yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-04 22:19:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge mbedtls 2.16.6 into baremetal

Browse source 
Conflicts:
mbedtls.doxyfile - PROJECT_NAME - mbed TLS v2.16.6 chosen.
doc_mainpage.h - mbed TLS v2.16.6 version chosen.
hmac_drbg.h - line 260, extended description chosen.
            - line 313, extended description chosen.
            - line 338, extended description chosen.
version.h - 2.16.6 chosen.
CMakeLists.txt - 2.16.6 chosen.
test_suite_version.data - 2.16.6 chosen.
Makefile - 141 - manual correction - baremetal version of C_SOURCE_FILES
                 with variables for directories plus 2.16.6 CTAGS addition.
pkparse.c - lines 846 onwards - the asn1_get_nonzero_mpi implementation chosen.
ssl_tls.c - line 5269 - edited manually, left the ret=0, because baremetal has
            a different behaviour since commit 87b5626, but added a debug
            message that's new in 2.16.6.    
all.sh:
- component_build_deprecated - chosen the refactored version from 2.16.6,
                               but with extra flags from baremetal.
- rest of the _no_xxx tests - merged make options to have PTHREAD=1 and
                              other changes from 2.16.6 (like -O1 instead of -O0).
- component_build_arm_none_eabi_gcc_no_64bit_multiplication - added 
                              TINYCRYPT_BUILD=0 to the 2.16.6 version of make.

x509/req_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/crl_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/cert_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_mail_client.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_pthread_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_fork_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client1.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client2.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
              - line 132 - new options of both branches added.
              - skip close notify handled as in 2.16.6, but with `ssl` instead of `&ssl`.
              - Merged the 2.16.6 usage split with additional baremetal usages.
              - Merged options from baremetal and 2.16.6.
ssl_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_server2.c - Merged the 2.16.6 usage split with additional baremetal usages.
config.pl - fixed missing defines from the documentation, removed duplicates,
            and reorganised so that the documentation and excluded list
            are ordered in the same way.
test_suite_x509parse.data - only added the two new pathlen tests.
x509_crt.c - change the return code by removing
             MBEDTLS_ERR_X509_INVALID_EXTENSIONS, since it's added by
             x509_crt_frame_parse_ext not by an "or", but by "+=".
Changelog - Assigned all entries to appropriate sections.
ssl-opt.sh - line 8263 - merged options.
           - removed lines 1165 - 1176 - there was a duplicate test, probably
             an artifact of previous merges.
check-files.py - sticked to old formatting.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-05-18 11:47:25 -04:00
parent 2d21e3e47b
commit 825ebd483f
No known key found for this signature in database
GPG key ID: 89A90840DC388527
150 changed files with 2677 additions and 1473 deletions
Download patch file Download diff file Expand all files Collapse all files

17
programs/test/benchmark.c
View file

@ -43,7 +43,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
return( 0 );
mbedtls_exit( 0 );
}
#else
@ -155,6 +155,16 @@ do { \
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
/* How much space to reserve for the title when printing heap usage results.
* Updated manually as the output of the following command:
*
* sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
* awk '{print length+2}' | sort -rn | head -n1
*
* This computes the maximum length of a title +2 (because we appends "/s").
* (If the value is too small, the only consequence is poor alignement.) */
#define TITLE_SPACE 11
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
@ -163,7 +173,8 @@ do { \
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
while( ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
@ -1018,7 +1029,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); getchar();
#endif
return( 0 );
mbedtls_exit( 0 );
}
#endif /* MBEDTLS_TIMING_C */

4
programs/test/selftest.c
View file

@ -513,7 +513,5 @@ int main( int argc, char *argv[] )
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
/* return() is here to prevent compiler warnings */
return( MBEDTLS_EXIT_SUCCESS );
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}

60
programs/test/udp_proxy.c
View file

@ -42,6 +42,7 @@
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@ -50,7 +51,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
return( 0 );
mbedtls_exit( 0 );
}
#else
@ -146,6 +147,7 @@ int mbedtls_hardware_poll( void *data, unsigned char *output,
" modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
" inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
"\n" \
" seed=%%d default: (use current time)\n" \
USAGE_PACK \
@ -179,6 +181,7 @@ static struct options
unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
int inject_clihlo; /* inject fake ClientHello after handshake */
unsigned pack; /* merge packets into single datagram for
* at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */
@ -327,6 +330,12 @@ static void get_options( int argc, char *argv[] )
if( opt.protect_len < 0 )
exit_usage( p, q );
}
else if( strcmp( p, "inject_clihlo" ) == 0 )
{
opt.inject_clihlo = atoi( q );
if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
exit_usage( p, q );
}
else if( strcmp( p, "seed" ) == 0 )
{
opt.seed = atoi( q );
@ -536,11 +545,41 @@ void print_packet( const packet *p, const char *why )
fflush( stdout );
}
/*
* In order to test the server's behaviour when receiving a ClientHello after
* the connection is established (this could be a hard reset from the client,
* but the server must not drop the existing connection before establishing
* client reachability, see RFC 6347 Section 4.2.8), we memorize the first
* ClientHello we see (which can't have a cookie), then replay it after the
* first ApplicationData record - then we're done.
*
* This is controlled by the inject_clihlo option.
*
* We want an explicit state and a place to store the packet.
*/
typedef enum {
ICH_INIT, /* haven't seen the first ClientHello yet */
ICH_CACHED, /* cached the initial ClientHello */
ICH_INJECTED, /* ClientHello already injected, done */
} inject_clihlo_state_t;
static inject_clihlo_state_t inject_clihlo_state;
static packet initial_clihlo;
int send_packet( const packet *p, const char *why )
{
int ret;
mbedtls_net_context *dst = p->dst;
/* save initial ClientHello? */
if( opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_INIT &&
strcmp( p->type, "ClientHello" ) == 0 )
{
memcpy( &initial_clihlo, p, sizeof( packet ) );
inject_clihlo_state = ICH_CACHED;
}
/* insert corrupted CID record? */
if( opt.bad_cid != 0 &&
strcmp( p->type, "CID" ) == 0 &&
@ -605,6 +644,23 @@ int send_packet( const packet *p, const char *why )
}
}
/* Inject ClientHello after first ApplicationData */
if( opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_CACHED &&
strcmp( p->type, "ApplicationData" ) == 0 )
{
print_packet( &initial_clihlo, "injected" );
if( ( ret = dispatch_data( dst, initial_clihlo.buf,
initial_clihlo.len ) ) <= 0 )
{
mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
inject_clihlo_state = ICH_INJECTED;
}
return( 0 );
}
@ -977,7 +1033,7 @@ exit:
fflush( stdout ); getchar();
#endif
return( exit_code );
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_NET_C */

8
programs/test/zeroize.c
View file

@ -40,8 +40,10 @@
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@ -72,14 +74,14 @@ int main( int argc, char** argv )
{
mbedtls_printf( "This program takes exactly 1 agument\n" );
usage();
return( exit_code );
mbedtls_exit( exit_code );
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
return( exit_code );
mbedtls_exit( exit_code );
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
@ -97,7 +99,7 @@ int main( int argc, char** argv )
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( exit_code );
mbedtls_exit( exit_code );
}
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)