TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 8cd4bc4ac280fa27348c513b9984c627e61c53c0^2..8cd4bc4ac280fa27348c513b9984c627e61c53c0 / .
commit8cd4bc4ac280fa27348c513b9984c627e61c53c0[log] [tgz]
authorDave Rodgman <dave.rodgman@arm.com>Thu Nov 23 17:43:00 2023 +0000
committerGitHub <noreply@github.com>Thu Nov 23 17:43:00 2023 +0000
tree5471a0eca218aec1cb23bd1a68213ee415fa6e52
parente49047520fee36a146455ab4e6334acd645c4619 [diff]
parent18040ede3fc89b3e2b1f4f92ede4d5fe33c94b26 [diff]
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only

Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT

diff --git a/library/aesni.h b/library/aesni.h
index fa5d911..59e27af 100644
--- a/library/aesni.h
+++ b/library/aesni.h

@@ -157,6 +157,6 @@
 #endif
 
 #endif /* MBEDTLS_AESNI_HAVE_CODE */
-#endif  /* MBEDTLS_AESNI_C */
+#endif  /* MBEDTLS_AESNI_C && (MBEDTLS_ARCH_IS_X64 || MBEDTLS_ARCH_IS_X86) */
 
 #endif /* MBEDTLS_AESNI_H */

diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index 2973cce..b8dffa9 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c

@@ -46,6 +46,12 @@
  */
 volatile int false_but_the_compiler_does_not_know = 0;
 
+/* Hide calls to calloc/free from static checkers such as
+ * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about
+ * code where we do mean to cause a runtime error. */
+void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc;
+void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free;
+
 /* Set n bytes at the address p to all-bits-zero, in such a way that
  * the compiler should not know that p is all-bits-zero. */
 static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n)
@@ -98,9 +104,9 @@
 void read_after_free(const char *name)
 {
     (void) name;
-    volatile char *p = mbedtls_calloc(1, 1);
+    volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
     *p = 'a';
-    mbedtls_free((void *) p);
+    free_but_the_compiler_does_not_know((void *) p);
     /* Undefined behavior (read after free) */
     mbedtls_printf("%u\n", (unsigned) *p);
 }
@@ -108,11 +114,11 @@
 void double_free(const char *name)
 {
     (void) name;
-    volatile char *p = mbedtls_calloc(1, 1);
+    volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
     *p = 'a';
-    mbedtls_free((void *) p);
+    free_but_the_compiler_does_not_know((void *) p);
     /* Undefined behavior (double free) */
-    mbedtls_free((void *) p);
+    free_but_the_compiler_does_not_know((void *) p);
 }
 
 void read_uninitialized_stack(const char *name)
@@ -132,7 +138,7 @@
 void memory_leak(const char *name)
 {
     (void) name;
-    volatile char *p = mbedtls_calloc(1, 1);
+    volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
     mbedtls_printf("%u\n", (unsigned) *p);
     /* Leak of a heap object */
 }

diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh
index 7f972e0..3b63ed9 100755
--- a/scripts/prepare_release.sh
+++ b/scripts/prepare_release.sh

@@ -39,11 +39,11 @@
 GITIGNORES=$(find . -name ".gitignore")
 for GITIGNORE in $GITIGNORES; do
     if [ -n "$unrelease" ]; then
-        sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE
+        sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE
         sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE
         sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE
     else
-        sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE
+        sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE
         sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE
         sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE
     fi

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 85776cc..05571a1 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -1145,21 +1145,21 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-void ssl_set_hostname_twice(char *hostname0, char *hostname1)
+void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1)
 {
-    const char *hostname;
+    const char *output_hostname;
     mbedtls_ssl_context ssl;
 
     mbedtls_ssl_init(&ssl);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
-    hostname = mbedtls_ssl_get_hostname(&ssl);
-    TEST_ASSERT(strcmp(hostname0, hostname) == 0);
+    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0);
+    output_hostname = mbedtls_ssl_get_hostname(&ssl);
+    TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0);
 
-    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
-    hostname = mbedtls_ssl_get_hostname(&ssl);
-    TEST_ASSERT(strcmp(hostname1, hostname) == 0);
+    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0);
+    output_hostname = mbedtls_ssl_get_hostname(&ssl);
+    TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0);
 
 exit:
     mbedtls_ssl_free(&ssl);