lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-10 00:49:30 +03:00
Code Activity
16,919 Commits 174 Branches 272 Tags
64334d96d05946b2550e69b962b451d710f00b51
Commit Graph

1908 Commits

Author SHA1 Message Date
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Dave Rodgman
eee5c8ac23 Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 
Backport 2.28: Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:00 +01:00
Gilles Peskine
52396ef622 Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:30:48 +02:00
Manuel Pégourié-Gonnard
d80d8a40ee Add negative tests for opaque mixed-PSK (server) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
a49a00cc24 Add negative tests for opaque mixed-PSK (client) 
ssl_client2.c used to check that we force a ciphersuite that worked;
that would have prevented testing so I removed it. The library should be
robust even when the application tries something that doesn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
67fc488515 ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
331c3421d1 Address review comments 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
69e567c0e1 ssl_server2.c: fix build err (key_slot - unused variable) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
ab09c9eb79 Add key_opaque option to ssl_server2.c + test 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Thomas Daubney
d99f8b2897 Rewrite x25519 example program 
Rewrite x25519 example program to fix fatal bug and show
current best practices with the ECDH API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-30 14:09:02 +01:00
Shaun Case
0e7791ff07 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-28 18:22:20 +01:00
Gilles Peskine
f87d84361c Merge pull request #5740 from gilles-peskine-arm/psa-crypto-config-file-2.28 
Backport 2.28: Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:45 +02:00
Gilles Peskine
8e9e1f6819 Merge pull request #5744 from mpg/benchmark-ecc-heap-2.28 
[backport 2.28]  Improve benchmarking of ECC heap usage
 2022-04-22 16:43:04 +02:00
Gilles Peskine
db7d0d9bef Update query_config 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-15 10:57:20 +02:00
Manuel Pégourié-Gonnard
6408495f42 Fix alignment in benchmark output 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-15 09:28:51 +02:00
Gilles Peskine
a30439a7f9 Fix off-by-one in buffer_size usage 
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:24:38 +02:00
Gilles Peskine
736d91dae6 Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:24:38 +02:00
Gilles Peskine
7c45b6767b Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-12 21:26:36 +02:00
Gilles Peskine
7ece768578 Seed the PRNG even if time() isn't available 
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 08:34:50 -04:00
Andrzej Kurek
478181d1f3 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
388ee8a072 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
65f93d5567 Fix udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
448cf48e18 Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann
11d0a6feb6 programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann
0e4a1aa2f1 programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
Raoul Strackx
2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Daniel Axtens
301db66954 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
e2462ba437 Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Gilles Peskine
5e41e0e934 Update generated file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 20:19:30 +01:00
Jerry Yu
47569e097e fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
4f2dff429a Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
0abd677ed7 Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Gilles Peskine
3d28378734 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:45:41 +01:00
Gilles Peskine
4a5396ec25 Merge pull request #5299 from paul-elliott-arm/crypt_and_hash_prog_2.x 
Backport 2.x: Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:52 +01:00
Paul Elliott
d068876181 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:51:56 +00:00
Paul Elliott
8f20bab14d Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:35:13 +00:00
Paul Elliott
110afd0e4d Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:33:22 +00:00
Ronald Cron
620cbb9bf5 Merge pull request #5262 from xffbai/code-align-backport2.x 
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
 2021-12-09 16:26:24 +01:00
Gilles Peskine
582f2398d4 Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined 
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:04 +01:00
Xiaofei Bai
f40545d919 Fix (d)tls1_2 into (d)tls12 in version options 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-03 08:13:30 +00:00
Gilles Peskine
6fa5c1d20c Use the normal idiom to support MBEDTLS_CONFIG_FILE 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:12:44 +01:00
Gilles Peskine
8e8e96500a Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
eea9c74d81 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
3dbb3e7e07 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
99d8486f8e Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
507c787b44 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
71fcb3c994 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine
27482f17f1 Run the dlopen test in shared library builds 
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine
e94335399f New test app for dynamic loading of libmbed* with dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Tom Cosgrove
58efe6184e Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2021-11-15 09:59:53 +00:00