The last line of programs/psa/key_ladder_demo.c is of the following
form:
#endif /* Very long comment ... */
Uncrustify tries to reduce the length:
#endif \
/* Very long comment ... */
and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Running make from programs/fuzz didn't set any optimization flags (running
make from programs or from the root inherited the parent's optimization
flags). Default to -O2.
There were no -W flags. Default to -Wall -Wextra, but not -Werror in line
with the other makefiles.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In development, mbedtls/version.h is getting included indirectly
in via mbedtls/build_info.h, but this doesn't happen in 2.28.
This commit add this dependency in ssl_test_lib.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.
This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.
Fixes#5974.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ssl_client2.c used to check that we force a ciphersuite that worked;
that would have prevented testing so I removed it. The library should be
robust even when the application tries something that doesn't work.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Rewrite x25519 example program to fix fatal bug and show
current best practices with the ECDH API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
