Merge pull request #5717 from daverodgman/backport_2.28-alert_reentrant
Backport 2.28 - make mbedtls_ssl_send_alert_message() reentrant
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
new file mode 100644
index 0000000..6878645
--- /dev/null
+++ b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compilation on Windows when building shared library, by setting
+ library search path to CMAKE_CURRENT_BINARY_DIR.
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 04c1213..63f9411 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -21,7 +21,7 @@
*/
/*
* Minimal configuration of features that do not require an entropy source
- * Distinguishing reatures:
+ * Distinguishing features:
* - no entropy module
* - no TLS protocol implementation available due to absence of an entropy
* source
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index b0296eb..a93e38a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -128,7 +128,12 @@
* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
* MBEDTLS_PLATFORM_STD_TIME.
*
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ * interface - timing.c will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
*/
#define MBEDTLS_HAVE_TIME
@@ -1493,7 +1498,7 @@
* Enable an implementation of SHA-256 that has lower ROM footprint but also
* lower performance.
*
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
* performance and size. This version optimizes more aggressively for size at
* the expense of performance. Eg on Cortex-M4 it reduces the size of
* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -3466,6 +3471,10 @@
* your own implementation of the whole module by setting
* \c MBEDTLS_TIMING_ALT in the current file.
*
+ * \note The timing module will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
* \note See also our Knowledge Base article about porting to a new
* environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 610b8b1..328f861 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4357,7 +4357,7 @@
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
/**
- * \brief Load reasonnable default SSL configuration values.
+ * \brief Load reasonable default SSL configuration values.
* (You need to call mbedtls_ssl_config_init() first.)
*
* \param conf SSL configuration context
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a882eed..8221051 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -101,7 +101,7 @@
* supported. Usually that means a 256-bit key.
*
* \note The lifetime of the keys is twice the lifetime of tickets.
- * It is recommended to pick a reasonnable lifetime so as not
+ * It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
* \return 0 if successful,
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 0a60067..cde9cf4 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -202,6 +202,7 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
+ set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.0 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
diff --git a/library/timing.c b/library/timing.c
index a5a55d6..57bc9bc 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -57,17 +57,16 @@
#include <unistd.h>
#include <sys/types.h>
#include <signal.h>
-#if defined(MBEDTLS_HAVE_TIME)
+/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the
+ * platform matches the ifdefs above, it will be used. */
#include <time.h>
#include <sys/time.h>
struct _hr_time
{
struct timeval start;
};
-#endif
#endif /* _WIN32 && !EFIX64 && !EFI32 */
-#if defined(MBEDTLS_HAVE_TIME)
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
@@ -526,45 +525,5 @@
}
#endif /* MBEDTLS_SELF_TEST */
-
-#else
-volatile int mbedtls_timing_alarmed = 0;
-int mbedtls_timing_get_delay( void *data )
-{
- (void) data;
- return( 0 );
-}
-
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
-{
- (void) data;
- (void) int_ms;
- (void) fin_ms;
-}
-
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
-{
- (void) val;
- (void) reset;
- return( 0 );
-}
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- return( 0 );
-}
-
-void mbedtls_set_alarm( int seconds )
-{
- (void) seconds;
-}
-#if defined(MBEDTLS_SELF_TEST)
-int mbedtls_timing_self_test( int verbose )
-{
- (void) verbose;
- return( 0 );
-}
-#endif /* MBEDTLS_SELF_TEST */
-#endif /* MBEDTLS_HAVE_TIME */
#endif /* !MBEDTLS_TIMING_ALT */
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 9a6087c..a50da1a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -827,7 +827,6 @@
get_options( argc, argv );
-#if defined(MBEDTLS_HAVE_TIME)
/*
* Decisions to drop/delay/duplicate packets are pseudo-random: dropping
* exactly 1 in N packets would lead to problems when a flight has exactly
@@ -838,12 +837,15 @@
*/
if( opt.seed == 0 )
{
+#if defined(MBEDTLS_HAVE_TIME)
opt.seed = (unsigned int) mbedtls_time( NULL );
+#else
+ opt.seed = 1;
+#endif /* MBEDTLS_HAVE_TIME */
mbedtls_printf( " . Pseudo-random seed: %u\n", opt.seed );
}
srand( opt.seed );
-#endif /* MBEDTLS_HAVE_TIME */
/*
* 0. "Connect" to the server
diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
index b7b089c..2522da1 100644
--- a/tests/suites/test_suite_timing.data
+++ b/tests/suites/test_suite_timing.data
@@ -1,23 +1,17 @@
Timing: hardclock
-depends_on:MBEDTLS_HAVE_TIME
timing_hardclock:
Timing: get timer
-depends_on:MBEDTLS_HAVE_TIME
timing_get_timer:
Timing: set alarm with no delay
-depends_on:MBEDTLS_HAVE_TIME
timing_set_alarm:0:
Timing: set alarm with 1s delay
-depends_on:MBEDTLS_HAVE_TIME
timing_set_alarm:1:
Timing: delay 0ms
-depends_on:MBEDTLS_HAVE_TIME
timing_delay:0:
Timing: delay 100ms
-depends_on:MBEDTLS_HAVE_TIME
timing_delay:100: