzig (14):
Add tests for Issue #8687
Fix Issue #8687
Update fix to be more platform-independent
Add missing newline at the end of test_suite_x509write.data
Update test-data to use SIZE_MAX
Remove unneeded testcase
Add required dependency to the testcase
Add tests for Issue #8687
Fix Issue #8687
Update fix to be more platform-independent
Add missing newline at the end of test_suite_x509write.data
Update test-data to use SIZE_MAX
Remove unneeded testcase
Add required dependency to the testcase
Kusumit Ghoderao (17):
Fix psa_key_derivation_setup_kdf
add tests for derive_full and derive_set_capacity
Reorder and correct comment
Add kdf_set_max_capacity function
Increase input parameter type and buffer size
Add hkdf_extract, hkdf_expand and ecjpake_to_pms cases
Change error status for invalid HKDF alg
Add tests for derive_set_capacity for pbkdf and ecjpake_to_pms
Add tests for derive_full for hkdf_extract, hkdf_expand and ecjpake_to_pms
disable pbkdf2_hmac set max capacity test
add bugfix changelog entry
fix unused variable warning and other fixes
correct test data
add depends on for capacity tests and fix code style
add test cases with different hash algs
fix depends on condition
change values to ULL
Maciej Zwoliński (1):
Add AES encrypted keys support for PKCS5 PBES2
Manuel Pégourié-Gonnard (89):
SSL programs: group options processing in 1 place
SSL programs: allow invoking without arguments
SSL programs: improve command-line error reporting
Add details on use of ciphers from other modules
Add tentative definition of Cipher light
Update details of modules using cipher operations
Update definition of Cipher light
Update list of modules using hashes
Update to MD light section
Update to only serve GCM and CCM
Remove redundant include
Minimize key-type-related includes
Further rationalize includes
Factor common code into a function
Slightly simplify pk_derive_public_key()
Group two versions of the same code
Factor similar code into pk_ecc_set_key()
Use helper macro for (deterministic) ECDSA
Avoid nested #ifs in body of pk_get_ecpubkey()
Minor improvements to pk_ecc_read_compressed()
Start re-ordering functions in pkparse
Merge two consecutive #ifs
Move code around again
Document pk_ecc_set_group() and pk_ecc_set_key()
Rename and document pk_ecc_set_pubkey_from_prv()
Tune body of pk_ecc_set_pubkey_from_prv()
Rework pk_ecc_set_pubkey_psa_ecp_fallback()
New signature for pk_ecc_set_pubkey()
Rework pk_ecc_set_pubkey()
Fix and document return of pk_ecc_set_pubkey()
Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED
Fix unused warnings in dummy definition
Fix limitation in checking supported alg in pk_sign
Fix a typo in a comment
Make code more robust
Use clearer function name
Fix check for format supported by PSA
Require at least on curve for ECP_LIGHT
Fix static initializer warning
Fix some dependencies in ssl-opt.sh
Things forgotten in the previous commit
Document chosen goals and priorities for 3.x
Extend design discussion
analyze_outcomes: minor code cleanup
analyze_outcomes: add regex match for ignored tests
analyze_outcomes: useless ignores are now errors
analyze_outcomes: remove useless ignore entries
analyze_outcomes: use regexes with ECC components
analyze_outcomes: minor output fix
analyze_outcome: work around old Python in CI
analyze_outcome: Simplify some code
analyze_outcomes: ignore patterns apply to whole suite
analyze_outcomes: use regexes for cipher/aead
analyze_outcome: only warn on ignored tests that pass
Rm unneeded dep on PK_PARSE_C in psa crypto tests
Fix incorrect RSA dependencies in psa_crypto tests
Rm redundant ECC dependencies in psa_crypto tests
Rm unjustified PK_C dependencies in PSA tests
Rm unjustified MD_C dependencies in PSA test
Add check about legacy dependencies in PSA tests
all.sh: add diff to can_keep_going_after_failure
all.sh: robustness improvement
all.sh: more comments in check_test_cases()
Start adding internal module block_cipher.c
block_cipher: add setkey()
block_cipher: add encrypt()
Temporary hack to pacify check_names.py
Fix a typo
Update cipher light -> block cipher definition
md-cipher-dispatch: editorial improvements
Consolidate ChangeLog entries about CIPHER_C
Update ChangeLog for CCM/GCM improvements
Clarify CCM/CM with partial accel
Rename test components to better reflect content
Rename tests components for clarity
Quickly mention the status of RSA accel
Update architecture doc for cipher dual dispatch
Improve wording & fix typos
Fix typos / improve syntax
Add new lines before lists
Remove redundant helper macros in check_config.h
Simplify and fix dependency of MD_C on a hash
Fix dependency on low-level hash modules
Fix wrong dependency of ECJPAKE_C
Remove temporary macros that are not needed
Move config adjustment to config_adjust
Remove redundant check
Remove useless overly strong dependency
Benchmark only one side of ECDH, both static and ephemeral
Matthias Schulz (32):
Fixes #8377.
Added missing like between variables and function body.
Added testcase with certificate that contains extensions with critical fields.
Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions.
Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases.
Fix dependency check for helper functions.
Uncrustified
Added changelog.
New test cases requested in https://github.com/Mbed-TLS/mbedtls/pull/8378#discussion_r1383779861
Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
Fix uninitialized variable warnings.
Fix compiler error on gcc 4.5.2.
fixes invalid default choice of thumb assembler syntax.
Fix preprocessor syntax error.
Fixes https://github.com/Mbed-TLS/mbedtls/issues/6910 as proposed in https://github.com/Mbed-TLS/mbedtls/issues/6910#issuecomment-1573301661
Pop only when pushed.
Added proposed fixes
Simplified check.
Updated comments.
Update library/constant_time_impl.h
Update library/constant_time_impl.h
Add benchmark for RSA 3072.
Alternative Timing compatible benchmark.c
Explicitly indicating when private fields are accessed in benchmark.c.
Enhance GCM throughput using larger precalculated tables. Also refactored the code for shorter tables and moved the check for available accelerators to the context initialization code.
Fix:
spelling
Add changelog.
Remove comments referencing private defines.
Ajdusted change log.
Use NULL for pointer initialization
Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
Mehmet Cagri Aksoy (2):
Add casting size_t to int
Add casting size_t to int
Minos Galanakis (31):
Revert "Auto-generated files for v3.5.0"
prepare_release: sed querry change to strip whitespace
programs/dh_client/server: Replaced mbedtls_sha1 with mbedtls_sha256
programs/dh_client/server: Added entropy source to `mbedtls_rsa_pkcs1_sign()`
programs_dh_client/server: Updated programs to use `mbedtls_rsa_get_len()`
programs_rsa_encrypt/decrypt: Updated programs to use `mbedtls_rsa_get_len()`
programs_rsa_rsa_sign: Updated program to use `mbedtls_rsa_get_len()`
programs_rsa_rsa_verify: Updated program to use `mbedtls_rsa_get_len()`
programs_dh_client/server: Updated to query digest size using `mbedtls_md_info_from_type()`.
programs_dh_client/server: Changed mdlen type to unsigned integer.
programs_dh_client/server: Updated config guards.
programs_dh_server: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()`.
programs_benchmark: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()`
programs_benchmark: Updated to use `mbedtls_dhm_read_public()`.
echd: Added `mbedtls_ecdh_get_grp_id` getter.
tests: Added test for `mbedtls_ecdh_context_grp`
Changelog: Added changelog for `mbedtls_ecdh_get_grp_id`.
x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor.
tests: Added test for `mbedtls_x509_crt_get_ca_istrue()`
Added changelog
ssl: Added getter methods for session id and len.
ssl_ciphersuite: Added getter methods for ciphersuite id.
ssl: Added session getter for ciphersuite_id.
x509: Reworded documentation bits.
test_suite_x509parse: Added test-case for legacy certificate
test_suite_ssl: Added ssl_session_id_accessors_check.
Changelog: Added entry for ssl_session accessors.
Assemble Changelog
Version Bump for 3.6.0
Fix some Changelog typos
Autogenerated files for 3.6.0
Moritz Fischer (1):
library: psa_crypto: Explicitly initialize shared_secret
Oldes Huhuman (2):
Fixed compilation for Haiku OS
Shortening a comment line
Paul Elliott (85):
Remove logically dead code
Move initialisation in test to before first test
Remove NULL-ing of passed in SSL context in ssl_populate_transform()
Add build preset full_no_platform
Add missing exit labels to MPS tests
Convert interruptible test over to using TEST_CALLOC
Move handling of mutex->is_valid into threading_helpers.c
Make threading helpers tests thread safe
Rename mutex->is_valid to mutex->state
Ensure mutex test mutex gets free'd
Fix comment typos
Add better documentation for mbedtls_test_mutex_mutex
Fix missing include
Add re-seeding option to test
Add TsanDbg, standardise Tsan with other sanitisers
Fix false claim of variables used unitialised
Explicitly link tests with pthreads
Fix code style
Guard tests correctly
Increase entropy buffer sizes
Make number of threads a test argument
Make TSan test run operate on full config
Remove warning with GCC 12 and TSan
Add option to pass make variables to depends.py
Add ability to pass make variables to psa_collect_statuses.py
Remove explicit linking of PThread in make
Remove requirement for SHA512 from ctr_drbg test
Improve make pthread linking mechanism
Remove unnecessary check
Move test dependancies to function file
Add AES_PSA_INIT() to thread test case
Add accessor helpers for mbedtls_test_info
Use mbedtls_test_info accessors internally as well
Migrate to threading_helpers.h
Add test thread create/join abstraction
Use new thread abstraction for ctr_drbg tests
Link programs with pthread via cmake
Enable common.make to be included by programs/fuzz
Allow programs/fuzz to be linked against pthread
Move bignum flag for negative zero into test_info
Protect test info access with mutex
Add ability to exclude mutex from tests
Set preferences before finding Threads in CMake
Remove unneeded lines from fuzz/Makefile
Fix documentation typos.
Make test data static now it has accessors
Access the test data mutex via accessor
Add Changelog for #8687
Refactor common PThreads CMake code
Fix Make issues with Everest enabled
Fix race condition with test comparison functions
Fix code style issues
Refactor to help future other implementations
Fix style issues
Fix accidental copy paste mistake
Restore mutex lock for mbedtls_test_set_step()
Revert accidental formatting change
Fix missed case for removing accessor
Add comment to set/increment step functions
Stop platform test failures with GCC and TSAN
Fix confusing comment in ctr drbg thread test
Fix typo / improve documentation for test step fns
Fix deadlock with test failures
Add metatests for failing TEST_EQUAL and TEST_LE_*
Make internal test info accessor functions static.
Rename internal test info data accessors
Fix missing mutex lock for mutex usage error
Lock test mutex before doing mutex usage check
Improve documentation / comments
Ensure drivers have threading enabled if required
Allow the use of threading dependancies in PSA tests.
Add new global mutex for PSA global_data
Add new mutex for PSA global rng data
Protect PSA global initialized flag with mutex.
Protect PSA global rng data with mutex.
Protect PSA drivers_initialized with mutex
Add mbedtls_psa_crypto_init_subsystem()
Protect the key slot management initialised flag
Add PSA threaded init tests
Fix minor style issues
Start subsystem IDs at 1 instead of 0
Add comments about RNG mutex requirements
Add explanatory comment for init flags
Add changelog entry for threading MVP
Add issues fixed to changelog entry
Pengyu Lv (81):
TLS 1.3: SRV: Check ticket_flags in kex mode determination
TLS 1.3: SRV: Validate kex modes when parsing psk
TLS 1.3: SRV: Don't select ephemeral mode on resumption
Add addition options to detect the correct kex mode
Revert "TLS 1.3: SRV: Validate kex modes when parsing psk"
refactor: move ticket_flags check into a function
simplify helper function name
test_suite_ssl: improve variable naming in ssl_set_hostname_twice
AESNI: improve comments on some guards in aesni.h
aesni: support cpuid on WIN32
aesni: declare cpuinfo as int
aesni: select `__cpuid` impl based on compiler type
all.sh: Re-enable MBEDTLS_AESNI_C in some components
all.sh: revert changes in test_m32*
all.sh: build_mingw: test default config without MBEDTLS_AESNI_C
all.sh: build_mingw: only test build lib without MBEDTLS_AESNI_C
Add a changelog entry
Reword the changelog entry
Add check_ticket_flags helper function
tls13: server: parse pre_shared_key only when some psk is selectable
tls13: server: fully check ticket_flags with available kex mode.
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
Move common config to common function
Change base config to full minus SSL
test_suite_x509write: use plaintext key file
test: tls13: change server output check
Change base co…
openci-bot
pushed a commit
to TrustedFirmware-A/trusted-firmware-a
that referenced
this issue
Jun 28, 2024
Current CFLAGS if set for library builds could impact entire build, so allow to pass additional CFLAGs for library builds based on format <LIBNAME>_CFLAGS. This support is currently needed to avoid 'redundant declaration' error from latest mbedtls-3.3, the issue is reported to mbedtls[1] and is under consideration to remove any redundant declarations. But till then we have to disable that compiler option while building for mbedtls-3.3 [1]: Mbed-TLS/mbedtls#6910 Change-Id: Ic99af22b229f8089c82110d6545f762c14a62f5c Signed-off-by: Govindraj Raja <govindraj.raja@arm.com> (cherry picked from commit 5a65fcd)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I see 2 declarations for psa_set_key_domain_parameters in:
include/psa/crypto_extra.h
include/psa/crypto_struct.h
This forces users of the mbed-tls to not to enable warnings for redundant-decls Is this expected?
System information
Mbed TLS version (number or commit id): 8c89224 (HEAD -> mbedtls-3.3.0, tag: v3.3.0, tag: mbedtls-3.3.0, origin/master)
Operating system and version:
Configuration (if not default, please attach
mbedtls_config.h):Compiler and options (if you used a pre-built binary, please indicate how you obtained it): aarch64-none-elf-gcc (Arm GNU Toolchain 11.3.Rel1) 11.3.1 20220712
Additional environment information: Building it with trusted firmware project.
Expected behavior
we should be able to build without compiler warnings, although current mbed tls causes compiler warning like:
error: redundant redeclaration of 'psa_set_key_domain_parameters' [-Werror=redundant-decls]
499 | psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Actual behavior
No compiler warnings/erros.
Steps to reproduce
Build mbed tls first:
make -j4 clean; cmake .; CC=aarch64-none-elf-gcc make -j8 lib;
then try using above build mbed tls with tf-a:
make distclean -j8; make -j8 CROSS_COMPILE=aarch64-none-elf- DEBUG=1 V=1 memmap fiptool all MBEDTLS_DIR= TRUSTED_BOARD_BOOT=1 DYN_DISABLE_AUTH=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem > /dev/null
Additional information
The text was updated successfully, but these errors were encountered: