diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 82c4e03adb5f..fefc6a2ce4df 100644 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -28,12 +28,7 @@ #include "everest/x25519.h" #include "everest/everest.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt new file mode 100644 index 000000000000..bac4910264ba --- /dev/null +++ b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix bugs and missing dependencies when + building and testing configurations with + only one encryption type enabled in TLS 1.2. diff --git a/ChangeLog.d/platform-setbuf.txt b/ChangeLog.d/platform-setbuf.txt new file mode 100644 index 000000000000..844f70cf2ad1 --- /dev/null +++ b/ChangeLog.d/platform-setbuf.txt @@ -0,0 +1,3 @@ +Bugfix + * Provide the missing definition of mbedtls_setbuf() in some configurations + with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 10387061ab27..6b330a75ba56 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -523,6 +523,20 @@ #error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" #endif +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C) +#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C) +#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\ + defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) ) +#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\ !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" @@ -874,6 +888,11 @@ #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TICKET_C) && \ + !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \ MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256 #error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256" @@ -962,7 +981,9 @@ #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" #endif - +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" +#endif /* Reject attempts to enable options that have been removed and that could * cause a build to succeed but with features removed. */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index aab67beb5bd8..10ae3880837b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1387,6 +1387,8 @@ * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * + * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * * Comment to disable the context serialization APIs. */ #define MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -3092,7 +3094,8 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO + * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && + * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ #define MBEDTLS_SSL_TICKET_C diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a5a43ac6d2bf..62e12d267c9e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -11,6 +11,13 @@ * implementations of these functions, or implementations specific to * their platform, which can be statically linked to the library or * dynamically configured at runtime. + * + * When all compilation options related to platform abstraction are + * disabled, this header just defines `mbedtls_xxx` function names + * as aliases to the standard `xxx` function. + * + * Most modules in the library and example programs are expected to + * include this header. */ /* * Copyright The Mbed TLS Contributors diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f84c1e73eacb..f9a289322940 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1264,6 +1264,10 @@ struct mbedtls_ssl_session uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) + char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ + #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */ #endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */ diff --git a/library/aes.c b/library/aes.c index 03eccef21bdd..289890dbe12d 100644 --- a/library/aes.c +++ b/library/aes.c @@ -40,14 +40,7 @@ #include "aesni.h" #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_AES_ALT) diff --git a/library/aria.c b/library/aria.c index bc05c4a31962..f78d289a45f6 100644 --- a/library/aria.c +++ b/library/aria.c @@ -31,14 +31,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_ARIA_ALT) diff --git a/library/asn1parse.c b/library/asn1parse.c index 83c7c58a12f4..d874fff4693c 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -31,13 +31,7 @@ #include "mbedtls/bignum.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* * ASN.1 DER decoding routines diff --git a/library/asn1write.c b/library/asn1write.c index 053dbb669fbc..f1adcb55f55b 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -26,13 +26,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_t len ) { diff --git a/library/base64.c b/library/base64.c index 83daa0bcc67f..9021a041bb11 100644 --- a/library/base64.c +++ b/library/base64.c @@ -28,12 +28,7 @@ #if defined(MBEDTLS_SELF_TEST) #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ diff --git a/library/bignum.c b/library/bignum.c index 19d59be6b000..1c7f9197f0b4 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -47,15 +47,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #define MPI_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) diff --git a/library/bignum_core.c b/library/bignum_core.c index c47292eec22c..d0728e7abb7d 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -26,15 +26,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "bignum_core.h" #include "bn_mul.h" diff --git a/library/bignum_mod.c b/library/bignum_mod.c index de2809372c8a..f2c11a582a89 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -27,15 +27,7 @@ #include "mbedtls/error.h" #include "mbedtls/bignum.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "bignum_core.h" #include "bignum_mod.h" diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 8c89b2cdf7d3..e1c96d612b83 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -26,15 +26,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "bignum_core.h" #include "bignum_mod_raw.h" diff --git a/library/camellia.c b/library/camellia.c index c29e6c110116..5dd6c56157b5 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CAMELLIA_ALT) diff --git a/library/chacha20.c b/library/chacha20.c index f6d6e252230b..e53eb82f544b 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -32,14 +32,7 @@ #include #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CHACHA20_ALT) diff --git a/library/chachapoly.c b/library/chachapoly.c index 1f75528c00e1..e283853a4092 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -28,14 +28,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_CHACHAPOLY_ALT) diff --git a/library/cipher.c b/library/cipher.c index 752d1fea2c86..dfb732993842 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -63,12 +63,7 @@ #include "mbedtls/nist_kw.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif static int supported_init = 0; diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 7da7d9d5229f..8e395b301440 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -68,13 +68,7 @@ #include #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_GCM_C) /* shared by all GCM ciphers */ diff --git a/library/constant_time.c b/library/constant_time.c index 8980701e575d..01a6976d884f 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -81,7 +81,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ) #endif } -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t mbedtls_ct_size_mask( size_t value ) { @@ -97,7 +97,7 @@ size_t mbedtls_ct_size_mask( size_t value ) #endif } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) @@ -404,7 +404,7 @@ static void mbedtls_ct_mem_move_to_left( void *start, #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) void mbedtls_ct_memcpy_if_eq( unsigned char *dest, const unsigned char *src, @@ -654,7 +654,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index fc24ae59a5da..340a5882d8c6 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -213,7 +213,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c ); #endif /* MBEDTLS_BASE64_C */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /** Conditional memcpy without branches. * @@ -321,7 +321,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, unsigned char *output ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 8919c78a10bb..71c48afd2850 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -36,14 +36,7 @@ #include #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ /* * CTR_DRBG context initialization diff --git a/library/debug.c b/library/debug.c index fa60d13f3028..bdbf6dd11ea5 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,16 +21,7 @@ #if defined(MBEDTLS_DEBUG_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_time_t time_t -#define mbedtls_snprintf snprintf -#define mbedtls_vsnprintf vsnprintf -#endif #include "mbedtls/debug.h" #include "mbedtls/error.h" diff --git a/library/des.c b/library/des.c index 91d22b5d906f..65f5681cf1c2 100644 --- a/library/des.c +++ b/library/des.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_DES_ALT) diff --git a/library/dhm.c b/library/dhm.c index 1ba533907419..6ee54024286b 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -43,15 +43,7 @@ #include "mbedtls/asn1.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if !defined(MBEDTLS_DHM_ALT) diff --git a/library/ecdsa.c b/library/ecdsa.c index dcdf83c7a558..c58e33155fc8 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -36,13 +36,7 @@ #include "mbedtls/hmac_drbg.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/platform_util.h" #include "mbedtls/error.h" diff --git a/library/ecjpake.c b/library/ecjpake.c index 020eee59c337..289255a13e03 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -857,12 +857,7 @@ int mbedtls_ecjpake_write_shared_key( mbedtls_ecjpake_context *ctx, #if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ !defined(MBEDTLS_SHA256_C) diff --git a/library/ecp.c b/library/ecp.c index 009be61fc5ca..ee6c24a466c9 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -84,15 +84,7 @@ #if !defined(MBEDTLS_ECP_ALT) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "ecp_internal_alt.h" diff --git a/library/entropy.c b/library/entropy.c index 08c5bd7d16de..1e0d9d3281bf 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -32,18 +32,9 @@ #include #endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) #include "mbedtls/platform.h" -#endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 2ae57fdc09a5..2df9bbec9d24 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -35,9 +35,7 @@ #if defined(MBEDTLS_TIMING_C) #include "mbedtls/timing.h" #endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) || !defined(HAVE_SYSCTL_ARND) #include "mbedtls/platform.h" -#endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) diff --git a/library/gcm.c b/library/gcm.c index ac329e3b6ce0..f004a73c75bf 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -32,6 +32,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -41,15 +42,6 @@ #include "aesni.h" #endif -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ - #if !defined(MBEDTLS_GCM_ALT) /* diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 8b13a860f7e5..6bc679dd2573 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -37,14 +37,7 @@ #include #endif -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_SELF_TEST */ -#endif /* MBEDTLS_PLATFORM_C */ /* * HMAC_DRBG context initialization diff --git a/library/md.c b/library/md.c index a387da50a97e..8efcf105b4d1 100644 --- a/library/md.c +++ b/library/md.c @@ -36,13 +36,7 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include diff --git a/library/md5.c b/library/md5.c index a9bbcb488b88..f7a225c1d3cb 100644 --- a/library/md5.c +++ b/library/md5.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_MD5_ALT) diff --git a/library/mps_trace.h b/library/mps_trace.h index 96169078c8f0..d06502f9d158 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -31,13 +31,7 @@ #include "mps_common.h" #include "mps_trace.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#define mbedtls_vsnprintf vsnprintf -#endif /* MBEDTLS_PLATFORM_C */ /* * Adapt this to enable/disable tracing output diff --git a/library/net_sockets.c b/library/net_sockets.c index d1700f3bbff7..637b9f8d8e09 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -37,11 +37,7 @@ #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#endif #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" diff --git a/library/nist_kw.c b/library/nist_kw.c index 1aea0b634575..495c23d06a2e 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -39,14 +39,7 @@ #include #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #if !defined(MBEDTLS_NIST_KW_ALT) diff --git a/library/oid.c b/library/oid.c index dcd181518c74..aa5f69c66fda 100644 --- a/library/oid.c +++ b/library/oid.c @@ -32,11 +32,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif /* * Macro to automatically add the size of #define'd OIDs diff --git a/library/pem.c b/library/pem.c index e4101e8f34ac..e8abba13c83d 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,13 +33,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2d4f4f2218e7..5de8fa65f718 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -55,13 +55,7 @@ #include "hash_info.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include diff --git a/library/pkcs5.c b/library/pkcs5.c index 847496d1840d..ac5945a11435 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -42,12 +42,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif #include "hash_info.h" #include "mbedtls/psa_util.h" diff --git a/library/pkparse.c b/library/pkparse.c index 2a9a55862712..b9826378d4a9 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -48,13 +48,7 @@ #include "mbedtls/pkcs12.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_FS_IO) /* diff --git a/library/pkwrite.c b/library/pkwrite.c index 4d87b07efe02..f699a2726b47 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -51,13 +51,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if defined(MBEDTLS_RSA_C) /* diff --git a/library/poly1305.c b/library/poly1305.c index f0d4cb63f823..0850f66a34d2 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -28,14 +28,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_POLY1305_ALT) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 38b49cb0a1bc..7e2b686d8364 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -52,10 +52,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/aes.h" #include "mbedtls/asn1.h" @@ -3592,6 +3588,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, break; #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ default: + (void) nonce_length; return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 714d950a1494..76d95bcc6985 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -27,10 +27,6 @@ #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ccm.h" #include "mbedtls/chachapoly.h" diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index 629feb7dfaf3..ab79086346ca 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -25,10 +25,6 @@ #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif void psa_reset_key_attributes( psa_key_attributes_t *attributes ) { diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 59c3a0e9af27..29f53b96e699 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -31,10 +31,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 7d4718daf42d..f1b9809d8bc1 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -32,10 +32,6 @@ #include #include #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include #include diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 56678d6a90e5..87d2634e7382 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -38,10 +38,6 @@ #endif #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a18350ee117f..9dceaac6d459 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -34,12 +34,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index db7786d6c781..3186a36855d4 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -36,13 +36,7 @@ #include "psa/internal_trusted_storage.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif diff --git a/library/psa_its_file.c b/library/psa_its_file.c index b7c2e6b04063..a35ac2494df7 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -22,11 +22,7 @@ #if defined(MBEDTLS_PSA_ITS_FILE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif #if defined(_WIN32) #include diff --git a/library/ripemd160.c b/library/ripemd160.c index 41d838722627..6212cb2572df 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -33,14 +33,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_RIPEMD160_ALT) diff --git a/library/rsa.c b/library/rsa.c index 4df240abf3ee..ae9e68b91ac8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -63,14 +63,7 @@ #endif /* MBEDTLS_MD_C */ #endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #if !defined(MBEDTLS_RSA_ALT) diff --git a/library/sha1.c b/library/sha1.c index 56532b12483b..5ae818a646a2 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -32,14 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if !defined(MBEDTLS_SHA1_ALT) diff --git a/library/sha256.c b/library/sha256.c index 4819ba3ad1e5..0e9c1a1262a0 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -32,17 +32,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if defined(__aarch64__) # if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ diff --git a/library/sha512.c b/library/sha512.c index f96580db5262..aa6f06aa224c 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -38,17 +38,7 @@ #include -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ #if defined(__aarch64__) # if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 6505e11402d5..8405d2798f2f 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -25,13 +25,7 @@ #if defined(MBEDTLS_SSL_CACHE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl_cache.h" #include "ssl_misc.h" diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 808aa9e9ebfe..a83527f87aac 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -23,11 +23,7 @@ #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#endif #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" diff --git a/library/ssl_client.c b/library/ssl_client.c index d60d896aebe0..41b0007bbd58 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -24,13 +24,7 @@ #if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include @@ -762,6 +756,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len ); return( ret ); } + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) { @@ -919,6 +914,37 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) } } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ssl->handshake->resume ) + { + int hostname_mismatch = ssl->hostname != NULL || + session_negotiate->hostname != NULL; + if( ssl->hostname != NULL && session_negotiate->hostname != NULL ) + { + hostname_mismatch = strcmp( + ssl->hostname, session_negotiate->hostname ) != 0; + } + + if( hostname_mismatch ) + { + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "Hostname mismatch the session ticket, " + "disable session resumption." ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + } + else + { + return mbedtls_ssl_session_set_hostname( session_negotiate, + ssl->hostname ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_SERVER_NAME_INDICATION */ + return( 0 ); } /* diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index b6a8add2ac48..190c0f0667b7 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -25,12 +25,7 @@ #if defined(MBEDTLS_SSL_COOKIE_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl_cookie.h" #include "ssl_misc.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 484a1341d4d8..004275fdd038 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2753,4 +2753,13 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( unsigned char *buf, unsigned char *end ); #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ + defined(MBEDTLS_SSL_CLI_C) +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session, + const char *hostname ); +#endif + #endif /* ssl_misc.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c7a3e59e906e..d1335f1b6b5b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -26,13 +26,7 @@ #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "mbedtls/debug.h" @@ -1288,7 +1282,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec ) { +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD) size_t olen; +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_CIPHER_MODE_AEAD */ mbedtls_ssl_mode_t ssl_mode; int ret; diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 359686afa3a5..e39563bc4f70 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_TICKET_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "ssl_misc.h" #include "mbedtls/ssl_ticket.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0256a3b17d43..e0673691028d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -27,15 +27,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_printf printf -#endif /* !MBEDTLS_PLATFORM_C */ #include "mbedtls/ssl.h" #include "ssl_client.h" @@ -247,10 +239,13 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, { mbedtls_ssl_session_free( dst ); memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); - #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) dst->ticket = NULL; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + dst->hostname = NULL; #endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -299,6 +294,18 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, memcpy( dst->ticket, src->ticket, src->ticket_len ); } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + if( src->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ret = mbedtls_ssl_session_set_hostname( dst, src->hostname ); + if( ret != 0 ) + return ( ret ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ return( 0 ); @@ -2172,6 +2179,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( /* Serialization of TLS 1.3 sessions: * * struct { + * opaque hostname<0..2^16-1>; * uint64 ticket_received; * uint32 ticket_lifetime; * opaque ticket<1..2^16-1>; @@ -2198,6 +2206,11 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session, size_t *olen ) { unsigned char *p = buf; +#if defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + size_t hostname_len = ( session->hostname == NULL ) ? + 0 : strlen( session->hostname ) + 1; +#endif size_t needed = 1 /* endpoint */ + 2 /* ciphersuite */ + 4 /* ticket_age_add */ @@ -2216,6 +2229,11 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if( session->endpoint == MBEDTLS_SSL_IS_CLIENT ) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + needed += 2 /* hostname_len */ + + hostname_len; /* hostname */ +#endif + needed += 4 /* ticket_lifetime */ + 2; /* ticket_len */ @@ -2253,6 +2271,17 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if( session->endpoint == MBEDTLS_SSL_IS_CLIENT ) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 ); + p += 2; + if( hostname_len > 0 ) + { + /* save host name */ + memcpy( p, session->hostname, hostname_len ); + p += hostname_len; + } +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + #if defined(MBEDTLS_HAVE_TIME) MBEDTLS_PUT_UINT64_BE( (uint64_t) session->ticket_received, p, 0 ); p += 8; @@ -2313,6 +2342,28 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if( session->endpoint == MBEDTLS_SSL_IS_CLIENT ) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) + size_t hostname_len; + /* load host name */ + if( end - p < 2 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + hostname_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + if( end - p < ( long int )hostname_len ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( hostname_len > 0 ) + { + session->hostname = mbedtls_calloc( 1, hostname_len ); + if( session->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + memcpy( session->hostname, p, hostname_len ); + p += hostname_len; + } +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && + MBEDTLS_SSL_SESSION_TICKETS */ + #if defined(MBEDTLS_HAVE_TIME) if( end - p < 8 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -4006,6 +4057,10 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + mbedtls_free( session->hostname ); +#endif mbedtls_free( session->ticket ); #endif @@ -9174,4 +9229,54 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ + defined(MBEDTLS_SSL_CLI_C) +int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session, + const char *hostname ) +{ + /* Initialize to suppress unnecessary compiler warning */ + size_t hostname_len = 0; + + /* Check if new hostname is valid before + * making any change to current one */ + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); + + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + if( session->hostname != NULL ) + { + mbedtls_platform_zeroize( session->hostname, + strlen( session->hostname ) ); + mbedtls_free( session->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ + if( hostname == NULL ) + { + session->hostname = NULL; + } + else + { + session->hostname = mbedtls_calloc( 1, hostname_len + 1 ); + if( session->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + memcpy( session->hostname, hostname, hostname_len ); + } + + return( 0 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_SERVER_NAME_INDICATION && + MBEDTLS_SSL_CLI_C */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 79141aa232c2..f1fb620ddb35 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "ssl_client.h" diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6666daa7da20..98f765af7b0f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -21,13 +21,7 @@ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif #include "mbedtls/ssl.h" #include "ssl_misc.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f668193e480c..c404a5390636 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3743,7 +3743,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, * MAY treat a ticket as valid for a shorter period of time than what * is stated in the ticket_lifetime. */ - ticket_lifetime %= 604800; + if( ticket_lifetime > 604800 ) + ticket_lifetime = 604800; MBEDTLS_PUT_UINT32_BE( ticket_lifetime, p, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_lifetime: %u", ( unsigned int )ticket_lifetime ) ); diff --git a/library/x509.c b/library/x509.c index f1d988aa7551..ca2e907ef3b4 100644 --- a/library/x509.c +++ b/library/x509.c @@ -43,16 +43,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index 0cd996dabb66..2a3fac79000f 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -42,15 +42,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) diff --git a/library/x509_crt.c b/library/x509_crt.c index af1e487dbf74..c4f97bbe2bfa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -50,15 +50,7 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "hash_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_THREADING_C) #include "mbedtls/threading.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 25069b2a4c51..dee0ea62d722 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -42,15 +42,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) #include diff --git a/library/x509write_csr.c b/library/x509write_csr.c index c4dd1b7c8110..976f6e6df5eb 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -45,13 +45,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 136e25ba4154..476c20e2262f 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -25,17 +25,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \ defined(MBEDTLS_FS_IO) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3d11d474cdce..95f43b8ffa6e 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_ssl_config conf; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_context ticket_ctx; #endif unsigned char buf[4096]; @@ -89,7 +89,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_init( &ticket_ctx ); #endif @@ -114,7 +114,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ); } #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if( options & 0x4 ) { if( mbedtls_ssl_ticket_setup( &ticket_ctx, @@ -173,7 +173,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } exit: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free( &ticket_ctx ); #endif mbedtls_entropy_free( &entropy ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index f38a9769d29e..6f49e79beae4 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) #include "mbedtls/md.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index cb8de8b71e6f..3ef06526364d 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 45de57b46ffd..3619cb21657a 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_time_t time_t -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 9ada4eae1235..2e696e574aad 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_time_t time_t -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 29563088ff5a..e6f53ed62344 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_time_t time_t -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 281a26b0d79b..5dd6bddb40bc 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_ECDH_C) || \ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c1c50702bb0a..1035bb27331f 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_ECDSA_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 8779519b61c7..9e5329fb81c1 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index bd16b24b9471..02a19e95a43a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && \ defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index df1e50248877..589bee9aed7e 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ defined(MBEDTLS_FS_IO) && \ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index eed8dfcfc6f5..4c34b99e7b5c 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) #include "mbedtls/bignum.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index b09b6b889553..0d8388f2b8e1 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 3df11f7fdeb9..5d45738dd3fe 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7b5d8e1716e1..301edb875a60 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_snprintf snprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index e82653b514e9..6b9645221fd1 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_snprintf snprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index c01a5cf6333f..783f3ca54929 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 25a42d323d8e..777b22e791a2 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 67711bd660e2..7acda8139426 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 1df9b13b1912..f4deab029f00 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -19,18 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 8078ab6246b2..0cbde022485b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_snprintf snprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index a8b1abb84864..a3fa6d7d152c 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 3a207785c4a1..7dcccda9fac8 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_snprintf snprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 4deb92435d00..f0ffea2ce584 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) #include "mbedtls/entropy.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 0a9e2dd3bf26..2a3dd54e83d3 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_FS_IO) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e06d535eecb5..23a34e04981e 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_fprintf fprintf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index d2a6493cc4af..70d4af0aa0a9 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -19,18 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_fprintf fprintf -#define mbedtls_time_t time_t -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* Uncomment out the following line to default to IPv4 and disable IPv6 */ //#define FORCE_IPV4 diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 8f2fed82afbc..efcf650165f8 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -20,16 +20,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* * We're creating and connecting the socket "manually" rather than using the diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a80ff713c0c8..5025698a8502 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -19,19 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 0375e53fea93..52b5e6767ef6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -422,6 +422,7 @@ int main( void ) " exchanges=%%d default: 1\n" \ " reconnect=%%d number of reconnections using session resumption\n" \ " default: 0 (disabled)\n" \ + " reco_server_name=%%s default: localhost\n" \ " reco_delay=%%d default: 0 seconds\n" \ " reco_mode=%%d 0: copy session, 1: serialize session\n" \ " default: 1\n" \ @@ -518,6 +519,7 @@ struct options int recsplit; /* enable record splitting? */ int dhmlen; /* minimum DHM params len in bits */ int reconnect; /* attempt to resume session */ + const char *reco_server_name; /* hostname of the server (re-connect) */ int reco_delay; /* delay in seconds before resuming session */ int reco_mode; /* how to keep the session around */ int reconnect_hard; /* unexpectedly reconnect from the same port */ @@ -970,6 +972,7 @@ int main( int argc, char *argv[] ) opt.trunc_hmac = DFL_TRUNC_HMAC; opt.dhmlen = DFL_DHMLEN; opt.reconnect = DFL_RECONNECT; + opt.reco_server_name = DFL_SERVER_NAME; opt.reco_delay = DFL_RECO_DELAY; opt.reco_mode = DFL_RECO_MODE; opt.reconnect_hard = DFL_RECONNECT_HARD; @@ -1166,6 +1169,8 @@ int main( int argc, char *argv[] ) if( opt.reconnect < 0 || opt.reconnect > 2 ) goto usage; } + else if( strcmp( p, "rec_server_name" ) == 0 ) + opt.reco_server_name = q; else if( strcmp( p, "reco_delay" ) == 0 ) { opt.reco_delay = atoi( q ); @@ -3290,6 +3295,15 @@ int main( int argc, char *argv[] ) strlen( early_data ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) + if( ( ret = mbedtls_ssl_set_hostname( &ssl, + opt.reco_server_name ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret ); + goto exit; + } +#endif if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 07b3e6fb59bc..49de984d8f89 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -19,18 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_time_t time_t -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 664a38490fcb..9fb65079e57f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -26,19 +26,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index ac14789d3941..b3ec7d699878 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -20,18 +20,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 3b663726cee3..c9d9df2efa73 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -19,19 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d04163b325c0..1d7dd3e63861 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -49,7 +49,7 @@ int main( void ) #include "mbedtls/ssl_cache.h" #endif -#if defined(MBEDTLS_SSL_TICKET_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) #include "mbedtls/ssl_ticket.h" #endif @@ -291,7 +291,7 @@ int main( void ) #else #define USAGE_CA_CALLBACK "" #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) #define USAGE_TICKETS \ " tickets=%%d default: 1 (enabled)\n" \ " ticket_rotate=%%d default: 0 (disabled)\n" \ @@ -299,7 +299,7 @@ int main( void ) " ticket_aead=%%s default: \"AES-256-GCM\"\n" #else #define USAGE_TICKETS "" -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ #define USAGE_EAP_TLS \ " eap_tls=%%d default: 0 (disabled)\n" @@ -1550,9 +1550,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_context ticket_ctx; -#endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ #if defined(SNI_OPTION) sni_entry *sni_info = NULL; #endif @@ -1643,7 +1643,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_init( &ticket_ctx ); #endif #if defined(MBEDTLS_SSL_ALPN) @@ -3189,7 +3189,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_cache_set ); #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) { #if defined(MBEDTLS_HAVE_TIME) @@ -4580,7 +4580,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free( &ticket_ctx ); #endif #if defined(MBEDTLS_SSL_COOKIE_C) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index c368f573afb0..659b3ab2c837 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -22,23 +22,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_printf printf -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_setbuf setbuf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #undef HAVE_RNG #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a6d83e75bd9f..920a473c62f2 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -22,13 +22,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#include -#include -#define mbedtls_exit exit -#define mbedtls_printf printf -#define mbedtls_free free -#endif #if !defined(MBEDTLS_HAVE_TIME) int main( void ) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 1ae627d423b1..4105d2b35167 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #include "mbedtls/version.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 9d5d3e4c73f3..48fb559f67a8 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -20,17 +20,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #include "mbedtls/version.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index ff6ebf02e2f6..b1d005cd73a7 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -20,17 +20,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #include "mbedtls/version.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index c0836046a382..ff61fcde010f 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -19,17 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/x509_crt.h" diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c index 5aa023348eb9..f37973cb2e3e 100644 --- a/programs/test/query_compile_time_config.c +++ b/programs/test/query_compile_time_config.c @@ -19,14 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #define USAGE \ "usage: %s [ -all | -any | -l ] ...\n\n" \ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index ab337a21ffb0..2d6103c31dd9 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -54,19 +54,7 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index d6e55614f490..979b5515f47c 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -29,15 +29,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #include "mbedtls/platform_util.h" diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index cf6a56c6cf80..7138fa8544a8 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -19,18 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO) #include "mbedtls/error.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index f91da1307c63..66052fdabc81 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -19,14 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include "mbedtls/error.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 985b9704c35d..00d563fc7df0 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -19,19 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 7460bbf1c09c..30b389ab4bdb 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 793982d5a80f..c93ff1e9862e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index aa353be0ae49..28cb99e6ea18 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index e07bed72117f..b8b0ecdee56c 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -46,19 +46,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_TIMING_C) diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 24324ff3d6e6..dda14e1e3619 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -19,16 +19,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index c42d2ffefd8b..fc210b908458 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -25,11 +25,7 @@ #if defined(MBEDTLS_ERROR_C) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif #include #include diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 59eb16897606..b5d3eec95234 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -21,12 +21,7 @@ #include "query_config.h" -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ /* * Include all the headers with public APIs in case they define a macro to its diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 6ec967e1843e..e0e6fd27fe1e 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -37,20 +37,7 @@ #define MBEDTLS_TEST_MUTEX_USAGE #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define mbedtls_time time -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #include #include diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 8535b9307706..695a2433ad39 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -28,20 +28,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define mbedtls_time time -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6674707a7b4f..35c3cc793802 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1274,6 +1274,163 @@ component_test_crypto_full_no_cipher () { make test } +component_test_tls1_2_default_stream_cipher_only () { + msg "build: default with only stream cipher" + + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only stream cipher" + make test + + # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. +} + +component_test_tls1_2_default_stream_cipher_only_use_psa () { + msg "build: default with only stream cipher use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only stream cipher use psa" + make test + + # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. +} + +component_test_tls1_2_default_cbc_legacy_cipher_only () { + msg "build: default with only CBC-legacy cipher" + + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy cipher" + make test + + msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + +component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { + msg "build: default with only CBC-legacy cipher use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy cipher use psa" + make test + + msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + +component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { + msg "build: default with only CBC-legacy and CBC-EtM ciphers" + + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy and CBC-EtM ciphers" + make test + + msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + +component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { + msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" + + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) + scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Modules that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C + + make + + msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" + make test + + msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" + tests/ssl-opt.sh -f "TLS 1.2" +} + component_test_psa_external_rng_use_psa_crypto () { msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full @@ -2314,6 +2471,7 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT + scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 15fa8bcf7a48..22eadd180543 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -74,7 +74,7 @@ =head1 SYNOPSIS my $prefix = $^O eq "MSWin32" ? '' : './'; -my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed, +my (@failed_suites, $total_tests_run, $failed, $suite_cases_passed, $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, $total_cases_failed, $total_cases_skipped ); my $suites_skipped = 0; @@ -112,7 +112,7 @@ sub pad_print_center { pad_print_center( 72, '-', "End $suite" ); } } else { - $failed_suites++; + push @failed_suites, $suite; print "FAIL\n"; if( $verbose ) { pad_print_center( 72, '-', "Begin $suite" ); @@ -139,12 +139,17 @@ sub pad_print_center { } print "-" x 72, "\n"; -print $failed_suites ? "FAILED" : "PASSED"; +print @failed_suites ? "FAILED" : "PASSED"; printf( " (%d suites, %d tests run%s)\n", scalar(@suites) - $suites_skipped, $total_tests_run, $suites_skipped ? ", $suites_skipped suites skipped" : "" ); +if( $verbose && @failed_suites ) { + # the output can be very long, so provide a summary of which suites failed + print " failed suites : @failed_suites\n"; +} + if( $verbose > 1 ) { print " test cases passed :", $total_cases_passed, "\n"; print " failed :", $total_cases_failed, "\n"; @@ -159,5 +164,5 @@ sub pad_print_center { } } -exit( $failed_suites ? 1 : 0 ); +exit( @failed_suites ? 1 : 0 ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3ca337979a99..c00bcab6ad38 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13670,6 +13670,47 @@ run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ -c "Protocol is TLSv1.2" \ -c "HTTP/1.0 200 [Oo][Kk]" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ + sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ + "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "got new session ticket." \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "HTTP/1.0 200 OK" \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \ + -s "key exchange mode: ephemeral" \ + -s "key exchange mode: psk_ephemeral" \ + -s "found pre_shared_key extension" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ + sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ + "$P_CLI debug_level=4 server_name=localhost rec_server_name=remote reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -c "got new session ticket." \ + -c "Saving session for reuse... ok" \ + -c "Reconnecting with saved session" \ + -c "Hostname mismatch the session ticket, disable session resumption." \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 33cfc1062473..fe33f9bf9bf8 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -12,20 +12,7 @@ #if defined (MBEDTLS_ERROR_C) #include "mbedtls/error.h" #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define mbedtls_time time -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 37468df71a6d..af617fc56b0b 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1,9 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/cipher.h" - -#if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" -#endif #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index 70b7609e4898..5956a69811b2 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -22,15 +22,15 @@ mbedtls_cmac_setkey:MBEDTLS_CIPHER_DES_EDE3_ECB:192:0 CMAC init #5 AES-224: bad key size depends_on:MBEDTLS_AES_C -mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA CMAC init #6 AES-0: bad key size depends_on:MBEDTLS_AES_C -mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA CMAC init #7 Camellia: wrong cipher depends_on:MBEDTLS_CAMELLIA_C -mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA CMAC Single Blocks #1 - Empty block, no updates mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746" diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function index 841bd1d6e32c..3fad814a5487 100644 --- a/tests/suites/test_suite_pkcs12.function +++ b/tests/suites/test_suite_pkcs12.function @@ -25,7 +25,6 @@ void pkcs12_derive_key( int md_type, int key_size_arg, data_t* expected_output, int expected_status ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *output_data = NULL; unsigned char *password = NULL; @@ -46,15 +45,15 @@ void pkcs12_derive_key( int md_type, int key_size_arg, ASSERT_ALLOC( output_data, key_size ); - ret = mbedtls_pkcs12_derivation( output_data, - key_size, - password, - password_len, - salt, - salt_len, - md_type, - MBEDTLS_PKCS12_DERIVE_KEY, - iterations ); + int ret = mbedtls_pkcs12_derivation( output_data, + key_size, + password, + password_len, + salt, + salt_len, + md_type, + MBEDTLS_PKCS12_DERIVE_KEY, + iterations ); TEST_EQUAL( ret, expected_status );