On MingW, temporarily force the use of the standard versions of `snprintf()`
and `vsnprintf()` (since we set `__USE_MINGW_ANSI_STDIO` in
`mbedtls_platform_requirements.h`). Do not honor `platform.h` configuration,
because with the current TF-PSA-Crypto, `MBEDTLS_PLATFORM_VSNPRINTF_ALT and
`MBEDTLS_PLATFORM_SNPRINTF_ALT` are always enabled on MinGW, so what matters
is the setting of `__USE_MINGW_ANSI_STDIO` when `platform.c` is built, and
until https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694, the legacy printf
functions are used there.
Revert this commit once the `tf-psa-crypto` module is updated with the merge
of https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since Mbed TLS 3.6.0, all officially supported versions of Visual Studio
a printf function family that is sufficiently compliant to C99 for our
purposes, in particular supporting `%zu` for `size_t`. The only platform
without `%zu` that we semi-officially support is older versions of MinGW,
still used in our CI. MinGW provides either a Windows legacy printf or a
standards-compliant printf depending on the value of
`__USE_MINGW_ANSI_STDIO` when compiling each C file. Force the use of the
compliant version. Don't rely on `MBEDTLS_PRINTF_SIZET`, which is defined in
`<mbedtls/debug.h>` and no longer considers the Windows legacy version in
Mbed TLS >= 4.1.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Always activate `__USE_MINGW_ANSI_STDIO` unless overridden on the command
line. This is necessary with older versions of MingW and/or Windows,
where snprintf does not always zero-terminate the buffer, and does
not support formats such as `"%zu"` for size_t and `"%lld"` for long long.
Simplify debug.h accordingly. The macros `MBEDTLS_PRINTF_SIZET`,
`MBEDTLS_PRINTF_SIZET_HAX` and `MBEDTLS_PRINTF_LONGLONG` are no longer
needed, but they are still used in our code base and must stay in debug.h
for backward compatibility.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On some platforms, the system headers expose different interfaces depending
on what macros are defined, for example to provide different standards
compliance level. Create a common place where we can declare such macros,
so that our code can behave in the same way when it's in different files.
Individual .c files can still override these requirements by defining
macros before including the common header, if it's really necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We already have `x509_internal.h` which is common to all parts of the X.509
library, and `ssl_misc.h` which is common to all parts of the TLS library.
Also create `mbedtls_common.h` which is for the Mbed TLS project as a whole.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In mbedtls_x509_string_to_names() we were not checking for allocation
failures. An allocation failure would lead to a memcpy() to a null
pointer address.
Fix this by checking the result of the call to mbedtls_calloc() and
returning MBEDTLS_ERR_X509_ALLOC_FAILED in the error case.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.
The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
message (renegotiation).
- when the ClientHello was read by
ssl_tls13_process_client_hello() during TLS 1.3 or
TLS 1.2 version negotiation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.
TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Don't ship two slightly different wheels.
This reduces our platform adherence by using only `clock_gettime()` in the
library and not `gettimeofday()` as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.
This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Gilles Peskine