Merge remote-tracking branch 'origin/pr/604' into baremetal
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index b69dd71..c31847d 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -250,6 +250,7 @@
*/
int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
* \brief Check a given mbedtls_x509_time against the system time
* and tell if it's in the past.
@@ -277,6 +278,7 @@
* 0 otherwise.
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+#endif /* MBEDTLS_HAVE_TIME_DATE */
/**
* \brief Free a dynamic linked list presentation of an X.509 name
@@ -301,6 +303,20 @@
mbedtls_asn1_sequence_free( (mbedtls_asn1_sequence*) seq );
}
+#if !defined(MBEDTLS_HAVE_TIME_DATE)
+static inline int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+{
+ ((void) to);
+ return( 0 );
+}
+
+static inline int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+{
+ ((void) from);
+ return( 0 );
+}
+#endif /* !MBEDTLS_HAVE_TIME_DATE */
+
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 3eee460..5212e67 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -235,8 +235,11 @@
/* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_x509_crt *fallback_parent;
int fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
/* for find_parent() */
int parent_is_trusted; /* -1 if find_parent is not in progress */
diff --git a/library/ecdsa.c b/library/ecdsa.c
index dc19384..58e1a5f 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -172,11 +172,11 @@
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#define ECDSA_RS_ECP &rs_ctx->ecp
+#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
/* Utility macro for checking and updating ops budget */
#define ECDSA_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
/* Call this when entering a function that needs its own sub-context */
#define ECDSA_RS_ENTER( SUB ) do { \
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ee50b4d..3d42155 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -963,7 +963,7 @@
p += 2;
MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl,
- ssl->minor_ver,
+ mbedtls_ssl_get_minor_ver( ssl ),
ciphersuite_info )
{
if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
@@ -1883,7 +1883,7 @@
* Perform cipher suite validation in same way as in ssl_write_client_hello.
*/
MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl,
- ssl->minor_ver,
+ mbedtls_ssl_get_minor_ver( ssl ),
ciphersuite_info )
{
if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e69c517..cb88be6 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1249,13 +1249,13 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
{
- MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
- ssl->minor_ver, \
+ MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
+ mbedtls_ssl_get_minor_ver( ssl ), \
cur_info )
{
#else
- MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
- ssl->minor_ver, \
+ MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
+ mbedtls_ssl_get_minor_ver( ssl ), \
cur_info )
{
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
@@ -2183,13 +2183,13 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
{
- MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
- ssl->minor_ver, \
+ MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
+ mbedtls_ssl_get_minor_ver( ssl ), \
cur_info )
{
#else
- MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
- ssl->minor_ver, \
+ MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, \
+ mbedtls_ssl_get_minor_ver( ssl ), \
cur_info )
{
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 78a15fe..fc7ece7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7777,8 +7777,6 @@
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
else
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
-
- ssl_set_timer( ssl, 0 );
}
#endif
diff --git a/library/x509.c b/library/x509.c
index 0d2b9ef..a6c6584 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1192,21 +1192,7 @@
return( x509_check_time( from, &now ) );
}
-
-#else /* MBEDTLS_HAVE_TIME_DATE */
-
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
-{
- ((void) to);
- return( 0 );
-}
-
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
-{
- ((void) from);
- return( 0 );
-}
-#endif /* MBEDTLS_HAVE_TIME_DATE */
+#endif /* MBEDTLS_HAVE_TIME_DATE */
void mbedtls_x509_name_free( mbedtls_x509_name *name )
{
diff --git a/library/x509_crt.c b/library/x509_crt.c
index eb3ee99..24ef0e6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2844,8 +2844,13 @@
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
int ret;
- mbedtls_x509_crt *parent_crt, *fallback_parent;
- int signature_is_good, fallback_signature_is_good;
+ mbedtls_x509_crt *parent_crt;
+ int signature_is_good;
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+ mbedtls_x509_crt *fallback_parent;
+ int fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* did we have something in progress? */
@@ -2853,21 +2858,27 @@
{
/* restore saved state */
parent_crt = rs_ctx->parent;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
fallback_parent = rs_ctx->fallback_parent;
fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
/* clear saved state */
rs_ctx->parent = NULL;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
rs_ctx->fallback_parent = NULL;
rs_ctx->fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
/* resume where we left */
goto check_signature;
}
#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
fallback_parent = NULL;
fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
for( parent_crt = candidates; parent_crt != NULL;
parent_crt = parent_crt->next )
@@ -2918,8 +2929,10 @@
{
/* save state */
rs_ctx->parent = parent_crt;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
rs_ctx->fallback_parent = fallback_parent;
rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
return( ret );
}
@@ -2934,11 +2947,13 @@
/* optional time check */
if( !parent_valid )
{
+#if defined(MBEDTLS_HAVE_TIME_DATE)
if( fallback_parent == NULL )
{
fallback_parent = parent_crt;
fallback_signature_is_good = signature_is_good;
}
+#endif /* MBEDTLS_HAVE_TIME_DATE */
continue;
}
@@ -2953,8 +2968,12 @@
}
else
{
+#if defined(MBEDTLS_HAVE_TIME_DATE)
*r_parent = fallback_parent;
*r_signature_is_good = fallback_signature_is_good;
+#else /* MBEDTLS_HAVE_TIME_DATE */
+ *r_parent = NULL;
+#endif /* !MBEDTLS_HAVE_TIME_DATE */
}
return( 0 );
@@ -3643,8 +3662,10 @@
mbedtls_pk_restart_init( &ctx->pk );
ctx->parent = NULL;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
ctx->fallback_parent = NULL;
ctx->fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
ctx->parent_is_trusted = -1;
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8c53c67..a77fe13 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -762,9 +762,27 @@
component_test_hardcoded_ciphersuite_cmake_clang() {
msg "build: cmake, full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE, clang" # ~ 50s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+ CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
+ make
+
+ msg "test: main suites (full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)" # ~ 5s
+ make test
+
+ msg "test: ssl-opt.sh default (full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)" # ~ 5s
+ if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
+}
+
+component_test_hardcoded_timer_callback_cmake_clang() {
+ msg "build: cmake, full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE, clang" # ~ 50s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl set MBEDTLS_SSL_CONF_GET_TIMER mbedtls_timing_get_delay
+ scripts/config.pl set MBEDTLS_SSL_CONF_SET_TIMER mbedtls_timing_set_delay
+ CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
make
msg "test: main suites (full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)" # ~ 5s
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index f1acde9..9c34ea6 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -170,10 +170,6 @@
TEST_ASSERT( ciphertext != NULL );
}
- memset( plaintext, 0, in_len );
- memset( ciphertext, 0, output_len );
-
-
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ), 1 ) == 0 );
@@ -225,10 +221,6 @@
TEST_ASSERT( ciphertext != NULL );
}
- memset( plaintext, 0, output_len );
- memset( ciphertext, 0, in_len );
-
-
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ), 0 ) == 0 );
unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,