In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
Let the projects using some CMakeLists.txt files
without the top CMakeLists.txt define the variables
that the top CMakeLists.txt set for all.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit updates the build scripts for error.c generation to be
generated in the Mbed TLS library directory.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes #include "mbedtls/buildinfo.h" from pkcs7.c as it is
not needed unlike other C modules.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves version.h back into /include/mbedtls from
tf-psa-crypto/drivers/builtin/include. This commit also changes the
necessary build files and scripts to generate version_features.c
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Move library options to the top CMakeLists.txt.
That way:
- we will be able to set the TF-PSA-Crypto
library options according to the Mbed TLS ones.
- we can define the crypto library target names
in the top CMakeLists.txt and not in the library
one that is dedicated to the TLS and x509
libraries now.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit removes the MBEDTLS_OID_C guard from the static functions in
the library/x509_create.c as this function is no longer included in the
oid.c file.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
The compile-time option MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE gates both
support for interoperability with a peer that uses middlebox compatibility
mode, and support for activating that mode ourselves. Change code that is
only needed for interoperability to be guarded by
MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE.
As of this commit, MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE is always
enabled: there is no way to disable it, and there are no tests with it
disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit moves static functions that are necessary for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.c to x509.c
Signed-off-by: Sam Berry <sam.berry@arm.com>
Actually moved the function rather than trying to edit guards around it,
because the relevant guards are not nearby, the function was part of
larger blocks, so it seemed risky.
Also, that seems logically correct: the function is no longer part of
the "TLS 1.2 handshake functions common to server and client" section,
it's part of the "helper functions common to 1.2 and 1.3 server and
client" block. Ideally in the future perhaps the file structure should
reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out
of scope here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Rename as there was a name collision with a static function in another
file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function
that parses the CertificateVerify message, which seems appropriate. Here
it meant "the 'verify' step after parsing the Certificate message".
Use a name that focuses on what it does: verify, not parse.
Also, take ciphersuite_info as an argument: when TLS 1.3 calls this
function, it can pass NULL as the ciphersuite has no influence there.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In particular, make sure pointer variables are initialized right after
being declared.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.
In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
