yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 04:25:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/mbedtls-2.16' into baremetal

Browse source 
* public/mbedtls-2.16: (40 commits)
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Fix typo in data_file generator code
  Give credit to OSS-Fuzz for #2404
  Remove ssl_cert_test sample app
  Fix the proxy seed in Travis runs
  Update library version to 2.16.1
  Fix errors in AEAD test function
  x509.c: Fix potential memory leak in X.509 self test
  Remove Circle CI script
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
  Change Perl to Python in test builds
  Fix default port number information
  Silence pylint
  ...
This commit is contained in:
Simon Butcher 2019-04-24 14:51:33 +01:00
parent 7326bc8577 20d707dd3e
commit 2e7c7cd756
36 changed files with 502 additions and 1107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

425
.pylint
View file

@ -1,425 +0,0 @@
[MASTER]
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=CVS
# Add files or directories matching the regex patterns to the blacklist. The
# regex matches against base names, not paths.
ignore-patterns=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Use multiple processes to speed up Pylint.
jobs=1
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Pickle collected data for later comparisons.
persistent=yes
# Specify a configuration file.
#rcfile=
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
confidence=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
disable=print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=
[REPORTS]
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio).You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Activate the evaluation score.
score=yes
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
[SIMILARITIES]
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
# Minimum lines number of a similarity.
min-similarity-lines=4
[FORMAT]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
max-line-length=79
# Maximum number of lines in a module
max-module-lines=2000
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
no-space-check=trailing-comma,dict-separator
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
[BASIC]
# Naming hint for argument names
argument-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Regular expression matching correct argument names
argument-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Naming hint for attribute names
attr-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Regular expression matching correct attribute names
attr-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Naming hint for class attribute names
class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming hint for class names
class-name-hint=[A-Z_][a-zA-Z0-9]+$
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming hint for constant names
const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# Naming hint for function names
function-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Regular expression matching correct function names
function-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Naming hint for inline iteration names
inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming hint for method names
method-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Regular expression matching correct method names
method-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Naming hint for module names
module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
property-classes=abc.abstractproperty
# Naming hint for variable names
variable-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
# Regular expression matching correct variable names
variable-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
[TYPECHECK]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators=contextlib.contextmanager
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=optparse.Values,thread._local,_thread._local
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
[VARIABLES]
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*|^ignored_|^unused_
# Tells whether we should check for unused import in __init__ files.
init-import=no
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,future.builtins
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Maximum number of boolean expressions in a if statement
max-bool-expr=5
# Maximum number of branch for function / method body
max-branches=12
# Maximum number of locals for function / method body
max-locals=15
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of statements in function / method body
max-statements=50
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
[IMPORTS]
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,TERMIOS,Bastion,rexec
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception

52
.pylintrc Normal file
View file

@ -0,0 +1,52 @@
[BASIC]
# We're ok with short funtion argument names.
# [invalid-name]
argument-rgx=[a-z_][a-z0-9_]*$
# Allow filter and map.
# [bad-builtin]
bad-functions=input
# We prefer docstrings, but we don't require them on all functions.
# Require them only on long functions (for some value of long).
# [missing-docstring]
docstring-min-length=10
# Allow longer methods than the default.
# [invalid-name]
method-rgx=[a-z_][a-z0-9_]{2,35}$
# Allow module names containing a dash (but no underscore or uppercase letter).
# They are whole programs, not meant to be included by another module.
# [invalid-name]
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$
# Some functions don't need docstrings.
# [missing-docstring]
no-docstring-rgx=(run_)main$
# We're ok with short local or global variable names.
# [invalid-name]
variable-rgx=[a-z_][a-z0-9_]*$
[DESIGN]
# Allow more than the default 7 attributes.
# [too-many-instance-attributes]
max-attributes=15
[FORMAT]
# Allow longer modules than the default recommended maximum.
# [too-many-lines]
max-module-lines=2000
[MESSAGES CONTROL]
disable=
[REPORTS]
# Don't diplay statistics. Just the facts.
reports=no
[VARIABLES]
# Allow unused variables if their name starts with an underscore.
# [unused-argument]
dummy-variables-rgx=_.*

3
.travis.yml
View file

@ -31,7 +31,8 @@ after_failure:
- tests/scripts/travis-log-failure.sh
env:
global:
secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
- SEED=1
- secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons:
apt:

57
ChangeLog
View file

@ -2,6 +2,47 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx
Security
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
Bugfix
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
* Fix potential memory leak in X.509 self test. Found and fixed by
Junhwan Park, #2106.
* Reduce stack usage of hkdf tests. Fixes #2195.
* Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
used with negative inputs. Found by Guido Vranken in #2404. Credit to
OSS-Fuzz.
* Fix bugs in the AEAD test suite which would be exposed by ciphers which
either used both encrypt and decrypt key schedules, or which perform padding.
GCM and CCM were not affected. Fixed by Jack Lloyd.
* Fix incorrect default port number in ssl_mail_client example's usage.
Found and fixed by irwir. #2337
Changes
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.1 branch released 2019-03-19
Features
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
from the default list (enabled by default). See
@ -37,16 +78,6 @@ Bugfix
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610.
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
Changes
* Include configuration file in all header files that use configuration,
@ -62,12 +93,6 @@ Changes
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
* Ciphersuites based on 3DES now have the lowest priority by default when
they are enabled.
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.0 branch released 2018-12-21

8
README.md
View file

@ -35,7 +35,7 @@ In order to run the tests, enter:
make check
The tests need Perl to be built and run. If you don't have Perl installed, you can skip building the tests with:
The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with:
make no_test
@ -65,7 +65,7 @@ In order to run the tests, enter:
make test
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with:
cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
@ -133,7 +133,7 @@ on the build mode as seen above), it's merely prepended to it.
The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the selftest program in `programs/test/` is still available.
The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available.
Example programs
----------------
@ -143,7 +143,7 @@ We've included example programs for a lot of different features and uses in [`pr
Tests
-----
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:

44
circle.yml
View file

@ -1,44 +0,0 @@
# Purpose:
# - To test and prove that a new commit in the mbed TLS repository builds
# and integrates with mbed-os properly.
# AND
# - To test and prove that the current development head of mbed TLS builds
# and integrates with the current mbed-os master branch.
#
# The script fetches all the prerequisites and builds the mbed TLS 'tls-client'
# example. This script is triggered by every commit and once each night and the
# exact behaviour depends on how it was triggered:
# - If it is a nightly build then it builds the mbed TLS development head with
# mbed-os master.
# - If it was triggered by the commit, then it builds the example with mbed TLS
# at that commit and mbed-os at the commit pointed by mbed-os.lib in the
# example repository.
test:
override:
- cd ../mbed-os-example-tls/tls-client/ && mbed compile -m K64F -t GCC_ARM -c
dependencies:
pre:
# Install gcc-arm
- cd .. && wget "https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2"
- cd .. && tar -xvjf gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2
- ln -s ../gcc-arm-none-eabi-4_9-2015q3/bin/* ../bin/
# Install mbed-cli
- cd ../ && git clone https://github.com/ARMmbed/mbed-cli.git
- cd ../mbed-cli && sudo -H pip install -e .
# Get the sample application
- cd ../ && git clone git@github.com:ARMmbed/mbed-os-example-tls.git
# Get mbed-os
- cd ../mbed-os-example-tls/tls-client && mbed deploy
# Update mbed-os to master only if it is a nightly build
- >
if [ -n "${RUN_NIGHTLY_BUILD}" ]; then
cd ../mbed-os-example-tls/tls-client/mbed-os/ && mbed update master;
fi
# Import mbedtls current revision
- ln -s ../../../../../../../mbedtls/ ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/TARGET_IGNORE/mbedtls
- cd ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/ && make
override:
# Install the missing python packages
- cd ../mbed-os-example-tls/tls-client/mbed-os/ && sudo -H pip install -r requirements.txt

2
doxygen/input/doc_mainpage.h
View file

@ -24,7 +24,7 @@
*/
/**
* @mainpage mbed TLS v2.16.0 source code documentation
* @mainpage mbed TLS v2.16.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in

2
doxygen/mbedtls.doxyfile
View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.16.0"
PROJECT_NAME = "mbed TLS v2.16.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or

2
include/mbedtls/ecp.h
View file

@ -482,7 +482,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
*
* \note After this function is called, domain parameters
* for various ECP groups can be loaded through the
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
* mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );

8
include/mbedtls/version.h
View file

@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16
#define MBEDTLS_VERSION_PATCH 0
#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x02100000
#define MBEDTLS_VERSION_STRING "2.16.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.0"
#define MBEDTLS_VERSION_NUMBER 0x02100100
#define MBEDTLS_VERSION_STRING "2.16.1"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.1"
#if defined(MBEDTLS_VERSION_C)

6
library/CMakeLists.txt
View file

@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3)
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.1 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0)
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.1 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12)
set_target_properties(mbedtls PROPERTIES VERSION 2.16.1 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto

26
library/bignum.c
View file

@ -582,15 +582,20 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
if( radix < 2 || radix > 16 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
n = mbedtls_mpi_bitlen( X );
if( radix >= 4 ) n >>= 1;
if( radix >= 16 ) n >>= 1;
/*
* Round up the buffer length to an even value to ensure that there is
* enough room for hexadecimal values that can be represented in an odd
* number of digits.
*/
n += 3 + ( ( n + 1 ) & 1 );
n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present
* `n`. If radix > 4, this might be a strict
* overapproximation of the number of
* radix-adic digits needed to present `n`. */
if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to
* present `n`. */
n += 1; /* Terminating null byte */
n += 1; /* Compensate for the divisions above, which round down `n`
* in case it's not even. */
n += 1; /* Potential '-'-sign. */
n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
* which always uses an even number of hex-digits. */
if( buflen < n )
{
@ -602,7 +607,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
mbedtls_mpi_init( &T );
if( X->s == -1 )
{
*p++ = '-';
buflen--;
}
if( radix == 16 )
{

27
library/ecdh.c
View file

@ -49,6 +49,16 @@
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx )
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ctx->grp.id );
#else
return( ctx->grp_id );
#endif
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
/*
* Generate public key (restartable version)
@ -442,8 +452,21 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS );
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
}
else
{
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_get_params_internal( ctx, key, side ) );

16
library/x509.c
View file

@ -1001,8 +1001,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
*/
int mbedtls_x509_self_test( int verbose )
{
int ret = 0;
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
int ret;
uint32_t flags;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
@ -1010,6 +1010,7 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( " X.509 certificate load: " );
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
@ -1019,11 +1020,9 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( ret );
goto cleanup;
}
mbedtls_x509_crt_init( &cacert );
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
mbedtls_test_ca_crt_len );
if( ret != 0 )
@ -1031,7 +1030,7 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( ret );
goto cleanup;
}
if( verbose != 0 )
@ -1043,20 +1042,19 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( ret );
goto cleanup;
}
if( verbose != 0 )
mbedtls_printf( "passed\n\n");
cleanup:
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &clicert );
return( 0 );
#else
((void) verbose);
return( 0 );
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
return( ret );
}
#endif /* MBEDTLS_SELF_TEST */

6
programs/Makefile
View file

@ -67,7 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
@ -241,10 +241,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP)
echo " CC ssl/mini_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c $(DEP)
echo " CC test/ssl_cert_test.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/benchmark$(EXEXT): test/benchmark.c $(DEP)
echo " CC test/benchmark.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

2
programs/README.md
View file

@ -99,8 +99,6 @@ In addition to providing options for testing client-side features, the `ssl_clie
* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module.
* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): demonstrates how to verify X.509 certificates, and (for RSA keys only) how to check that each certificate matches the corresponding private key. This program requires some test data which is not provided.
* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS.
* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb).

30
programs/ssl/ssl_mail_client.c
View file

@ -110,9 +110,9 @@ int main( void )
#if defined(MBEDTLS_BASE64_C)
#define USAGE_AUTH \
" authentication=%%d default: 0 (disabled)\n" \
" user_name=%%s default: \"user\"\n" \
" user_pwd=%%s default: \"password\"\n"
" authentication=%%d default: 0 (disabled)\n" \
" user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
" user_pwd=%%s default: \"" DFL_USER_PWD "\"\n"
#else
#define USAGE_AUTH \
" authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
@ -129,17 +129,17 @@ int main( void )
#endif /* MBEDTLS_FS_IO */
#define USAGE \
"\n usage: ssl_mail_client param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
"\n usage: ssl_mail_client param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: " DFL_SERVER_NAME "\n" \
" server_port=%%d default: " DFL_SERVER_PORT "\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
USAGE_AUTH \
" mail_from=%%s default: \"\"\n" \
" mail_to=%%s default: \"\"\n" \
USAGE_IO \
" force_ciphersuite=<name> default: all enabled\n"\
USAGE_AUTH \
" mail_from=%%s default: \"\"\n" \
" mail_to=%%s default: \"\"\n" \
USAGE_IO \
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
#if defined(MBEDTLS_CHECK_PARAMS)
@ -324,7 +324,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *
mbedtls_printf("\n%s", buf);
if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
return -1;
}
@ -336,7 +336,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *
if( ret <= 0 )
{
mbedtls_printf( "failed\n ! read returned %d\n\n", ret );
mbedtls_printf( "failed\n ! mbedtls_net_recv returned %d\n\n", ret );
return -1;
}

5
programs/test/CMakeLists.txt
View file

@ -21,9 +21,6 @@ if(TEST_CPP)
target_link_libraries(cpp_dummy_build ${libs})
endif()
add_executable(ssl_cert_test ssl_cert_test.c)
target_link_libraries(ssl_cert_test ${libs})
add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs})
@ -34,6 +31,6 @@ add_executable(query_compile_time_config query_compile_time_config.c)
target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config
install(TARGETS selftest benchmark udp_proxy query_compile_time_config
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

274
programs/test/ssl_cert_test.c
View file

@ -1,274 +0,0 @@
/*
* SSL certificate functionality tests
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
#include "mbedtls/certs.h"
#include "mbedtls/x509_crt.h"
#include <stdio.h>
#include <string.h>
#endif
#define MAX_CLIENT_CERTS 8
#if !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_X509_CRL_PARSE_C)
int main( void )
{
mbedtls_printf("MBEDTLS_RSA_C and/or MBEDTLS_X509_CRT_PARSE_C "
"MBEDTLS_FS_IO and/or MBEDTLS_X509_CRL_PARSE_C "
"not defined.\n");
return( 0 );
}
#else
const char *client_certificates[MAX_CLIENT_CERTS] =
{
"client1.crt",
"client2.crt",
"server1.crt",
"server2.crt",
"cert_sha224.crt",
"cert_sha256.crt",
"cert_sha384.crt",
"cert_sha512.crt"
};
const char *client_private_keys[MAX_CLIENT_CERTS] =
{
"client1.key",
"client2.key",
"server1.key",
"server2.key",
"cert_digest.key",
"cert_digest.key",
"cert_digest.key",
"cert_digest.key"
};
#if defined(MBEDTLS_CHECK_PARAMS)
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
#endif
int main( void )
{
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt cacert;
mbedtls_x509_crl crl;
char buf[10240];
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crl_init( &crl );
/*
* 1.1. Load the trusted CA
*/
mbedtls_printf( "\n . Loading the CA root certificate ..." );
fflush( stdout );
/*
* Alternatively, you may load the CA certificates from a .pem or
* .crt file by calling mbedtls_x509_crt_parse_file( &cacert, "myca.crt" ).
*/
ret = mbedtls_x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_x509_crt_info( buf, 1024, "CRT: ", &cacert );
mbedtls_printf("%s\n", buf );
/*
* 1.2. Load the CRL
*/
mbedtls_printf( " . Loading the CRL ..." );
fflush( stdout );
ret = mbedtls_x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_x509_crl_info( buf, 1024, "CRL: ", &crl );
mbedtls_printf("%s\n", buf );
for( i = 0; i < MAX_CLIENT_CERTS; i++ )
{
/*
* 1.3. Load own certificate
*/
char name[512];
uint32_t flags;
mbedtls_x509_crt clicert;
mbedtls_pk_context pk;
mbedtls_x509_crt_init( &clicert );
mbedtls_pk_init( &pk );
mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
mbedtls_printf( " . Loading the client certificate %s...", name );
fflush( stdout );
ret = mbedtls_x509_crt_parse_file( &clicert, name );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1.4. Verify certificate validity with CA certificate
*/
mbedtls_printf( " . Verify the client certificate with CA certificate..." );
fflush( stdout );
ret = mbedtls_x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL,
NULL );
if( ret != 0 )
{
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}
else
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret );
goto exit;
}
}
mbedtls_printf( " ok\n" );
/*
* 1.5. Load own private key
*/
mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
mbedtls_printf( " . Loading the client private key %s...", name );
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &pk, name, NULL );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1.6. Verify certificate validity with private key
*/
mbedtls_printf( " . Verify the client certificate with private key..." );
fflush( stdout );
/* EC NOT IMPLEMENTED YET */
if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) )
{
mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" );
goto exit;
}
ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->N, &mbedtls_pk_rsa( clicert.pk )->N);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for N returned %d\n\n", ret );
goto exit;
}
ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->E, &mbedtls_pk_rsa( clicert.pk )->E);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for E returned %d\n\n", ret );
goto exit;
}
ret = mbedtls_rsa_check_privkey( mbedtls_pk_rsa( pk ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_x509_crt_free( &clicert );
mbedtls_pk_free( &pk );
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crl_free( &crl );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( exit_code );
}
#endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_X509_CRL_PARSE_C */

31
scripts/abi_check.py
View file

@ -26,8 +26,16 @@ import tempfile
class AbiChecker(object):
"""API and ABI checker."""
def __init__(self, report_dir, old_rev, new_rev, keep_all_reports):
"""Instantiate the API/ABI checker.
report_dir: directory for output files
old_rev: reference git revision to compare against
new_rev: git revision to check
keep_all_reports: if false, delete old reports
"""
self.repo_path = "."
self.log = None
self.setup_logger()
@ -42,7 +50,8 @@ class AbiChecker(object):
self.git_command = "git"
self.make_command = "make"
def check_repo_path(self):
@staticmethod
def check_repo_path():
current_dir = os.path.realpath('.')
root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
if current_dir != root_dir:
@ -53,12 +62,15 @@ class AbiChecker(object):
self.log.setLevel(logging.INFO)
self.log.addHandler(logging.StreamHandler())
def check_abi_tools_are_installed(self):
@staticmethod
def check_abi_tools_are_installed():
for command in ["abi-dumper", "abi-compliance-checker"]:
if not shutil.which(command):
raise Exception("{} not installed, aborting".format(command))
def get_clean_worktree_for_git_revision(self, git_rev):
"""Make a separate worktree with git_rev checked out.
Do not modify the current worktree."""
self.log.info(
"Checking out git worktree for revision {}".format(git_rev)
)
@ -76,6 +88,7 @@ class AbiChecker(object):
return git_worktree_path
def build_shared_libraries(self, git_worktree_path):
"""Build the shared libraries in the specified worktree."""
my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og"
my_environment["SHARED"] = "1"
@ -92,6 +105,9 @@ class AbiChecker(object):
raise Exception("make failed, aborting")
def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path):
"""Generate the ABI dumps for the specified git revision.
It must be checked out in git_worktree_path and the shared libraries
must have been built."""
abi_dumps = {}
for mbed_module in self.mbedtls_modules:
output_path = os.path.join(
@ -117,6 +133,7 @@ class AbiChecker(object):
return abi_dumps
def cleanup_worktree(self, git_worktree_path):
"""Remove the specified git worktree."""
shutil.rmtree(git_worktree_path)
worktree_process = subprocess.Popen(
[self.git_command, "worktree", "prune"],
@ -130,6 +147,7 @@ class AbiChecker(object):
raise Exception("Worktree cleanup failed, aborting")
def get_abi_dump_for_ref(self, git_rev):
"""Generate the ABI dumps for the specified git revision."""
git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev)
self.build_shared_libraries(git_worktree_path)
abi_dumps = self.get_abi_dumps_from_shared_libraries(
@ -139,6 +157,9 @@ class AbiChecker(object):
return abi_dumps
def get_abi_compatibility_report(self):
"""Generate a report of the differences between the reference ABI
and the new ABI. ABI dumps from self.old_rev and self.new_rev must
be available."""
compatibility_report = ""
compliance_return_code = 0
for mbed_module in self.mbedtls_modules:
@ -188,6 +209,8 @@ class AbiChecker(object):
return compliance_return_code
def check_for_abi_changes(self):
"""Generate a report of ABI differences
between self.old_rev and self.new_rev."""
self.check_repo_path()
self.check_abi_tools_are_installed()
self.old_dumps = self.get_abi_dump_for_ref(self.old_rev)
@ -232,7 +255,9 @@ def run_main():
)
return_code = abi_check.check_for_abi_changes()
sys.exit(return_code)
except Exception:
except Exception: # pylint: disable=broad-except
# Print the backtrace and exit explicitly so as to exit with
# status 2, not 1.
traceback.print_exc()
sys.exit(2)

2
tests/data_files/Makefile
View file

@ -150,7 +150,7 @@ test-int-ca3-badsign.crt: test-int-ca3.crt
all_final += test-int-ca3-badsign.crt
server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
cat server10.crt test-int-ca3-badsign.crt > $@
all_final += server10-bs_int3-bs.pem
all_final += server10_int3-bs.pem
rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@

26
tests/scripts/all.sh
View file

@ -590,6 +590,17 @@ component_check_doxygen_warnings () {
#### Build and test many configurations and targets
################################################################
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make
msg "test: main suites make, default config (out-of-box)" # ~10s
make test
msg "selftest: make, default config (out-of-box)" # ~10s
programs/test/selftest
}
component_test_default_cmake_gcc_asan () {
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@ -952,10 +963,16 @@ component_test_m32_o1 () {
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
msg "test ssl-opt.sh, i386, make, gcc-O1"
if_build_succeeded tests/ssl-opt.sh
}
support_test_m32_o1 () {
support_test_m32_o0 "$@"
@ -1176,10 +1193,8 @@ component_test_valgrind () {
msg "test: main suites valgrind (Release)"
make memcheck
# Optional part(s)
# Currently broken, programs don't seem to receive signals
# under valgrind on OS X
# Optional parts (slow; currently broken on OS X because programs don't
# seem to receive signals under valgrind on OS X).
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
if_build_succeeded tests/ssl-opt.sh --memcheck
@ -1247,6 +1262,9 @@ component_test_zeroize () {
unset gdb_disable_aslr
}
support_check_python_files () {
type pylint3 >/dev/null 2>/dev/null
}
component_check_python_files () {
msg "Lint: Python scripts"
record_status tests/scripts/check-python-files.sh

158
tests/scripts/check-files.py
View file

@ -19,14 +19,23 @@ import codecs
import sys
class IssueTracker(object):
"""Base class for issue tracking. Issues should inherit from this and
overwrite either issue_with_line if they check the file line by line, or
overwrite check_file_for_issue if they check the file as a whole."""
class FileIssueTracker(object):
"""Base class for file-wide issue tracking.
To implement a checker that processes a file as a whole, inherit from
this class and implement `check_file_for_issue` and define ``heading``.
``files_exemptions``: files whose name ends with a string in this set
will not be checked.
``heading``: human-readable description of the issue
"""
files_exemptions = frozenset()
# heading must be defined in derived classes.
# pylint: disable=no-member
def __init__(self):
self.heading = ""
self.files_exemptions = []
self.files_with_issues = {}
def should_check_file(self, filepath):
@ -35,23 +44,14 @@ class IssueTracker(object):
return False
return True
def issue_with_line(self, line):
raise NotImplementedError
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
for i, line in enumerate(iter(f.readline, b"")):
self.check_file_line(filepath, line, i + 1)
raise NotImplementedError
def record_issue(self, filepath, line_number):
if filepath not in self.files_with_issues.keys():
self.files_with_issues[filepath] = []
self.files_with_issues[filepath].append(line_number)
def check_file_line(self, filepath, line, line_number):
if self.issue_with_line(line):
self.record_issue(filepath, line_number)
def output_file_issues(self, logger):
if self.files_with_issues.values():
logger.info(self.heading)
@ -64,24 +64,44 @@ class IssueTracker(object):
logger.info(filename)
logger.info("")
class LineIssueTracker(FileIssueTracker):
"""Base class for line-by-line issue tracking.
class PermissionIssueTracker(IssueTracker):
To implement a checker that processes files line by line, inherit from
this class and implement `line_with_issue`.
"""
def __init__(self):
super().__init__()
self.heading = "Incorrect permissions:"
def issue_with_line(self, line, filepath):
raise NotImplementedError
def check_file_line(self, filepath, line, line_number):
if self.issue_with_line(line, filepath):
self.record_issue(filepath, line_number)
def check_file_for_issue(self, filepath):
if not (os.access(filepath, os.X_OK) ==
filepath.endswith((".sh", ".pl", ".py"))):
with open(filepath, "rb") as f:
for i, line in enumerate(iter(f.readline, b"")):
self.check_file_line(filepath, line, i + 1)
class PermissionIssueTracker(FileIssueTracker):
"""Track files with bad permissions.
Files that are not executable scripts must not be executable."""
heading = "Incorrect permissions:"
def check_file_for_issue(self, filepath):
is_executable = os.access(filepath, os.X_OK)
should_be_executable = filepath.endswith((".sh", ".pl", ".py"))
if is_executable != should_be_executable:
self.files_with_issues[filepath] = None
class EndOfFileNewlineIssueTracker(IssueTracker):
class EndOfFileNewlineIssueTracker(FileIssueTracker):
"""Track files that end with an incomplete line
(no newline character at the end of the last line)."""
def __init__(self):
super().__init__()
self.heading = "Missing newline at end of file:"
heading = "Missing newline at end of file:"
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
@ -89,11 +109,11 @@ class EndOfFileNewlineIssueTracker(IssueTracker):
self.files_with_issues[filepath] = None
class Utf8BomIssueTracker(IssueTracker):
class Utf8BomIssueTracker(FileIssueTracker):
"""Track files that start with a UTF-8 BOM.
Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM."""
def __init__(self):
super().__init__()
self.heading = "UTF-8 BOM present:"
heading = "UTF-8 BOM present:"
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
@ -101,79 +121,76 @@ class Utf8BomIssueTracker(IssueTracker):
self.files_with_issues[filepath] = None
class LineEndingIssueTracker(IssueTracker):
class LineEndingIssueTracker(LineIssueTracker):
"""Track files with non-Unix line endings (i.e. files with CR)."""
def __init__(self):
super().__init__()
self.heading = "Non Unix line endings:"
heading = "Non Unix line endings:"
def issue_with_line(self, line):
def issue_with_line(self, line, _filepath):
return b"\r" in line
class TrailingWhitespaceIssueTracker(IssueTracker):
class TrailingWhitespaceIssueTracker(LineIssueTracker):
"""Track lines with trailing whitespace."""
def __init__(self):
super().__init__()
self.heading = "Trailing whitespace:"
self.files_exemptions = [".md"]
heading = "Trailing whitespace:"
files_exemptions = frozenset(".md")
def issue_with_line(self, line):
def issue_with_line(self, line, _filepath):
return line.rstrip(b"\r\n") != line.rstrip()
class TabIssueTracker(IssueTracker):
class TabIssueTracker(LineIssueTracker):
"""Track lines with tabs."""
def __init__(self):
super().__init__()
self.heading = "Tabs present:"
self.files_exemptions = [
"Makefile", "generate_visualc_files.pl"
]
heading = "Tabs present:"
files_exemptions = frozenset([
"Makefile",
"generate_visualc_files.pl",
])
def issue_with_line(self, line):
def issue_with_line(self, line, _filepath):
return b"\t" in line
class MergeArtifactIssueTracker(IssueTracker):
class MergeArtifactIssueTracker(LineIssueTracker):
"""Track lines with merge artifacts.
These are leftovers from a ``git merge`` that wasn't fully edited."""
def __init__(self):
super().__init__()
self.heading = "Merge artifact:"
heading = "Merge artifact:"
def issue_with_line(self, filepath, line):
def issue_with_line(self, line, _filepath):
# Detect leftover git conflict markers.
if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
return True
if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
return True
if line.rstrip(b'\r\n') == b'=======' and \
not filepath.endswith('.md'):
not _filepath.endswith('.md'):
return True
return False
def check_file_line(self, filepath, line, line_number):
if self.issue_with_line(filepath, line):
self.record_issue(filepath, line_number)
class TodoIssueTracker(LineIssueTracker):
"""Track lines containing ``TODO``."""
class TodoIssueTracker(IssueTracker):
heading = "TODO present:"
files_exemptions = frozenset([
os.path.basename(__file__),
"benchmark.c",
"pull_request_template.md",
])
def __init__(self):
super().__init__()
self.heading = "TODO present:"
self.files_exemptions = [
os.path.basename(__file__),
"benchmark.c",
"pull_request_template.md",
]
def issue_with_line(self, line):
def issue_with_line(self, line, _filepath):
return b"todo" in line.lower()
class IntegrityChecker(object):
"""Sanity-check files under the current directory."""
def __init__(self, log_file):
"""Instantiate the sanity checker.
Check files under the current directory.
Write a report of issues to log_file."""
self.check_repo_path()
self.logger = None
self.setup_logger(log_file)
@ -197,7 +214,8 @@ class IntegrityChecker(object):
TodoIssueTracker(),
]
def check_repo_path(self):
@staticmethod
def check_repo_path():
if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
raise Exception("Must be run from Mbed TLS root")

8
tests/scripts/check-python-files.sh
View file

@ -9,10 +9,4 @@
# Run 'pylint' on Python files for programming errors and helps enforcing
# PEP8 coding standards.
if `hash pylint > /dev/null 2>&1`; then
pylint -j 2 tests/scripts/generate_test_code.py --rcfile .pylint
pylint -j 2 tests/scripts/test_generate_test_code.py --rcfile .pylint
pylint -j 2 tests/scripts/mbedtls_test.py --rcfile .pylint
else
echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files."
fi
pylint3 -j 2 scripts/*.py tests/scripts/*.py

2
tests/scripts/generate_test_code.py
View file

@ -238,7 +238,7 @@ class FileWrapper(io.FileIO, object):
if hasattr(parent, '__next__'):
line = parent.__next__() # Python 3
else:
line = parent.next() # Python 2
line = parent.next() # Python 2 # pylint: disable=no-member
if line is not None:
self._line_no += 1
# Convert byte array to string with correct encoding and

3
tests/scripts/mbedtls_test.py
View file

@ -37,7 +37,8 @@ https://github.com/ARMmbed/greentea
import re
import os
import binascii
from mbed_host_tests import BaseHostTest, event_callback
from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error
class TestDataParserError(Exception):

4
tests/scripts/test_generate_test_code.py
View file

@ -22,7 +22,7 @@
Unit tests for generate_test_code.py
"""
# pylint: disable=wrong-import-order
try:
# Python 2
from StringIO import StringIO
@ -36,6 +36,7 @@ try:
except ImportError:
# Python 3
from unittest.mock import patch
# pylint: enable=wrong-import-order
from generate_test_code import gen_dependencies, gen_dependencies_one_line
from generate_test_code import gen_function_wrapper, gen_dispatch
from generate_test_code import parse_until_pattern, GeneratorInputError
@ -336,6 +337,7 @@ class StringIOWrapper(StringIO, object):
:param length:
:return:
"""
# pylint: disable=unused-argument
line = super(StringIOWrapper, self).readline()
if line is not None:
self.line_no += 1

7
tests/suites/test_suite_cipher.function
View file

@ -976,6 +976,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
/* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
MBEDTLS_ENCRYPT ) );
memset( output, 0xFF, sizeof( output ) );
outlen = 0;
@ -984,8 +987,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
my_tag, tag->len );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( outlen == clear->len );
TEST_ASSERT( memcmp( output, cipher->x, clear->len ) == 0 );
TEST_ASSERT( outlen == cipher->len );
TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 );
/* make sure we didn't overwrite */

16
tests/suites/test_suite_ecdh.data
View file

@ -79,3 +79,19 @@ ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8A
ECDH exchange legacy context
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
ECDH calc_secret: theirs first, SECP256R1 (RFC 5903)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
ECDH get_params with mismatched groups: our BP256R1, their SECP256R1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECDH get_params with mismatched groups: their SECP256R1, our BP256R1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA

140
tests/suites/test_suite_ecdh.function
View file

@ -1,5 +1,41 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdh.h"
static int load_public_key( int grp_id, data_t *point,
mbedtls_ecp_keypair *ecp )
{
int ok = 0;
TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
&ecp->Q,
point->x,
point->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
&ecp->Q ) == 0 );
ok = 1;
exit:
return( ok );
}
static int load_private_key( int grp_id, data_t *private_key,
mbedtls_ecp_keypair *ecp,
rnd_pseudo_info *rnd_info )
{
int ok = 0;
TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_binary( &ecp->d,
private_key->x,
private_key->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
/* Calculate the public key from the private key. */
TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
&ecp->grp.G,
&rnd_pseudo_rand, rnd_info ) == 0 );
ok = 1;
exit:
return( ok );
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -464,3 +500,107 @@ exit:
mbedtls_ecdh_free( &cli );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdh_exchange_calc_secret( int grp_id,
data_t *our_private_key,
data_t *their_point,
int ours_first,
data_t *expected )
{
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
size_t shared_secret_length = 0;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( grp_id, their_point, &their_key ) )
goto exit;
/* Import the keys to the ECDH calculation. */
if( ours_first )
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
}
else
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
}
/* Perform the ECDH calculation. */
TEST_ASSERT( mbedtls_ecdh_calc_secret(
&ecdh,
&shared_secret_length,
shared_secret, sizeof( shared_secret ),
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( shared_secret_length == expected->len );
TEST_ASSERT( memcmp( expected->x, shared_secret,
shared_secret_length ) == 0 );
exit:
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdh_exchange_get_params_fail( int our_grp_id,
data_t *our_private_key,
int their_grp_id,
data_t *their_point,
int ours_first,
int expected_ret )
{
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( their_grp_id, their_point, &their_key ) )
goto exit;
if( ours_first )
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
expected_ret );
}
else
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
expected_ret );
}
exit:
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */

20
tests/suites/test_suite_hkdf.function
View file

@ -14,12 +14,16 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
{
int ret;
size_t ikm_len, salt_len, info_len, okm_len;
unsigned char ikm[1024] = { '\0' };
unsigned char salt[1024] = { '\0' };
unsigned char info[1024] = { '\0' };
unsigned char expected_okm[1024] = { '\0' };
unsigned char okm[1024] = { '\0' };
unsigned char okm_string[1000] = { '\0' };
unsigned char ikm[128] = { '\0' };
unsigned char salt[128] = { '\0' };
unsigned char info[128] = { '\0' };
unsigned char expected_okm[128] = { '\0' };
unsigned char okm[128] = { '\0' };
/*
* okm_hex is the string representation of okm,
* so its size is twice the size of okm, and an extra null-termination.
*/
unsigned char okm_hex[257] = { '\0' };
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
@ -34,8 +38,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
TEST_ASSERT( ret == 0 );
// Run hexify on it so that it looks nicer if the assertion fails
hexify( okm_string, okm, okm_len );
TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) );
hexify( okm_hex, okm, okm_len );
TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
}
/* END_CASE */

3
tests/suites/test_suite_mpi.data
View file

@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0
Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:16:"-23":16:"-23":100:0:0
Base test mpi_read_write_string #4 (Buffer just fits)
mpi_read_write_string:16:"-4":4:"-10":4:0:0
Test mpi_read_write_string #1 (Invalid character)
mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0

3
tests/suites/test_suite_mpi.function
View file

@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
mbedtls_mpi_init( &X );
memset( str, '!', sizeof( str ) );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 )
{
@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
if( result_write == 0 )
{
TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
TEST_ASSERT( str[len] == '!' );
}
}

4
tests/suites/test_suite_version.data
View file

@ -1,8 +1,8 @@
Check compiletime library version
check_compiletime_version:"2.16.0"
check_compiletime_version:"2.16.1"
Check runtime library version
check_runtime_version:"2.16.0"
check_runtime_version:"2.16.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0

13
visualc/VS2010/mbedTLS.sln
View file

@ -183,11 +183,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{3FE0C0E1-D9BA-6A26-380C-F293E543B914}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@ -552,14 +547,6 @@ Global
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.ActiveCfg = Debug|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.Build.0 = Debug|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.ActiveCfg = Debug|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.Build.0 = Debug|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.ActiveCfg = Release|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.Build.0 = Release|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.ActiveCfg = Release|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.Build.0 = Release|x64
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64

174
visualc/VS2010/ssl_cert_test.vcxproj
View file

@ -1,174 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\test\ssl_cert_test.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
<LinkLibraryDependencies>true</LinkLibraryDependencies>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{3FE0C0E1-D9BA-6A26-380C-F293E543B914}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_cert_test</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<IntDir>$(Configuration)\$(TargetName)\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
<LinkLibraryDependencies>false</LinkLibraryDependencies>
</ProjectReference>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
<LinkLibraryDependencies>false</LinkLibraryDependencies>
</ProjectReference>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
<AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>