lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity
17,571 Commits 174 Branches 272 Tags
2.28-sphinx-versioned-documentation
Commit Graph

865 Commits

Author SHA1 Message Date
Dave Rodgman
b028531a3b Merge pull request #7013 from gilles-peskine-arm/build-without-certs-2.28.2 
2.28 only: Fix the build without MBEDTLS_CERTS_C
 2023-02-06 11:39:01 +00:00
Aditya Deshpande
0504ac2387 Fix bugs in example programs: change argc == 0 to argc < 2 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-02 12:07:06 +00:00
Gilles Peskine
50bc9750df Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 00:08:16 +01:00
Gilles Peskine
4d483a1814 Fix misplaced #endif in test program 
This broke the build when MBEDTLS_CERTS_C is undefined. Fixes #6243.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-01 18:19:23 +01:00
Gilles Peskine
1b6c09a62e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:52:35 +01:00
Tom Cosgrove
49f99bc3db Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 16:44:21 +00:00
Dave Rodgman
b400fb0b76 Merge pull request #6452 from AndrzejKurek/depends-py-reloaded-2-28 
[Backport 2.28] Unified tests/scripts/depends.py - reloaded
 2022-11-24 10:59:31 +00:00
Yanray Wang
d818c0856c Fix: include version.h in ssl_test_lib.h 
In development, mbedtls/version.h is getting included indirectly
in via mbedtls/build_info.h, but this doesn't happen in 2.28.
This commit add this dependency in ssl_test_lib.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-11-10 16:31:02 +08:00
Yanray Wang
4d4b077751 Add output of build version in ssl_server2 and ssl_client2 
Backport the changes in PR 6436 to mbedtls-2.28.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-11-10 14:37:49 +08:00
David Horstmann
068a00baf1 Refactor macro-spanning if in ssl_server2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
9e722ad97d Refactor macro-spanning if in ssl_client2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
Andrzej Kurek
9155e7f8e3 Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:37:00 -04:00
Andrzej Kurek
7829d8fd8b Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED 
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:24:31 -04:00
Andrzej Kurek
4ed670f0cd Add missing key exchange dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:22:53 -04:00
Gilles Peskine
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28 
Backport 2.28: Include platform.h unconditionally
 2022-10-13 10:19:25 +02:00
Przemek Stekiel
7aca4e44fe Fix session tickets related build flags in fuzz_server and ssl_server2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:14:13 +02:00
Gilles Peskine
36f19b97e2 Include platform.h unconditionally: automatic part 
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-05 11:26:07 +02:00
Manuel Pégourié-Gonnard
d80d8a40ee Add negative tests for opaque mixed-PSK (server) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
a49a00cc24 Add negative tests for opaque mixed-PSK (client) 
ssl_client2.c used to check that we force a ciphersuite that worked;
that would have prevented testing so I removed it. The library should be
robust even when the application tries something that doesn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
67fc488515 ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
331c3421d1 Address review comments 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
69e567c0e1 ssl_server2.c: fix build err (key_slot - unused variable) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
ab09c9eb79 Add key_opaque option to ssl_server2.c + test 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Shaun Case
0e7791ff07 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-28 18:22:20 +01:00
Gilles Peskine
a30439a7f9 Fix off-by-one in buffer_size usage 
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:24:38 +02:00
Gilles Peskine
736d91dae6 Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:24:38 +02:00
Andrzej Kurek
478181d1f3 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
388ee8a072 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Raoul Strackx
2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
e2462ba437 Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Paul Elliott
8f20bab14d Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:35:13 +00:00
Paul Elliott
110afd0e4d Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:33:22 +00:00
Xiaofei Bai
f40545d919 Fix (d)tls1_2 into (d)tls12 in version options 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-03 08:13:30 +00:00
Przemyslaw Stekiel
a226ac9738 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
e9dea7c3b0 ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
b66bc0ad4a Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
d6e0a5824a ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
7c7fb877c6 ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Manuel Pégourié-Gonnard
87e8b5ccaa Use distinct variables for distinct purposes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-07-08 10:30:38 +02:00
Manuel Pégourié-Gonnard
40e26b2600 Fix memory leak on failure path in test code 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-07-08 10:30:38 +02:00
Ronald Cron
17fbf5b3c4 Merge pull request #4237 from paul-elliott-arm/fix_printf_extra 
Fix printf missed issues
 2021-03-30 16:40:56 +02:00
Paul Elliott
29b641688d Fix printf format issue in programs 
Fix issues that were missed as part of previous printf attribute
cleanup

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-17 13:08:10 +00:00
Ryan LaPointe
dbb192d157 Fix inaccurate comment in sample DTLS server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:27 -04:00
Ryan LaPointe
59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:08 -04:00
Paul Elliott
61d2209e42 Fix missed invalid specifier in PSA Crypto build 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:00:32 +00:00
Gilles Peskine
60fe6606bf Only define test_hooks_xxx under MBEDTLS_TEST_HOOKS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
00d0ad4036 Clarify the advice about reporting errors in test hooks 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
76e9c64c3e Clarify the advice about reporting errors in test hooks 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
414e717036 Deinitialize the PSA subsystem 
The PSA subsystem may consume global resources. It currently doesn't
consume any heap when no keys are registered, but it may do so in the
future. It does consume mutexes, which are reported as leaks when
mutex usage checking is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
e374b95fe1 Detect and report mutex usage errors in SSL test programs 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00