From ecff219e6fef45ca2d39189c3f633745b1abf8ec Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 3 Oct 2018 16:17:41 +0100 Subject: [PATCH 01/17] Change file scoping of test helpers.function Dependent on configured options, not all of the helper functions were being used, which was leading to warning of unused functions with Clang. To avoid any complex compile time options, or adding more logic to generate_test_code.py to screen out unused functions, those functions which were provoking the warning were changed to remove static, remove them from file scope, and expose them to the linker. --- tests/suites/helpers.function | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2e227f02c..580b4aba4 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -278,7 +278,7 @@ jmp_buf jmp_tmp; /*----------------------------------------------------------------------------*/ /* Helper Functions */ -static void test_fail( const char *test, int line_no, const char* filename ) +void test_fail( const char *test, int line_no, const char* filename ) { test_info.failed = 1; test_info.test = test; @@ -368,7 +368,7 @@ static void close_output( FILE* out_stream ) } #endif /* __unix__ || __APPLE__ __MACH__ */ -static int unhexify( unsigned char *obuf, const char *ibuf ) +int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; @@ -402,7 +402,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) return len; } -static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) { unsigned char l, h; @@ -456,7 +456,7 @@ static unsigned char *zero_alloc( size_t len ) * * For convenience, dies if allocation fails. */ -static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; @@ -507,7 +507,7 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) * * rng_state shall be NULL. */ -static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) { if( rng_state != NULL ) rng_state = NULL; @@ -534,7 +534,7 @@ typedef struct * * After the buffer is empty it will return rand(); */ -static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) { rnd_buf_info *info = (rnd_buf_info *) rng_state; size_t use_len; @@ -580,7 +580,7 @@ typedef struct * * rng_state shall be a pointer to a rnd_pseudo_info structure. */ -static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) { rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; uint32_t i, *k, sum, delta=0x9E3779B9; From d3d8a64dfa7c1b006c854b45f47e10261cf0019a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 4 Oct 2018 12:26:55 +0100 Subject: [PATCH 02/17] Enable more compiler warnings in tests/Makefile tests/Makefile had some unused warnings disabled unnecessarily, which test-ref-configs.pl was turning back on. We don't need to disable these warnings so I'm turning them back on. --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index b6e49bf8a..5e4fa13a2 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -3,7 +3,7 @@ # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value +WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wunused LDFLAGS ?= LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 From 104fe5393822e0ca2881e5ca98f868996a25577e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Dec 2018 12:00:35 +0000 Subject: [PATCH 03/17] Add Changelog entry for clang test-ref-configs.pl fix --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index be28645d6..f28538190 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix to allow test-ref-config.pl to build with Clang. Fixes #1628. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From d5f4759594a8d551f166fb5a0c7dda0ee004d4ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonin=20D=C3=A9cimo?= Date: Wed, 23 Jan 2019 15:24:37 +0100 Subject: [PATCH 04/17] Fix #2370, minor typos and spelling mistakes --- CONTRIBUTING.md | 2 +- ChangeLog | 10 +++++----- README.md | 2 +- include/mbedtls/check_config.h | 2 +- include/mbedtls/config.h | 12 ++++++------ include/mbedtls/hmac_drbg.h | 2 +- include/mbedtls/rsa.h | 6 +++--- include/mbedtls/ssl.h | 4 ++-- include/mbedtls/ssl_ticket.h | 4 ++-- include/mbedtls/x509.h | 6 +++--- include/mbedtls/x509_crl.h | 4 ++-- library/Makefile | 2 +- library/ecjpake.c | 2 +- library/error.c | 2 +- library/ssl_srv.c | 2 +- library/ssl_tls.c | 2 +- library/x509.c | 2 +- library/x509_crt.c | 2 +- tests/compat.sh | 2 +- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 2 +- tests/ssl-opt.sh | 20 ++++++++++---------- tests/suites/test_suite_ccm.data | 2 +- tests/suites/test_suite_ecdh.function | 2 +- tests/suites/test_suite_nist_kw.function | 2 +- tests/suites/test_suite_rsa.data | 6 +++--- 26 files changed, 53 insertions(+), 53 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 010dffc63..18851db41 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,7 +50,7 @@ When backporting to these branches please observe the following rules: 2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted. - 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts. + 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts. It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors. diff --git a/ChangeLog b/ChangeLog index 9b1230e20..431bf886f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -341,7 +341,7 @@ Security 1.2, that allowed a local attacker, able to execute code on the local machine as well as manipulate network packets, to partially recover the plaintext of messages under some conditions by using a cache attack - targetting an internal MD/SHA buffer. With TLS or if + targeting an internal MD/SHA buffer. With TLS or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if the same secret (for example a HTTP Cookie) has been repeatedly sent over connections manipulated by the attacker. Connections using GCM or CCM @@ -1227,7 +1227,7 @@ Bugfix * Fix potential build failures related to the 'apidoc' target, introduced in the previous patch release. Found by Robert Scheck. #390 #391 * Fix issue in Makefile that prevented building using armar. #386 - * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and + * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate @@ -1469,7 +1469,7 @@ API Changes You now need to link to all of them if you use TLS for example. * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. Some names have been further changed to make them more consistent. - Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are + Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt * Renamings of fields inside structures, not covered by the previous list: mbedtls_cipher_info_t.key_length -> key_bitlen @@ -1524,7 +1524,7 @@ API Changes * net_accept() gained new arguments for the size of the client_ip buffer. * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. - * ecdsa_write_signature() gained an addtional md_alg argument and + * ecdsa_write_signature() gained an additional md_alg argument and ecdsa_write_signature_det() was deprecated. * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. * Last argument of x509_crt_check_key_usage() and @@ -3059,7 +3059,7 @@ XySSL ChangeLog not swapped on PadLock; also fixed compilation on older versions of gcc (bug reported by David Barrett) * Correctly handle the case in padlock_xcryptcbc() when input or - ouput data is non-aligned by falling back to the software + output data is non-aligned by falling back to the software implementation, as VIA Nehemiah cannot handle non-aligned buffers * Fixed a memory leak in x509parse_crt() which was reported by Greg Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to diff --git a/README.md b/README.md index d7a0e9d6b..4fa6242bb 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. +Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b86e5807e..0f72c17a1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -691,7 +691,7 @@ /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the - * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units. + * #if defined(MBEDTLS_xxx_C) that results in empty translation units. */ typedef int mbedtls_iso_c_forbids_empty_translation_units; diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 91cc5bddf..c5d7bfe30 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -139,7 +139,7 @@ * * System has time.h, time(), and an implementation for * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necesarily very accurate, but at least + * The time needs to be correct (not necessarily very accurate, but at least * the date should be correct). This is used to verify the validity period of * X.509 certificates. * @@ -401,7 +401,7 @@ * \note Because of a signature change, the core AES encryption and decryption routines are * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should - * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set @@ -1538,7 +1538,7 @@ * \def MBEDTLS_SSL_SESSION_TICKETS * * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a + * Client-side, provides full support for session tickets (maintenance of a * session store remains the responsibility of the application, though). * Server-side, you also need to provide callbacks for writing and parsing * tickets, including authenticated encryption and key management. Example @@ -1704,7 +1704,7 @@ * * \warning TLS-level compression MAY REDUCE SECURITY! See for example the * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. + * CRIME or similar exploits may be applicable to your use case. * * \note Currently compression can't be used with DTLS. * @@ -3016,7 +3016,7 @@ //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ @@ -3033,7 +3033,7 @@ //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 7eae32bbd..f1289cb30 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -82,7 +82,7 @@ extern "C" { */ typedef struct mbedtls_hmac_drbg_context { - /* Working state: the key K is not stored explicitely, + /* Working state: the key K is not stored explicitly, * but is implied by the HMAC context */ mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 906c42733..4ff5bdd83 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -150,13 +150,13 @@ mbedtls_rsa_context; * \note The choice of padding mode is strictly enforced for private key * operations, since there might be security concerns in * mixing padding modes. For public key operations it is - * a default value, which can be overriden by calling specific + * a default value, which can be overridden by calling specific * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions. * * \note The hash selected in \p hash_id is always used for OEAP * encryption. For PSS signatures, it is always used for - * making signatures, but can be overriden for verifying them. - * If set to #MBEDTLS_MD_NONE, it is always overriden. + * making signatures, but can be overridden for verifying them. + * If set to #MBEDTLS_MD_NONE, it is always overridden. * * \param ctx The RSA context to initialize. This must not be \c NULL. * \param padding The padding mode to use. This must be either diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8106bb4ab..199bba9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2033,7 +2033,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * provision more than one cert/key pair (eg one ECDSA, one * RSA with SHA-256, one RSA with SHA-1). An adequate * certificate will be selected according to the client's - * advertised capabilities. In case mutliple certificates are + * advertised capabilities. In case multiple certificates are * adequate, preference is given to the one set by the first * call to this function, then second, etc. * @@ -3200,7 +3200,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). * * \note You need to call mbedtls_ssl_config_defaults() unless you - * manually set all of the relevent fields yourself. + * manually set all of the relevant fields yourself. * * \param conf SSL configuration context */ diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index a84e7816e..774a007a9 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -117,14 +117,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, /** * \brief Implementation of the ticket write callback * - * \note See \c mbedlts_ssl_ticket_write_t for description + * \note See \c mbedtls_ssl_ticket_write_t for description */ mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; /** * \brief Implementation of the ticket parse callback * - * \note See \c mbedlts_ssl_ticket_parse_t for description + * \note See \c mbedtls_ssl_ticket_parse_t for description */ mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 9ae825c18..63aae32d8 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -77,7 +77,7 @@ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ +#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** @@ -250,7 +250,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * * \param to mbedtls_x509_time to check * - * \return 1 if the given time is in the past or an error occured, + * \return 1 if the given time is in the past or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); @@ -264,7 +264,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); * * \param from mbedtls_x509_time to check * - * \return 1 if the given time is in the future or an error occured, + * \return 1 if the given time is in the future or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 08a4283a6..fa838d68c 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -111,7 +111,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /** * \brief Parse one or more CRLs and append them to the chained list * - * \note Mutliple CRLs are accepted only if using PEM format + * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in PEM or DER format @@ -126,7 +126,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s /** * \brief Load one or more CRLs and append them to the chained list * - * \note Mutliple CRLs are accepted only if using PEM format + * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param path filename to read the CRLs from (in PEM or DER encoding) diff --git a/library/Makefile b/library/Makefile index 430c59881..1e1b0358a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -39,7 +39,7 @@ SOEXT_TLS=so.12 SOEXT_X509=so.0 SOEXT_CRYPTO=so.3 -# Set AR_DASH= (empty string) to use an ar implentation that does not accept +# Set AR_DASH= (empty string) to use an ar implementation that does not accept # the - prefix for command line options (e.g. llvm-ar) AR_DASH ?= - diff --git a/library/ecjpake.c b/library/ecjpake.c index be941b14b..b276514e8 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -951,7 +951,7 @@ static const unsigned char ecjpake_test_pms[] = { 0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51 }; -/* Load my private keys and generate the correponding public keys */ +/* Load my private keys and generate the corresponding public keys */ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, const unsigned char *xm1, size_t len1, const unsigned char *xm2, size_t len2 ) diff --git a/library/error.c b/library/error.c index 12312a056..c596f0bcc 100644 --- a/library/error.c +++ b/library/error.c @@ -567,7 +567,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) - mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); + mbedtls_snprintf( buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ // END generated code diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bc77f8020..5825970c4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1449,7 +1449,7 @@ read_record_header: */ /* - * Minimal length (with everything empty and extensions ommitted) is + * Minimal length (with everything empty and extensions omitted) is * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can * read at least up to session id length without worrying. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38690fa66..8710a5076 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2606,7 +2606,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) } /* - * A record can't be split accross datagrams. If we need to read but + * A record can't be split across datagrams. If we need to read but * are not at the beginning of a new record, the caller did something * wrong. */ diff --git a/library/x509.c b/library/x509.c index 52b5b649f..6b7899fe0 100644 --- a/library/x509.c +++ b/library/x509.c @@ -116,7 +116,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, } /* - * Parse an algorithm identifier with (optional) paramaters + * Parse an algorithm identifier with (optional) parameters */ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) diff --git a/library/x509_crt.c b/library/x509_crt.c index 325bbc0b1..32aca012b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2237,7 +2237,7 @@ static int x509_crt_check_ee_locally_trusted( * Tests for (aspects of) this function should include at least: * - trusted EE * - EE -> trusted root - * - EE -> intermedate CA -> trusted root + * - EE -> intermediate CA -> trusted root * - if relevant: EE untrusted * - if relevant: EE -> intermediate, untrusted * with the aspect under test checked at each relevant level (EE, int, root). diff --git a/tests/compat.sh b/tests/compat.sh index bf65e5e61..181452803 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -21,7 +21,7 @@ FAILED=0 SKIPPED=0 SRVMEM=0 -# default commands, can be overriden by the environment +# default commands, can be overridden by the environment : ${M_SRV:=../programs/ssl/ssl_server2} : ${M_CLI:=../programs/ssl/ssl_client2} : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 039b1b887..182f7fff4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -120,7 +120,7 @@ pre_initialize_variables () { FORCE=0 KEEP_GOING=0 - # Default commands, can be overriden by the environment + # Default commands, can be overridden by the environment : ${OPENSSL:="openssl"} : ${OPENSSL_LEGACY:="$OPENSSL"} : ${OPENSSL_NEXT:="$OPENSSL"} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 2f995d2a3..c929c88a0 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ # seem to be a mechanism to reliably check whether the zeroize calls are being # eliminated by compiler optimizations from within the compiled program. The # problem is that a compiler would typically remove what it considers to be -# "unecessary" assignments as part of redundant code elimination. To identify +# "unnecessary" assignments as part of redundant code elimination. To identify # such code, the compilar will create some form dependency graph between # reads and writes to variables (among other situations). It will then use this # data structure to remove redundant code that does not have an impact on the diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 42f57e946..bc783103a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -26,7 +26,7 @@ if cd $( dirname $0 ); then :; else exit 1 fi -# default values, can be overriden by the environment +# default values, can be overridden by the environment : ${P_SRV:=../programs/ssl/ssl_server2} : ${P_CLI:=../programs/ssl/ssl_client2} : ${P_PXY:=../programs/test/udp_proxy} @@ -671,7 +671,7 @@ run_test() { # The filtering in the following two options (-u and -U) do the following # - ignore valgrind output - # - filter out everything but lines right after the pattern occurances + # - filter out everything but lines right after the pattern occurrences # - keep one of each non-unique line # - count how many lines remain # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 @@ -2740,7 +2740,7 @@ run_test "Authentication: server max_int chain, client default" \ key_file=data_files/dir-maxpath/09.key" \ "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 0 \ - -C "X509 - A fatal error occured" + -C "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client default" \ @@ -2748,7 +2748,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ key_file=data_files/dir-maxpath/10.key" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 1 \ - -c "X509 - A fatal error occured" + -c "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client optional" \ @@ -2757,7 +2757,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ auth_mode=optional" \ 1 \ - -c "X509 - A fatal error occured" + -c "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: server max_int+1 chain, client none" \ @@ -2766,7 +2766,7 @@ run_test "Authentication: server max_int+1 chain, client none" \ "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ auth_mode=none" \ 0 \ - -C "X509 - A fatal error occured" + -C "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server default" \ @@ -2774,7 +2774,7 @@ run_test "Authentication: client max_int+1 chain, server default" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 0 \ - -S "X509 - A fatal error occured" + -S "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server optional" \ @@ -2782,7 +2782,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "X509 - A fatal error occured" + -s "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int+1 chain, server required" \ @@ -2790,7 +2790,7 @@ run_test "Authentication: client max_int+1 chain, server required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ 1 \ - -s "X509 - A fatal error occured" + -s "X509 - A fatal error occurred" requires_full_size_output_buffer run_test "Authentication: client max_int chain, server required" \ @@ -2798,7 +2798,7 @@ run_test "Authentication: client max_int chain, server required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ 0 \ - -S "X509 - A fatal error occured" + -S "X509 - A fatal error occurred" # Tests for CA list in CertificateRequest messages diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index ac9c565da..46c172bbb 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -41,7 +41,7 @@ ccm_lengths:5:10:5:18:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT -CCM lenghts #7 AD too long (2^16 - 2^8 + 1) +CCM lengths #7 AD too long (2^16 - 2^8 + 1) depends_on:!MBEDTLS_CCM_ALT ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 08a1686e5..7db0ed16e 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -351,7 +351,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_enable_restart( &cli ); } - /* server writes its paramaters */ + /* server writes its parameters */ memset( buf, 0x00, sizeof( buf ) ); len = 0; diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index ae3ef8062..f1acde91a 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -30,7 +30,7 @@ void mbedtls_nist_kw_mix_contexts( ) memset( key, 0, sizeof( key ) ); /* - * 1. Check wrap and unwrap with two seperate contexts + * 1. Check wrap and unwrap with two separate contexts */ mbedtls_nist_kw_init( &ctx1 ); mbedtls_nist_kw_init( &ctx2 ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5f49ad671..953b1ff92 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -478,7 +478,7 @@ mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bb RSA Import (N,-,-,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 -RSA Import (N,-,-,D,E), succesive +RSA Import (N,-,-,D,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,P,Q,-,E) @@ -565,7 +565,7 @@ mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Export (N,-,-,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 -RSA Export (N,-,-,D,E), succesive +RSA Export (N,-,-,D,E), successive mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,P,Q,-,E) @@ -586,7 +586,7 @@ mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Export Raw (N,-,-,D,E) mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 -RSA Export Raw (N,-,-,D,E), succesive +RSA Export Raw (N,-,-,D,E), successive mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,P,Q,-,E) From f35bb5a8e83a3b542313b13307385d4281fcb1ea Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 18 Apr 2019 15:57:30 +0100 Subject: [PATCH 05/17] Clarify ChangeLog entry for fix to #1628 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f28538190..5cd79e4a2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix to allow test-ref-config.pl to build with Clang. Fixes #1628. + * Fix to allow building test suites with any warning that detects unused + functions. Fixes #1628. = mbed TLS 2.16.0 branch released 2018-12-21 From 6e6ae9b2e85cf1db6bca74980f2c0e689b61030d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 29 Apr 2019 12:44:12 +0200 Subject: [PATCH 06/17] Use 'config.pl baremetal' in all.sh --- tests/scripts/all.sh | 56 ++++---------------------------------------- 1 file changed, 4 insertions(+), 52 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44df16249..0e5c8384a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1049,35 +1049,13 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_NET_C - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib } component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_NET_C - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" @@ -1086,18 +1064,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - scripts/config.pl full - scripts/config.pl unset MBEDTLS_NET_C - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" @@ -1106,22 +1073,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { component_build_armcc () { msg "build: ARM Compiler 5, make" - scripts/config.pl full - scripts/config.pl unset MBEDTLS_NET_C - scripts/config.pl unset MBEDTLS_TIMING_C - scripts/config.pl unset MBEDTLS_FS_IO - scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.pl unset MBEDTLS_HAVE_TIME - scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE - scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY - # following things are not in the default config - scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING - scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c - scripts/config.pl unset MBEDTLS_THREADING_PTHREAD - scripts/config.pl unset MBEDTLS_THREADING_C - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h - scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit - scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME + scripts/config.pl baremetal make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib make clean From ff36cdaa84df99a5708daa28da6068b7f90df5ce Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 11 Jun 2019 17:27:32 +0100 Subject: [PATCH 07/17] Update library to 2.16.2 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index ff44d142d..d2c745dc7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x branch released xxxx-xx-xx += mbed TLS 2.16.2 branch released 2019-06-11 Security * Make mbedtls_ecdh_get_params return an error if the second key diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 6345ddc0b..3336f0fca 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.16.1 source code documentation + * @mainpage mbed TLS v2.16.2 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index d1c81d858..40a1cabb3 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.16.1" +PROJECT_NAME = "mbed TLS v2.16.2" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index cc736e159..ef8e4c1f4 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -40,16 +40,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 16 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02100100 -#define MBEDTLS_VERSION_STRING "2.16.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.1" +#define MBEDTLS_VERSION_NUMBER 0x02100200 +#define MBEDTLS_VERSION_STRING "2.16.2" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.2" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 720c7fa17..2a0d47d8b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.1 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.2 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.16.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.2 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.16.1 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.2 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 40fc9237b..cd1cee461 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.1" +check_compiletime_version:"2.16.2" Check runtime library version -check_runtime_version:"2.16.1" +check_runtime_version:"2.16.2" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 8118e4672e7f772b7defe3b270683ff7eb618ea5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Jun 2019 14:50:09 +0200 Subject: [PATCH 08/17] Pass -m32 to the linker as well For unit tests and sample programs, CFLAGS=-m32 is enough to get a 32-bit build, because these programs are all compiled directly from *.c to the executable in one shot. But with makefile rules that first build object files and then link them, LDFLAGS=-m32 is also needed. --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7eaefe999..965d52071 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -961,7 +961,7 @@ component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' msg "test: i386, make, gcc -O0 (ASan build)" make test @@ -980,7 +980,7 @@ component_test_m32_o1 () { scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_MEMORY_DEBUG - make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' msg "test: i386, make, gcc -O1 (ASan build)" make test @@ -995,7 +995,7 @@ support_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" make test From 137d31bf5a500736f53acf2e21eaf30ac985f184 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Jun 2019 14:52:07 +0200 Subject: [PATCH 09/17] Make test suites compatible with #include Don't use the macro name assert. It's technically permitted as long as is not included, but it's fragile, because it means the code and any header that it includes must not include . --- tests/suites/helpers.function | 12 ++++++------ tests/suites/host_test.function | 2 +- tests/suites/target_test.function | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 1255ff4be..4bed05ecd 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -207,7 +207,7 @@ typedef enum #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#define assert(a) if( !( a ) ) \ +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ __FILE__, __LINE__, #a ); \ @@ -373,7 +373,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; - assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { @@ -385,7 +385,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) else if( c >= 'A' && c <= 'F' ) c -= 'A' - 10; else - assert( 0 ); + TEST_HELPER_ASSERT( 0 ); c2 = *ibuf++; if( c2 >= '0' && c2 <= '9' ) @@ -395,7 +395,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) else if( c2 >= 'A' && c2 <= 'F' ) c2 -= 'A' - 10; else - assert( 0 ); + TEST_HELPER_ASSERT( 0 ); *obuf++ = ( c << 4 ) | c2; } @@ -440,7 +440,7 @@ static unsigned char *zero_alloc( size_t len ) size_t actual_len = ( len != 0 ) ? len : 1; p = mbedtls_calloc( 1, actual_len ); - assert( p != NULL ); + TEST_HELPER_ASSERT( p != NULL ); memset( p, 0x00, actual_len ); @@ -467,7 +467,7 @@ static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) return( zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); - assert( obuf != NULL ); + TEST_HELPER_ASSERT( obuf != NULL ); (void) unhexify( obuf, ibuf ); diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 3c4303208..fe6a2bc07 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -179,7 +179,7 @@ static int parse_arguments( char *buf, size_t len, char **params, if( p + 1 < buf + len ) { cur = p + 1; - assert( cnt < params_len ); + TEST_HELPER_ASSERT( cnt < params_len ); params[cnt++] = cur; } *p = '\0'; diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index 56abf2948..e4c3e30de 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -13,11 +13,11 @@ */ #define INCR_ASSERT(p, start, len, step) do \ { \ - assert( ( p ) >= ( start ) ); \ - assert( sizeof( *( p ) ) == sizeof( *( start ) ) ); \ + TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \ + TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \ /* <= is checked to support use inside a loop where \ pointer is incremented after reading data. */ \ - assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\ + TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\ ( p ) += ( step ); \ } \ while( 0 ) @@ -127,7 +127,7 @@ uint8_t * receive_data( uint32_t * data_len ) /* Read data length */ *data_len = receive_uint32(); data = (uint8_t *)malloc( *data_len ); - assert( data != NULL ); + TEST_HELPER_ASSERT( data != NULL ); greentea_getc(); // read ';' received after key i.e. *data_len @@ -221,7 +221,7 @@ void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len, hex_count = find_hex_count(count, data, data_len); params = (void **)malloc( sizeof( void *) * ( count + hex_count ) ); - assert( params != NULL ); + TEST_HELPER_ASSERT( params != NULL ); cur = params; p = data; @@ -360,7 +360,7 @@ int execute_tests( int args, const char ** argv ) { /* Read dependency count */ count = *p; - assert( count < data_len ); + TEST_HELPER_ASSERT( count < data_len ); INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) ); ret = verify_dependencies( count, p ); if ( ret != DEPENDENCY_SUPPORTED ) From 30346f639edf6a4c67e9068ed9253c9655448c5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jun 2019 16:44:19 +0200 Subject: [PATCH 10/17] Make it easier to define MBEDTLS_PARAM_FAILED as assert Introduce a new configuration option MBEDTLS_CHECK_PARAMS_ASSERT, which is disabled by default. When this option is enabled, MBEDTLS_PARAM_FAILED defaults to assert rather than to a call to mbedtls_param_failed, and is included. This fixes #2671 (no easy way to make MBEDTLS_PARAM_FAILED assert) without breaking backward compatibility. With this change, `config.pl full` runs tests with MBEDTLS_PARAM_FAILED set to assert, so the tests will fail if a validation check fails, and programs don't need to provide their own definition of mbedtls_param_failed(). --- ChangeLog | 2 + include/mbedtls/config.h | 68 ++++++++++++++++++++++++--------- include/mbedtls/platform_util.h | 11 ++++++ library/version_features.c | 3 ++ programs/ssl/query_config.c | 8 ++++ 5 files changed, 73 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index cec77d2af..13034fd6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,8 @@ Changes * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to improve clarity. Fixes #2258. * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. + * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h + suggests). #2671 = mbed TLS 2.16.1 branch released 2019-03-19 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 654f9725e..2ab19804c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -276,28 +276,52 @@ * For example, when a function accepts as input a pointer to a buffer that may * contain untrusted data, and its documentation mentions that this pointer * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated + * - The pointer is checked to be non-NULL only if this option is enabled. + * - The content of the buffer is always validated. * * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). + * is invalid: + * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED(). + * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function + * will immediately return. If the function returns an Mbed TLS error code, + * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA. * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. + * When defining this flag, you also need to arrange a definition for + * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods: + * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a + * function mbedtls_param_failed(), but the library does not define this + * function. If you do not make any other arrangements, you must provide + * the function mbedtls_param_failed() in your application. + * See `platform_util.h` for its prototype. + * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the + * library defines #MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`. + * You can still supply an alternative definition of + * MBEDTLS_PARAM_FAILED(), which may call `assert`. + * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h` + * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`, + * the library will call the macro that you defined and will not supply + * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`, + * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source + * files include ``. * * Uncomment to enable validation of application-controlled parameters. */ //#define MBEDTLS_CHECK_PARAMS +/** + * \def MBEDTLS_CHECK_PARAMS_ASSERT + * + * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to + * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined. + * + * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to + * calling a function mbedtls_param_failed(). See the documentation of + * #MBEDTLS_CHECK_PARAMS for details. + * + * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. + */ +//#define MBEDTLS_CHECK_PARAMS_ASSERT + /* \} name SECTION: System support */ /** @@ -3060,13 +3084,16 @@ /** * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with MBEDTLS_CHECK_PARAMS + * is detected that is only checked with #MBEDTLS_CHECK_PARAMS * (see the documentation of that option for context). * - * When you leave this undefined here, a default definition is - * provided that invokes the function mbedtls_param_failed(), - * which is declared in platform_util.h for the benefit of the - * library, but that you need to define in your application. + * When you leave this undefined here, the library provides + * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT + * is defined, the default definition is `assert(cond)`, + * otherwise the default definition calls a function + * mbedtls_param_failed(). This function is declared in + * `platform_util.h` for the benefit of the library, but + * you need to define in your application. * * When you define this here, this replaces the default * definition in platform_util.h (which no longer declares the @@ -3075,6 +3102,9 @@ * particular, that all the necessary declarations are visible * from within the library - you can ensure that by providing * them in this file next to the macro definition). + * If you define this macro to call `assert`, also define + * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files + * include ``. * * Note that you may define this macro to expand to nothing, in * which case you don't have to worry about declarations or diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index dba6d4598..09d096518 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -43,6 +43,12 @@ extern "C" { #if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) +/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert + * (which is what our config.h suggests). */ +#include +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_PARAM_FAILED) /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. * @@ -50,6 +56,11 @@ extern "C" { * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). */ #define MBEDTLS_PARAM_FAILED_ALT + +#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT) +#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +#define MBEDTLS_PARAM_FAILED_ALT + #else /* MBEDTLS_PARAM_FAILED */ #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( #cond, __FILE__, __LINE__ ) diff --git a/library/version_features.c b/library/version_features.c index 24143d052..a99ee808d 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -87,6 +87,9 @@ static const char *features[] = { #if defined(MBEDTLS_CHECK_PARAMS) "MBEDTLS_CHECK_PARAMS", #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + "MBEDTLS_CHECK_PARAMS_ASSERT", +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ #if defined(MBEDTLS_TIMING_ALT) "MBEDTLS_TIMING_ALT", #endif /* MBEDTLS_TIMING_ALT */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 6e281977e..bfb92720b 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -274,6 +274,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT ); + return( 0 ); + } +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_TIMING_ALT) if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 ) { From 0b87412ac54d16d265020fbb0feb78a4adcbe219 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 14:54:17 +0200 Subject: [PATCH 11/17] Remove mbedtls_param_failed from programs All sample and test programs had a definition of mbedtls_param_failed. This was necessary because we wanted to be able to build them in a configuration with MBEDTLS_CHECK_PARAMS set but without a definition of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of MBEDTLS_PARAM_FAILED in config.h when testing with MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed. --- programs/aes/aescrypt2.c | 11 ----------- programs/aes/crypt_and_hash.c | 11 ----------- programs/hash/generic_sum.c | 11 ----------- programs/hash/hello.c | 11 ----------- programs/pkey/dh_client.c | 11 ----------- programs/pkey/dh_genprime.c | 11 ----------- programs/pkey/dh_server.c | 11 ----------- programs/pkey/ecdh_curve25519.c | 11 ----------- programs/pkey/ecdsa.c | 11 ----------- programs/pkey/gen_key.c | 11 ----------- programs/pkey/key_app.c | 12 ------------ programs/pkey/key_app_writer.c | 11 ----------- programs/pkey/mpi_demo.c | 11 ----------- programs/pkey/pk_decrypt.c | 12 ------------ programs/pkey/pk_encrypt.c | 11 ----------- programs/pkey/pk_sign.c | 11 ----------- programs/pkey/pk_verify.c | 12 ------------ programs/pkey/rsa_decrypt.c | 11 ----------- programs/pkey/rsa_encrypt.c | 11 ----------- programs/pkey/rsa_genkey.c | 11 ----------- programs/pkey/rsa_sign.c | 11 ----------- programs/pkey/rsa_sign_pss.c | 11 ----------- programs/pkey/rsa_verify.c | 11 ----------- programs/pkey/rsa_verify_pss.c | 12 ------------ programs/random/gen_entropy.c | 11 ----------- programs/random/gen_random_ctr_drbg.c | 11 ----------- programs/random/gen_random_havege.c | 11 ----------- programs/ssl/dtls_client.c | 11 ----------- programs/ssl/dtls_server.c | 11 ----------- programs/ssl/mini_client.c | 11 ----------- programs/ssl/ssl_client1.c | 11 ----------- programs/ssl/ssl_client2.c | 11 ----------- programs/ssl/ssl_fork_server.c | 11 ----------- programs/ssl/ssl_mail_client.c | 11 ----------- programs/ssl/ssl_pthread_server.c | 12 ------------ programs/ssl/ssl_server.c | 11 ----------- programs/ssl/ssl_server2.c | 12 ------------ programs/test/benchmark.c | 11 ----------- programs/test/selftest.c | 11 ----------- programs/util/pem2der.c | 11 ----------- programs/x509/cert_app.c | 11 ----------- programs/x509/cert_req.c | 10 ---------- programs/x509/cert_write.c | 11 ----------- programs/x509/crl_app.c | 11 ----------- programs/x509/req_app.c | 11 ----------- 45 files changed, 500 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index bdeac3afc..8242ea7c9 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -80,17 +80,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index f58e6166d..a5acf5b8b 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -82,17 +82,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 4b7fe37be..709a149e0 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) { diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 6046f868c..55a0c7e74 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -48,17 +48,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 1dce31aa7..86b260ca0 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -72,17 +72,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index cca43ca59..bf5482ed0 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -69,17 +69,6 @@ int main( void ) */ #define GENERATOR "4" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char **argv ) { diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index a797e6070..c01177485 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -72,17 +72,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 9267c7ef5..9f849dd29 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -53,17 +53,6 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 4471a201e..b851c3173 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -100,17 +100,6 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 35fc1498f..23e4e145c 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -137,17 +137,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 0bd61e481..793930991 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -64,7 +64,6 @@ " password_file=%%s default: \"\"\n" \ "\n" - #if !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) int main( void ) @@ -75,17 +74,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b81530ceb..60964292b 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -98,17 +98,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 80573c0ed..ecdcd329a 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -50,17 +50,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 978f39ef1..bf425079e 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -48,7 +48,6 @@ #include #endif - #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_CTR_DRBG_C) @@ -61,17 +60,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 806c59aae..a32b14761 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -61,17 +61,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7354082f1..47a098a1a 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 9fcf029b8..a6bfe3f29 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -112,7 +101,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, sizeof(buf), f ); fclose( f ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index dc8a9200d..ff71bd055 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index e9effe806..4a71c15dd 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 81867ee9e..d556c1902 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -64,17 +64,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index f01487202..9bcd7a627 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 51317457b..42209e27c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 5d1c0851e..94f0ef9ce 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -55,17 +55,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 34122ca4f..148cd5110 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -125,7 +114,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f ); fclose( f ); diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 3b350ede2..6ae63b725 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -51,17 +51,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index a50402f19..59df34b66 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -54,17 +54,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index ef888ff61..5ea52aec9 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 90db06ca9..3ea2a680b 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -82,17 +82,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index dd21fbf47..bb3272478 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -91,17 +91,6 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index ff3612885..4b8140e68 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -166,17 +166,6 @@ enum exit_codes ssl_write_failed, }; -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 646909f11..b723243c9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -71,17 +71,6 @@ int main( void ) #define DEBUG_LEVEL 1 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 255d4b2f0..f95ca0c18 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -323,17 +323,6 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b6f1cc4fd..80407e49a 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -87,17 +87,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index c73297c2a..3163e2124 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -142,17 +142,6 @@ int main( void ) " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index b5026959a..0624d3363 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -81,17 +81,6 @@ int main( void ) #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ @@ -463,7 +452,6 @@ int main( void ) mbedtls_printf( " ok\n" ); - /* * 2. Setup the listening TCP socket */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 1852b2bad..3e1d9a4e6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -83,17 +83,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a4c5fab4b..b429b2491 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -429,7 +429,6 @@ int main( void ) " is printed if it is defined\n" \ " acceptable ciphersuite names:\n" - #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 @@ -445,17 +444,6 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e31faafeb..2b8656692 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -258,17 +258,6 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 9d3ea7ec0..727054ee6 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,17 +77,6 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 0cc9d0664..f18493926 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -65,17 +65,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 626c4d101..84d62fe60 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -100,17 +100,6 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index b2052ecf1..f3d915750 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -107,16 +107,6 @@ int main( void ) " SHA384, SHA512\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 497c3376b..c3e89bef5 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -154,17 +154,6 @@ int main( void ) " object_signing_ca\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index a95157067..127320a13 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -61,17 +61,6 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 04ad119f7..3bb4277fd 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -61,17 +61,6 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options From dcab2023686fe6991e5becf0d43d3d15d401ac71 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 16:05:50 +0200 Subject: [PATCH 12/17] Add all.sh component that exercises invalid_param checks With the change to the full config, there were no longer any tests that exercise invalid-parameter behavior. The test suite exercises invalid-parameter behavior by calling TEST_INVALID_PARAM and friends, relying on the test suite's mbedtls_check_param function. This function is only enabled if MBEDTLS_CHECK_PARAMS is defined but not MBEDTLS_CHECK_PARAMS_ASSERT. Add a component to all.sh that enables MBEDTLS_CHECK_PARAMS but disables MBEDTLS_CHECK_PARAMS_ASSERT and doesn't define MBEDTLS_PARAM_FAILED. This way, the xxx_invalid_param() tests do run. Since sample programs don't provide a mbedtls_check_param function, this component doesn't build the sample programs. --- tests/scripts/all.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 965d52071..c9269d5b6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -794,9 +794,21 @@ component_build_default_make_gcc_and_cxx () { make TEST_CPP=1 } +component_test_check_params_functionality () { + msg "build+test: MBEDTLS_CHECK_PARAMS functionality" + scripts/config.pl full # includes CHECK_PARAMS + # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). + scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + # Only build and run tests. Do not build sample programs, because + # they don't have a mbedtls_param_failed() function. + make CC=gcc CFLAGS='-Werror -O1' lib test +} + component_test_check_params_without_platform () { msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" scripts/config.pl full # includes CHECK_PARAMS + # Keep MBEDTLS_PARAM_FAILED as assert. scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT @@ -814,6 +826,7 @@ component_test_check_params_silent () { msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + # Set MBEDTLS_PARAM_FAILED to nothing. sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" make CC=gcc CFLAGS='-Werror -O1' all test } From 88a6e89fb62c6a157856dae408255d039f6e79ec Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 29 May 2019 09:38:29 +0100 Subject: [PATCH 13/17] net_sockets: Fix typo in net_would_block() Fixes #528 --- ChangeLog | 1 + library/net_sockets.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8c1d03c0b..e2561c93e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,7 @@ Bugfix * Fix multiple X.509 functions previously returning ASN.1 low-level error codes to always wrap these codes into X.509 high level error codes before returning. Fixes #2431. + * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. Changes * Return from various debugging routines immediately if the diff --git a/library/net_sockets.c b/library/net_sockets.c index 816b1303d..5d538bfd5 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -284,7 +284,7 @@ static int net_would_block( const mbedtls_net_context *ctx ) int err = errno; /* - * Never return 'WOULD BLOCK' on a non-blocking socket + * Never return 'WOULD BLOCK' on a blocking socket */ if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) { From b196a0a7818cc471f34571672e32a5cc2c6dce63 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 30 May 2019 13:15:33 +0100 Subject: [PATCH 14/17] timing: Remove redundant include file There is no need to include winbase.h, as it will be pulled in by windows.h as needed. Fixes #2640 --- ChangeLog | 1 + library/timing.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e2561c93e..452d087f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,7 @@ Bugfix codes to always wrap these codes into X.509 high level error codes before returning. Fixes #2431. * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. + * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. Changes * Return from various debugging routines immediately if the diff --git a/library/timing.c b/library/timing.c index 413d133fb..009516a6e 100644 --- a/library/timing.c +++ b/library/timing.c @@ -51,7 +51,6 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include -#include #include struct _hr_time From 73a36ff512079cdc32483067cba95bfa505540b1 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 3 Jun 2019 08:13:10 +0100 Subject: [PATCH 15/17] windows: Fix Release x64 configuration Inherit PlatformToolset from the project configuration. This allow the project to configure PlatformToolset, and aligns the Release x64 build with other build types. Fixes #1430 --- ChangeLog | 3 +++ scripts/data_files/vs2010-app-template.vcxproj | 1 - visualc/VS2010/aescrypt2.vcxproj | 1 - visualc/VS2010/benchmark.vcxproj | 1 - visualc/VS2010/cert_app.vcxproj | 1 - visualc/VS2010/cert_req.vcxproj | 1 - visualc/VS2010/cert_write.vcxproj | 1 - visualc/VS2010/crl_app.vcxproj | 1 - visualc/VS2010/crypt_and_hash.vcxproj | 1 - visualc/VS2010/dh_client.vcxproj | 1 - visualc/VS2010/dh_genprime.vcxproj | 1 - visualc/VS2010/dh_server.vcxproj | 1 - visualc/VS2010/dtls_client.vcxproj | 1 - visualc/VS2010/dtls_server.vcxproj | 1 - visualc/VS2010/ecdh_curve25519.vcxproj | 1 - visualc/VS2010/ecdsa.vcxproj | 1 - visualc/VS2010/gen_entropy.vcxproj | 1 - visualc/VS2010/gen_key.vcxproj | 1 - visualc/VS2010/gen_random_ctr_drbg.vcxproj | 1 - visualc/VS2010/gen_random_havege.vcxproj | 1 - visualc/VS2010/generic_sum.vcxproj | 1 - visualc/VS2010/hello.vcxproj | 1 - visualc/VS2010/key_app.vcxproj | 1 - visualc/VS2010/key_app_writer.vcxproj | 1 - visualc/VS2010/mini_client.vcxproj | 1 - visualc/VS2010/mpi_demo.vcxproj | 1 - visualc/VS2010/pem2der.vcxproj | 1 - visualc/VS2010/pk_decrypt.vcxproj | 1 - visualc/VS2010/pk_encrypt.vcxproj | 1 - visualc/VS2010/pk_sign.vcxproj | 1 - visualc/VS2010/pk_verify.vcxproj | 1 - visualc/VS2010/query_compile_time_config.vcxproj | 1 - visualc/VS2010/req_app.vcxproj | 1 - visualc/VS2010/rsa_decrypt.vcxproj | 1 - visualc/VS2010/rsa_encrypt.vcxproj | 1 - visualc/VS2010/rsa_genkey.vcxproj | 1 - visualc/VS2010/rsa_sign.vcxproj | 1 - visualc/VS2010/rsa_sign_pss.vcxproj | 1 - visualc/VS2010/rsa_verify.vcxproj | 1 - visualc/VS2010/rsa_verify_pss.vcxproj | 1 - visualc/VS2010/selftest.vcxproj | 1 - visualc/VS2010/ssl_client1.vcxproj | 1 - visualc/VS2010/ssl_client2.vcxproj | 1 - visualc/VS2010/ssl_fork_server.vcxproj | 1 - visualc/VS2010/ssl_mail_client.vcxproj | 1 - visualc/VS2010/ssl_server.vcxproj | 1 - visualc/VS2010/ssl_server2.vcxproj | 1 - visualc/VS2010/strerror.vcxproj | 1 - visualc/VS2010/udp_proxy.vcxproj | 1 - visualc/VS2010/zeroize.vcxproj | 1 - 50 files changed, 3 insertions(+), 49 deletions(-) diff --git a/ChangeLog b/ChangeLog index 452d087f7..556a9b39d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ Bugfix returning. Fixes #2431. * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. + * Fix Visual Studio Release x64 build configuration by inheriting + PlatformToolset from the project configuration. Fixes #1430 reported by + irwir. Changes * Return from various debugging routines immediately if the diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index fac9812e6..1db7ee42a 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -53,7 +53,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index db387f979..63a124aee 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 934c84438..ffbd1ad4d 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index fef0efe6d..6f1c46eeb 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index 7d8694bfe..1e7edd025 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 8891d8aef..bed8728e4 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index c51caef54..9fbd408a9 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index 99199d965..fb7ef77d1 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index b2fae8093..a0990e1d5 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index d9c19009a..fdd6c6fdf 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 6f87cb8b0..d1a73453b 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 60715fe29..72b2d4b9e 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index 8789d7fea..b975369f3 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 1120111f1..748b6d121 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 3718c9f27..03418d082 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 4c57655b2..89b41c081 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index a07e1aacc..c8ea11f42 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 11740c448..64200afbe 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 01253ceef..70c8138a0 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 0f2ecb43c..21bd90f62 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index c986b07be..b5f6eb005 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index f96a0b052..0fc246a8f 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 0e4af3a58..e4ef62b04 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index b5567bdfe..3756404dd 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index d68bc75b3..d770d35af 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 507c79a4d..2f1248c5d 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 5ccaf4f1e..168adf34b 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index d5ef208d8..bb09f06aa 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index d21f17a41..98941f4be 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 637ddd6f5..6d3006e61 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index 83a29f067..e14764722 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -55,7 +55,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 3ffcea594..992efcfb4 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 9e1d0a20e..ffba32a6a 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index c3b03716c..9f5f32784 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index e6b506000..824e3043c 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index c1147c3c2..dda4756cd 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index adfee6d9c..31da8cade 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index bb44b4f9d..b78dfc338 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 7781aa51a..220ad2d42 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 12ff76d70..1f5e10918 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 4ac158224..c36a8ed11 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index a960facf0..aa9a0c3af 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -55,7 +55,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 922a9953e..84c917d83 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index a9b01d0d5..a89e3322d 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index ae28e1839..7fb841e55 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index 06a91cb49..b74bd6543 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -55,7 +55,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index d7ec570d6..c3ec8fa74 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 30ae55e99..e75dd9a29 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index 9d311c721..dff71d30e 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -54,7 +54,6 @@ false true Unicode - Windows7.1SDK From 16529b21fabeadf0aaae621b6ac2e054ef6a13de Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 3 Jun 2019 08:27:16 +0100 Subject: [PATCH 16/17] ssl_tls: Enable Suite B with subset of ECP curves Make sure the code compiles even if some curves are not defined. Fixes #1591 --- ChangeLog | 2 ++ library/ssl_tls.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 556a9b39d..9b5456ec6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,8 @@ Bugfix * Fix Visual Studio Release x64 build configuration by inheriting PlatformToolset from the project configuration. Fixes #1430 reported by irwir. + * Enable Suite B with subset of ECP curves. Make sure the code compiles even + if some curves are not defined. Fixes #1591 reported by dbedev. Changes * Return from various debugging routines immediately if the diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38690fa66..424b0714c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9043,8 +9043,12 @@ static int ssl_preset_suiteb_hashes[] = { #if defined(MBEDTLS_ECP_C) static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_ECP_DP_SECP256R1, +#endif +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_ECP_DP_SECP384R1, +#endif MBEDTLS_ECP_DP_NONE }; #endif From 0c42e908e5eb0eb07568220835f99ff5a2e170c2 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 3 Jun 2019 09:14:14 +0100 Subject: [PATCH 17/17] programs: Make `make clean` clean all programs always If `make TEST_CPP:=1` is run, and then `make clean` (as opposed to `make TEST_CPP:=1 clean`), the cpp_dummy_build will be left behind after the clean. Make `make clean more convenient to use by removing programs that could be generated from any configuration, not just the active one. Fixes #1862 --- ChangeLog | 1 + programs/Makefile | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9b5456ec6..9016091e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,7 @@ Changes * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to improve clarity. Fixes #2258. * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. + * Make `make clean` clean all programs always. Fixes #1862. = mbed TLS 2.16.1 branch released 2019-03-19 diff --git a/programs/Makefile b/programs/Makefile index 28c747b76..d09949bbf 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -296,6 +296,8 @@ x509/req_app$(EXEXT): x509/req_app.c $(DEP) clean: ifndef WINDOWS rm -f $(APPS) + -rm -f ssl/ssl_pthread_server$(EXEXT) + -rm -f test/cpp_dummy_build$(EXEXT) else del /S /Q /F *.o *.exe endif