We want to support builds where there are no platform entropy
sources (`MBEDTLS_NO_PLATFORM_ENTROPY` enabled), and no custom entropy
sources (`MBEDTLS_ENTROPY_HARDWARE_ALT` disabled), but
`mbedtls_entropy_init()` sets up a working entropy without needing to add
sources manually with `mbedtls_entropy_add_source()`
(`MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES` disabled) thanks to a nonvolatile seed
file injected outside the library's control (`MBEDTLS_ENTROPY_NV_SEED`
enabled).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
That way when API are declared, the types they use are defined.
This should resolve the issues related to psa_xyz_init functions
returning a structure described in #7087.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Since Mbed TLS 3.0, blinding is no longer optional in ECDSA.
`mbedtls_ecdsa_write_signature()` and
`mbedtls_ecdsa_write_signature_restartable()` error out if
`f_rng == NULL`. We forgot to update the function documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In public functions that take `f_rng, p_rng` callbacks, link to the
documentation of the callback which is attached to the type name
`mbedtls_f_rng_t`.
Resolves#5868.
```
grep -l -w 'f_rng)' include | xargs perl -i -pe 's/\Qint (*f_rng)(void *, unsigned char *, size_t)\E/mbedtls_f_rng_t *f_rng/g'
```
and include `platform_util.h` where needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This merge was done by the '-s ours' strategy. The only purpose of this
merge is to bring the commit for the 3.6.3.1 release into the
mbedtls-3.6 history and make the CI pass.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In functions that bypass the API functions and call an internal MAC setup
function directly, make sure to initialize the driver-specific part of the
context. This is a union, and initializing the union to `{0}` only
guarantees that the first member of the union is initialized, not
necessarily the member used by the driver. Most compilers do initialize the
whole union to all-bits-zero, but some don't. With compilers that don't, the
lack of initialization caused failures of the affected operations. This
affected one-shot MAC operations using the built-in implementation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In functions that bypass the API functions and call the MAC driver wrapper
`psa_driver_wrapper_mac_sign_setup()` directly, make
sure to initialize the driver-specific part of the context. This is a union,
and initializing the union to `{0}` only guarantees that the first member of
the union is initialized, not necessarily the member used by the driver.
Most compilers do initialize the whole union to all-bits-zero, but some
don't. With compilers that don't, the lack of initialization caused failures
of the affected operations. This affected several key derivation operations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In API functions that set up a multipart or interruptible operation, make
sure to initialize the driver-specific part of the context. This is a union,
and initializing the union to `{0}` only guarantees that the first member of
the union is initialized, not necessarily the member used by the driver.
Most compilers do initialize the whole union to all-bits-zero, but some
don't. With compilers that don't, the lack of initialization caused failures
of built-in MAC, interruptible-sign and interruptible-verify. It could also
cause failures for other operations with third-party drivers: we promise
that drivers' setup entry points receive a zero-initialized operation
structure, but this promise was not kept.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The goal of testing with GCC 15 is to validate fixes for
https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in
multiple places, and some of them affect third-party drivers but not our
built-in implementation. (The bug is that driver contexts might not be
zero-initialized, but some of our built-in implementations happen not to
care about this.) Thus, enable the test drivers in the test component that
uses GCC 15, to gain the extra checks performed in the driver wrappers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is a new warning in GCC 15 that our code base triggers in many places.
Silence it for the time being.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They can cause specific challenges when debugging, so move them out for
maintainers' convenience.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They can cause specific challenges when debugging, so move them out for
maintainers' convenience.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This structure is initialized during the compilation and there is no
reason it changes.
Making it const allows the compiler to put it in .rodata section instead
of .data one.
Signed-off-by: Xavier Chapron <chapron.xavier@gmail.com>
