TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-14 16:08:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,496 Commits 180 Branches 280 Tags
adc8a0bceff7bb2fb9d8b4dc0cdcc956e5d74a0d
Commit Graph

1938 Commits

Author SHA1 Message Date
Andrzej Kurek
388ee8a072 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
65f93d5567 Fix udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
448cf48e18 Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann
11d0a6feb6 programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann
0e4a1aa2f1 programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
Raoul Strackx
2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Daniel Axtens
301db66954 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek
e2462ba437 Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Gilles Peskine
5e41e0e934 Update generated file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 20:19:30 +01:00
Jerry Yu
47569e097e fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
4f2dff429a Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu
0abd677ed7 Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Gilles Peskine
3d28378734 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:45:41 +01:00
Gilles Peskine
4a5396ec25 Merge pull request #5299 from paul-elliott-arm/crypt_and_hash_prog_2.x 
Backport 2.x: Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:52 +01:00
Paul Elliott
d068876181 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:51:56 +00:00
Paul Elliott
8f20bab14d Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:35:13 +00:00
Paul Elliott
110afd0e4d Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:33:22 +00:00
Ronald Cron
620cbb9bf5 Merge pull request #5262 from xffbai/code-align-backport2.x 
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
 2021-12-09 16:26:24 +01:00
Gilles Peskine
582f2398d4 Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined 
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:04 +01:00
Xiaofei Bai
f40545d919 Fix (d)tls1_2 into (d)tls12 in version options 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-03 08:13:30 +00:00
Gilles Peskine
6fa5c1d20c Use the normal idiom to support MBEDTLS_CONFIG_FILE 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:12:44 +01:00
Gilles Peskine
8e8e96500a Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
eea9c74d81 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
3dbb3e7e07 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
99d8486f8e Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
507c787b44 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine
71fcb3c994 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine
27482f17f1 Run the dlopen test in shared library builds 
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine
e94335399f New test app for dynamic loading of libmbed* with dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Tom Cosgrove
58efe6184e Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2021-11-15 09:59:53 +00:00
Przemyslaw Stekiel
a226ac9738 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
e9dea7c3b0 ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
b66bc0ad4a Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
d6e0a5824a ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
7c7fb877c6 ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Mateusz Starzyk
294ca30120 Add missing PSA_ALG_NONE macro. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-11-03 12:38:57 +01:00
Manuel Pégourié-Gonnard
1f1bc2df7c Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x 
Backport 2.x: PSA: fix salt length for PSS verification
 2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard
6295dcb600 Merge pull request #5051 from gilles-peskine-arm/psa-add-aria-2.x 
Backport 2.x: Add ARIA to the PSA API
 2021-10-29 09:38:13 +02:00
Gilles Peskine
35115f9c1a New algorithm PSA_ALG_RSA_PSS_ANY_SALT 
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-28 10:06:38 +02:00
Manuel Pégourié-Gonnard
d599dc7f1b Merge pull request #4932 from tom-daubney-arm/all.sh-subshells-2.x 
Backport 2.x: Run all.sh components in a subshell
 2021-10-28 09:33:22 +02:00
Gilles Peskine
3f0722c1af Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine
85f3165c6a Fix printf format signedness error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine
38d41b98b3 load_roots: properly error out on an invalid option 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine
373c54e174 load_roots: fix no-argument detection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine
db92884cd0 load_roots: arguments must be files 
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine
82c04329bf New sample program to benchmark certificate loading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:17:08 +02:00
Gilles Peskine
95f2324c5e Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x 
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
 2021-10-14 12:11:04 +02:00
Gilles Peskine
6eb8007dc5 Add documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-11 14:29:16 +01:00
Gilles Peskine
560e1dcd29 Switch to 4-space indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-11 14:29:16 +01:00
Gilles Peskine
9b35640e3f Generate cpp_dummy_build.cpp dynamically 
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Thomas Daubney <>
 2021-10-11 14:29:16 +01:00