mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 05:05:34 +00:00
Merge pull request #690 from ARMmbed/update-development-restricted-202004329
Merge development into development restricted
This commit is contained in:
commit
4926f0dcb3
4
.github/issue_template.md
vendored
4
.github/issue_template.md
vendored
|
@ -1,7 +1,7 @@
|
|||
Note: This is just a template, so feel free to use/remove the unnecessary things
|
||||
|
||||
### Description
|
||||
- Type: Bug | Enhancement\Feature Request | Question
|
||||
- Type: Bug | Enhancement\Feature Request
|
||||
- Priority: Blocker | Major | Minor
|
||||
|
||||
---------------------------------------------------------------
|
||||
|
@ -38,4 +38,4 @@ Version:
|
|||
|
||||
## Question
|
||||
|
||||
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**
|
||||
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)**
|
||||
|
|
22
.pylintrc
22
.pylintrc
|
@ -40,7 +40,27 @@ max-attributes=15
|
|||
max-module-lines=2000
|
||||
|
||||
[MESSAGES CONTROL]
|
||||
disable=
|
||||
# * locally-disabled, locally-enabled: If we disable or enable a message
|
||||
# locally, it's by design. There's no need to clutter the Pylint output
|
||||
# with this information.
|
||||
# * logging-format-interpolation: Pylint warns about things like
|
||||
# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
|
||||
# This is of minor utility (mainly a performance gain when there are
|
||||
# many messages that use formatting and are below the log level).
|
||||
# Some versions of Pylint (including 1.8, which is the version on
|
||||
# Ubuntu 18.04) only recognize old-style format strings using '%',
|
||||
# and complain about something like ``log.info('{}', foo)`` with
|
||||
# logging-too-many-args (Pylint supports new-style formatting if
|
||||
# declared globally with logging_format_style under [LOGGING] but
|
||||
# this requires Pylint >=2.2).
|
||||
# * no-else-return: Allow the perfectly reasonable idiom
|
||||
# if condition1:
|
||||
# return value1
|
||||
# else:
|
||||
# return value2
|
||||
# * unnecessary-pass: If we take the trouble of adding a line with "pass",
|
||||
# it's because we think the code is clearer that way.
|
||||
disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
|
||||
|
||||
[REPORTS]
|
||||
# Don't diplay statistics. Just the facts.
|
||||
|
|
|
@ -135,7 +135,7 @@ if(CMAKE_COMPILER_IS_GNU)
|
|||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
|
||||
endif()
|
||||
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness")
|
||||
endif()
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
|
|
26
ChangeLog
26
ChangeLog
|
@ -1,12 +1,22 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
= mbed TLS 2.22.0 branch released 2020-04-14
|
||||
|
||||
New deprecations
|
||||
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
||||
SSL module for hardware acceleration of individual records.
|
||||
* Deprecate mbedtls_ssl_get_max_frag_len() in favour of
|
||||
mbedtls_ssl_get_output_max_frag_len() and
|
||||
mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
|
||||
fragment length is desired.
|
||||
|
||||
Security
|
||||
* Fix issue in DTLS handling of new associations with the same parameters
|
||||
(RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to
|
||||
the server could cause it to drop established associations with
|
||||
legitimate clients, resulting in a Denial of Service. This could only
|
||||
happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h
|
||||
(which it is by default).
|
||||
* Fix side channel in ECC code that allowed an adversary with access to
|
||||
precise enough timing and memory access information (typically an
|
||||
untrusted operating system attacking a secure enclave) to fully recover
|
||||
|
@ -15,13 +25,27 @@ Security
|
|||
* Fix a potentially remotely exploitable buffer overread in a
|
||||
DTLS client when parsing the Hello Verify Request message.
|
||||
|
||||
Features
|
||||
* The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically
|
||||
resizes the I/O buffers before and after handshakes, reducing the memory
|
||||
consumption during application data transfer.
|
||||
|
||||
Bugfix
|
||||
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
|
||||
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
|
||||
* Remove a spurious check in ssl_parse_client_psk_identity that triggered
|
||||
a warning with some compilers. Fix contributed by irwir in #2856.
|
||||
* Fix a function name in a debug message. Contributed by Ercan Ozturk in
|
||||
#3013.
|
||||
|
||||
Changes
|
||||
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
|
||||
is back directly in the present repository.
|
||||
* Split mbedtls_ssl_get_max_frag_len() into
|
||||
mbedtls_ssl_get_output_max_frag_len() and
|
||||
mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input
|
||||
buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
is defined), regardless of what MFL was configured for it.
|
||||
|
||||
= mbed TLS 2.21.0 branch released 2020-02-20
|
||||
|
||||
|
|
67
ChangeLog.d/00README.md
Normal file
67
ChangeLog.d/00README.md
Normal file
|
@ -0,0 +1,67 @@
|
|||
# Pending changelog entry directory
|
||||
|
||||
This directory contains changelog entries that have not yet been merged
|
||||
to the changelog file ([`../ChangeLog`](../ChangeLog)).
|
||||
|
||||
## Changelog entry file format
|
||||
|
||||
A changelog entry file must have the extension `*.txt` and must have the
|
||||
following format:
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Security
|
||||
* Change description.
|
||||
* Another change description.
|
||||
|
||||
Features
|
||||
* Yet another change description. This is a long change description that
|
||||
spans multiple lines.
|
||||
* Yet again another change description.
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The permitted changelog entry categories are as follows:
|
||||
<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
|
||||
|
||||
API changes
|
||||
Default behavior changes
|
||||
Requirement changes
|
||||
New deprecations
|
||||
Removals
|
||||
Features
|
||||
Security
|
||||
Bugfix
|
||||
Changes
|
||||
|
||||
Use “Changes” for anything that doesn't fit in the other categories, such as
|
||||
performance, documentation and test improvements.
|
||||
|
||||
## How to write a changelog entry
|
||||
|
||||
Each entry starts with three spaces, an asterisk and a space. Continuation
|
||||
lines start with 5 spaces. Lines wrap at 79 characters.
|
||||
|
||||
Write full English sentences with proper capitalization and punctuation. Use
|
||||
the present tense. Use the imperative where applicable. For example: “Fix a
|
||||
bug in mbedtls_xxx() ….”
|
||||
|
||||
Include GitHub issue numbers where relevant. Use the format “#1234” for an
|
||||
Mbed TLS issue. Add other external references such as CVE numbers where
|
||||
applicable.
|
||||
|
||||
Credit the author of the contribution if the contribution is not a member of
|
||||
the Mbed TLS development team. Also credit bug reporters where applicable.
|
||||
|
||||
**Explain why, not how**. Remember that the audience is the users of the
|
||||
library, not its developers. In particular, for a bug fix, explain the
|
||||
consequences of the bug, not how the bug was fixed. For a new feature, explain
|
||||
why one might be interested in the feature. For an API change or a deprecation,
|
||||
explain how to update existing applications.
|
||||
|
||||
See [existing entries](../ChangeLog) for examples.
|
||||
|
||||
## How `ChangeLog` is updated
|
||||
|
||||
Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
|
||||
from a Git working copy
|
||||
to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
|
4
ChangeLog.d/bugfix.txt
Normal file
4
ChangeLog.d/bugfix.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Bugfix
|
||||
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
|
||||
Completes a previous fix in Mbed TLS 2.19 that only fixed the build for
|
||||
the example programs. Reported in #1430 and fix contributed by irwir.
|
6
ChangeLog.d/error_const.txt
Normal file
6
ChangeLog.d/error_const.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
Features
|
||||
* New functions in the error module return constant strings for
|
||||
high- and low-level error codes, complementing mbedtls_strerror()
|
||||
which constructs a string for any error code, including compound
|
||||
ones, but requires a writable buffer. Contributed by Gaurav Aggarwal
|
||||
in #3176.
|
4
ChangeLog.d/fix-ecp_double_add_mxz.txt
Normal file
4
ChangeLog.d/fix-ecp_double_add_mxz.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Changes
|
||||
* Fix minor performance issue in operations on Curve25519 caused by using a
|
||||
suboptimal modular reduction in one place. Found and fix contributed by
|
||||
Aurelien Jarno in #3209.
|
3
ChangeLog.d/fix-gcc-format-signedness-warnings.txt
Normal file
3
ChangeLog.d/fix-gcc-format-signedness-warnings.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Fix warnings about signedness issues in format strings. The build is now
|
||||
clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen in #3153.
|
5
ChangeLog.d/max_pathlen.txt
Normal file
5
ChangeLog.d/max_pathlen.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix undefined behavior in X.509 certificate parsing if the
|
||||
pathLenConstraint basic constraint value is equal to INT_MAX.
|
||||
The actual effect with almost every compiler is the intended
|
||||
behavior, so this is unlikely to be exploitable anywhere. #3192
|
3
ChangeLog.d/md_switch.txt
Normal file
3
ChangeLog.d/md_switch.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Combine identical cases in switch statements in md.c. Contributed
|
||||
by irwir in #3208.
|
3
ChangeLog.d/ssl_context_info.txt
Normal file
3
ChangeLog.d/ssl_context_info.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* The new utility programs/ssl/ssl_context_info prints a human-readable
|
||||
dump of an SSL context saved with mbedtls_ssl_context_save().
|
3
ChangeLog.d/ssl_write_certificate_request.txt
Normal file
3
ChangeLog.d/ssl_write_certificate_request.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Simplify a bounds check in ssl_write_certificate_request(). Contributed
|
||||
by irwir in #3150.
|
4
Makefile
4
Makefile
|
@ -124,8 +124,10 @@ endif
|
|||
|
||||
## Editor navigation files
|
||||
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
|
||||
# Exuberant-ctags invocation. Other ctags implementations may require different options.
|
||||
CTAGS = ctags --langmap=c:+.h.function -o
|
||||
tags: $(C_SOURCE_FILES)
|
||||
ctags -o $@ $(C_SOURCE_FILES)
|
||||
$(CTAGS) $@ $(C_SOURCE_FILES)
|
||||
TAGS: $(C_SOURCE_FILES)
|
||||
etags -o $@ $(C_SOURCE_FILES)
|
||||
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.21.0 source code documentation
|
||||
* @mainpage mbed TLS v2.22.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.21.0"
|
||||
PROJECT_NAME = "mbed TLS v2.22.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
@ -1594,7 +1594,7 @@ SEARCH_INCLUDES = YES
|
|||
# contain include files that are not input files but should be processed by
|
||||
# the preprocessor.
|
||||
|
||||
INCLUDE_PATH =
|
||||
INCLUDE_PATH = ../include
|
||||
|
||||
# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
|
||||
# patterns (like *.h and *.hpp) to filter out the header-files in the
|
||||
|
|
|
@ -619,6 +619,23 @@
|
|||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
|
||||
#error "One or more versions of the TLS protocol are enabled " \
|
||||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
@ -763,6 +780,10 @@
|
|||
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
|
||||
#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
|
|
@ -1520,8 +1520,8 @@
|
|||
|
||||
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
*
|
||||
* Enable support for Extended Master Secret, aka Session Hash
|
||||
* (draft-ietf-tls-session-hash-02).
|
||||
* Enable support for RFC 7627: Session Hash and Extended Master Secret
|
||||
* Extension.
|
||||
*
|
||||
* This was introduced as "the proper fix" to the Triple Handshake familiy of
|
||||
* attacks, but it is recommended to always use it (even if you disable
|
||||
|
@ -1539,7 +1539,8 @@
|
|||
/**
|
||||
* \def MBEDTLS_SSL_FALLBACK_SCSV
|
||||
*
|
||||
* Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
|
||||
* Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
|
||||
* for Preventing Protocol Downgrade Attacks.
|
||||
*
|
||||
* For servers, it is recommended to always enable this, unless you support
|
||||
* only one version of TLS, or know for sure that none of your clients
|
||||
|
|
|
@ -127,6 +127,36 @@ extern "C" {
|
|||
*/
|
||||
void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
|
||||
|
||||
/**
|
||||
* \brief Translate the high-level part of an Mbed TLS error code into a string
|
||||
* representation.
|
||||
*
|
||||
* This function returns a const pointer to an un-modifiable string. The caller
|
||||
* must not try to modify the string. It is intended to be used mostly for
|
||||
* logging purposes.
|
||||
*
|
||||
* \param error_code error code
|
||||
*
|
||||
* \return The string representation of the error code, or \c NULL if the error
|
||||
* code is unknown.
|
||||
*/
|
||||
const char * mbedtls_high_level_strerr( int error_code );
|
||||
|
||||
/**
|
||||
* \brief Translate the low-level part of an Mbed TLS error code into a string
|
||||
* representation.
|
||||
*
|
||||
* This function returns a const pointer to an un-modifiable string. The caller
|
||||
* must not try to modify the string. It is intended to be used mostly for
|
||||
* logging purposes.
|
||||
*
|
||||
* \param error_code error code
|
||||
*
|
||||
* \return The string representation of the error code, or \c NULL if the error
|
||||
* code is unknown.
|
||||
*/
|
||||
const char * mbedtls_low_level_strerr( int error_code );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -2682,6 +2682,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
|
|||
* \note This is mainly useful for clients. Servers will usually
|
||||
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
|
||||
*
|
||||
* \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
|
||||
* takes precedence over a PSK configured by this function.
|
||||
*
|
||||
* \warning Currently, clients can only register a single pre-shared key.
|
||||
* Calling this function or mbedtls_ssl_conf_psk_opaque() more
|
||||
* than once will overwrite values configured in previous calls.
|
||||
|
@ -2715,6 +2718,10 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
|||
* \note This is mainly useful for clients. Servers will usually
|
||||
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
|
||||
*
|
||||
* \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in
|
||||
* the PSK callback takes precedence over an opaque PSK
|
||||
* configured by this function.
|
||||
*
|
||||
* \warning Currently, clients can only register a single pre-shared key.
|
||||
* Calling this function or mbedtls_ssl_conf_psk() more than
|
||||
* once will overwrite values configured in previous calls.
|
||||
|
@ -2752,6 +2759,9 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
|
|||
* \note This should only be called inside the PSK callback,
|
||||
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
|
||||
*
|
||||
* \note A PSK set by this function takes precedence over a PSK
|
||||
* configured by \c mbedtls_ssl_conf_psk().
|
||||
*
|
||||
* \param ssl The SSL context to configure a PSK for.
|
||||
* \param psk The pointer to the pre-shared key.
|
||||
* \param psk_len The length of the pre-shared key in bytes.
|
||||
|
@ -2769,6 +2779,9 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
|
|||
* \note This should only be called inside the PSK callback,
|
||||
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
|
||||
*
|
||||
* \note An opaque PSK set by this function takes precedence over an
|
||||
* opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque().
|
||||
*
|
||||
* \param ssl The SSL context to configure a PSK for.
|
||||
* \param psk The identifier of the key slot holding the PSK.
|
||||
* For the duration of the current handshake, the key slot
|
||||
|
@ -2807,9 +2820,14 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
|
|||
* on the SSL context to set the correct PSK and return \c 0.
|
||||
* Any other return value will result in a denied PSK identity.
|
||||
*
|
||||
* \note If you set a PSK callback using this function, then you
|
||||
* don't need to set a PSK key and identity using
|
||||
* \c mbedtls_ssl_conf_psk().
|
||||
* \note A dynamic PSK (i.e. set by the PSK callback) takes
|
||||
* precedence over a static PSK (i.e. set by
|
||||
* \c mbedtls_ssl_conf_psk() or
|
||||
* \c mbedtls_ssl_conf_psk_opaque()).
|
||||
* This means that if you set a PSK callback using this
|
||||
* function, you don't need to set a PSK using
|
||||
* \c mbedtls_ssl_conf_psk() or
|
||||
* \c mbedtls_ssl_conf_psk_opaque()).
|
||||
*
|
||||
* \param conf The SSL configuration to register the callback with.
|
||||
* \param f_psk The callback for selecting and setting the PSK based
|
||||
|
@ -3523,18 +3541,61 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
|||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Return the maximum fragment length (payload, in bytes).
|
||||
* This is the value negotiated with peer if any,
|
||||
* or the locally configured value.
|
||||
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||
* the output buffer. For the client, this is the configured
|
||||
* value. For the server, it is the minimum of two - the
|
||||
* configured value and the negotiated one.
|
||||
*
|
||||
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_max_record_payload()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Current maximum fragment length.
|
||||
* \return Current maximum fragment length for the output buffer.
|
||||
*/
|
||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||
* the input buffer. This is the negotiated maximum fragment
|
||||
* length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN.
|
||||
* If it is not defined either, the value is 2^14. This function
|
||||
* works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
|
||||
*
|
||||
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_max_record_payload()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Current maximum fragment length for the output buffer.
|
||||
*/
|
||||
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function is a deprecated approach to getting the max
|
||||
* fragment length. Its an alias for
|
||||
* \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
|
||||
* is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
|
||||
* more detail.
|
||||
*
|
||||
* \sa mbedtls_ssl_get_input_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_output_max_frag_len()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Current maximum fragment length for the output buffer.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
|
||||
const mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
/**
|
||||
|
@ -3555,7 +3616,8 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
|||
* when record compression is enabled.
|
||||
*
|
||||
* \sa mbedtls_ssl_set_mtu()
|
||||
* \sa mbedtls_ssl_get_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_output_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_input_max_frag_len()
|
||||
* \sa mbedtls_ssl_get_record_expansion()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
|
@ -3863,8 +3925,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
* or negotiated with the peer), then:
|
||||
* - with TLS, less bytes than requested are written.
|
||||
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
||||
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
|
||||
* active maximum fragment length.
|
||||
* \c mbedtls_ssl_get_output_max_frag_len() may be used to
|
||||
* query the active maximum fragment length.
|
||||
*
|
||||
* \note Attempting to write 0 bytes will result in an empty TLS
|
||||
* application record being sent.
|
||||
|
|
|
@ -260,11 +260,11 @@
|
|||
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
|
||||
{
|
||||
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
||||
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
|
||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
||||
+ MBEDTLS_SSL_CID_OUT_LEN_MAX;
|
||||
#else
|
||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
||||
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
|
||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
||||
#endif
|
||||
}
|
||||
|
@ -272,11 +272,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context
|
|||
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
|
||||
{
|
||||
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
||||
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
|
||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
||||
+ MBEDTLS_SSL_CID_IN_LEN_MAX;
|
||||
#else
|
||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
||||
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
|
||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
||||
#endif
|
||||
}
|
||||
|
@ -921,7 +921,60 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the first defined PSK by order of precedence:
|
||||
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
|
||||
* 2. static PSK configured by \c mbedtls_ssl_conf_psk()
|
||||
* Return a code and update the pair (PSK, PSK length) passed to this function
|
||||
*/
|
||||
static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
|
||||
const unsigned char **psk, size_t *psk_len )
|
||||
{
|
||||
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
|
||||
{
|
||||
*psk = ssl->handshake->psk;
|
||||
*psk_len = ssl->handshake->psk_len;
|
||||
}
|
||||
|
||||
else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
|
||||
{
|
||||
*psk = ssl->conf->psk;
|
||||
*psk_len = ssl->conf->psk_len;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
*psk = NULL;
|
||||
*psk_len = 0;
|
||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/**
|
||||
* Get the first defined opaque PSK by order of precedence:
|
||||
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
|
||||
* callback
|
||||
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
|
||||
* Return an opaque PSK
|
||||
*/
|
||||
static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk(
|
||||
const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->handshake->psk_opaque != 0 )
|
||||
return( ssl->handshake->psk_opaque );
|
||||
|
||||
if( ssl->conf->psk_opaque != 0 )
|
||||
return( ssl->conf->psk_opaque );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 21
|
||||
#define MBEDTLS_VERSION_MINOR 22
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
|
@ -47,9 +47,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02150000
|
||||
#define MBEDTLS_VERSION_STRING "2.21.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02160000
|
||||
#define MBEDTLS_VERSION_STRING "2.22.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.22.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -187,19 +187,19 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.21.0 SOVERSION 4)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
target_include_directories(mbedcrypto
|
||||
PUBLIC ${MBEDTLS_DIR}/include/)
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.21.0 SOVERSION 1)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
target_include_directories(mbedx509
|
||||
PUBLIC ${MBEDTLS_DIR}/include/)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.21.0 SOVERSION 13)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
target_include_directories(mbedtls
|
||||
PUBLIC ${MBEDTLS_DIR}/include/)
|
||||
|
|
118
library/Makefile
118
library/Makefile
|
@ -63,48 +63,102 @@ DLEXT = dylib
|
|||
endif
|
||||
endif
|
||||
|
||||
OBJS_CRYPTO= aes.o aesni.o arc4.o \
|
||||
aria.o asn1parse.o asn1write.o \
|
||||
base64.o bignum.o blowfish.o \
|
||||
camellia.o ccm.o chacha20.o \
|
||||
chachapoly.o cipher.o cipher_wrap.o \
|
||||
cmac.o ctr_drbg.o des.o \
|
||||
dhm.o ecdh.o ecdsa.o \
|
||||
ecjpake.o ecp.o \
|
||||
ecp_curves.o entropy.o entropy_poll.o \
|
||||
error.o gcm.o havege.o \
|
||||
OBJS_CRYPTO= \
|
||||
aes.o \
|
||||
aesni.o \
|
||||
arc4.o \
|
||||
aria.o \
|
||||
asn1parse.o \
|
||||
asn1write.o \
|
||||
base64.o \
|
||||
bignum.o \
|
||||
blowfish.o \
|
||||
camellia.o \
|
||||
ccm.o \
|
||||
chacha20.o \
|
||||
chachapoly.o \
|
||||
cipher.o \
|
||||
cipher_wrap.o \
|
||||
cmac.o \
|
||||
ctr_drbg.o \
|
||||
des.o \
|
||||
dhm.o \
|
||||
ecdh.o \
|
||||
ecdsa.o \
|
||||
ecjpake.o \
|
||||
ecp.o \
|
||||
ecp_curves.o \
|
||||
entropy.o \
|
||||
entropy_poll.o \
|
||||
error.o \
|
||||
gcm.o \
|
||||
havege.o \
|
||||
hkdf.o \
|
||||
hmac_drbg.o md.o md2.o \
|
||||
md4.o md5.o \
|
||||
memory_buffer_alloc.o nist_kw.o \
|
||||
oid.o padlock.o pem.o \
|
||||
pk.o pk_wrap.o pkcs12.o \
|
||||
pkcs5.o pkparse.o pkwrite.o \
|
||||
platform.o platform_util.o poly1305.o \
|
||||
psa_crypto.o psa_crypto_se.o \
|
||||
hmac_drbg.o \
|
||||
md.o \
|
||||
md2.o \
|
||||
md4.o \
|
||||
md5.o \
|
||||
memory_buffer_alloc.o \
|
||||
nist_kw.o \
|
||||
oid.o \
|
||||
padlock.o \
|
||||
pem.o \
|
||||
pk.o \
|
||||
pk_wrap.o \
|
||||
pkcs12.o \
|
||||
pkcs5.o \
|
||||
pkparse.o \
|
||||
pkwrite.o \
|
||||
platform.o \
|
||||
platform_util.o \
|
||||
poly1305.o \
|
||||
psa_crypto.o \
|
||||
psa_crypto_se.o \
|
||||
psa_crypto_slot_management.o \
|
||||
psa_crypto_storage.o \
|
||||
psa_its_file.o \
|
||||
ripemd160.o rsa_internal.o rsa.o \
|
||||
sha1.o sha256.o sha512.o \
|
||||
threading.o timing.o \
|
||||
version.o version_features.o \
|
||||
xtea.o
|
||||
ripemd160.o \
|
||||
rsa.o \
|
||||
rsa_internal.o \
|
||||
sha1.o \
|
||||
sha256.o \
|
||||
sha512.o \
|
||||
threading.o \
|
||||
timing.o \
|
||||
version.o \
|
||||
version_features.o \
|
||||
xtea.o \
|
||||
# This line is intentionally left blank
|
||||
|
||||
include ../3rdparty/Makefile.inc
|
||||
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
|
||||
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
|
||||
|
||||
OBJS_X509= certs.o pkcs11.o x509.o \
|
||||
x509_create.o x509_crl.o x509_crt.o \
|
||||
x509_csr.o x509write_crt.o x509write_csr.o
|
||||
OBJS_X509= \
|
||||
certs.o \
|
||||
pkcs11.o \
|
||||
x509.o \
|
||||
x509_create.o \
|
||||
x509_crl.o \
|
||||
x509_crt.o \
|
||||
x509_csr.o \
|
||||
x509write_crt.o \
|
||||
x509write_csr.o \
|
||||
# This line is intentionally left blank
|
||||
|
||||
OBJS_TLS= debug.o net_sockets.o \
|
||||
ssl_cache.o ssl_ciphersuites.o \
|
||||
ssl_cli.o ssl_cookie.o \
|
||||
OBJS_TLS= \
|
||||
debug.o \
|
||||
net_sockets.o \
|
||||
ssl_cache.o \
|
||||
ssl_ciphersuites.o \
|
||||
ssl_cli.o \
|
||||
ssl_cookie.o \
|
||||
ssl_msg.o \
|
||||
ssl_srv.o ssl_ticket.o \
|
||||
ssl_tls.o
|
||||
ssl_srv.o \
|
||||
ssl_ticket.o \
|
||||
ssl_tls.o \
|
||||
# This line is intentionally left blank
|
||||
|
||||
.SILENT:
|
||||
|
||||
|
@ -201,8 +255,6 @@ libmbedcrypto.dll: $(OBJS_CRYPTO)
|
|||
echo " LD $@"
|
||||
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedcrypto.$(DLEXT): | libmbedcrypto.a
|
||||
|
||||
.c.o:
|
||||
echo " CC $<"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
|
||||
|
|
|
@ -1847,7 +1847,7 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
|
||||
mbedtls_printf( " AES-ECB-%3u (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( buf, 0, 16 );
|
||||
|
@ -1909,7 +1909,7 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
|
||||
mbedtls_printf( " AES-CBC-%3u (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( iv , 0, 16 );
|
||||
|
@ -1984,7 +1984,7 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
|
||||
mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( iv, aes_test_cfb128_iv, 16 );
|
||||
|
@ -2047,7 +2047,7 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-OFB-%3d (%s): ", keybits,
|
||||
mbedtls_printf( " AES-OFB-%3u (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( iv, aes_test_ofb_iv, 16 );
|
||||
|
|
|
@ -2938,7 +2938,7 @@ int mbedtls_mpi_self_test( int verbose )
|
|||
cleanup:
|
||||
|
||||
if( ret != 0 && verbose != 0 )
|
||||
mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
|
||||
mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
|
||||
|
||||
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
|
||||
mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
|
||||
|
|
|
@ -784,7 +784,7 @@ static int cmac_test_subkeys( int verbose,
|
|||
for( i = 0; i < num_tests; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 );
|
||||
mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 );
|
||||
|
||||
mbedtls_cipher_init( &ctx );
|
||||
|
||||
|
@ -865,7 +865,7 @@ static int cmac_test_wth_cipher( int verbose,
|
|||
for( i = 0; i < num_tests; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 );
|
||||
mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 );
|
||||
|
||||
if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
|
||||
message_lengths[i], output ) ) != 0 )
|
||||
|
@ -900,7 +900,7 @@ static int test_aes128_cmac_prf( int verbose )
|
|||
|
||||
for( i = 0; i < NB_PRF_TESTS; i++ )
|
||||
{
|
||||
mbedtls_printf( " AES CMAC 128 PRF #%u: ", i );
|
||||
mbedtls_printf( " AES CMAC 128 PRF #%d: ", i );
|
||||
ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
|
||||
if( ret != 0 ||
|
||||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
|
||||
|
|
|
@ -132,7 +132,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||
return;
|
||||
|
||||
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
|
||||
text, ret, -ret );
|
||||
text, ret, (unsigned int) -ret );
|
||||
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
}
|
||||
|
|
|
@ -2332,7 +2332,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) );
|
||||
|
@ -3156,7 +3156,7 @@ int mbedtls_ecp_self_test( int verbose )
|
|||
cleanup:
|
||||
|
||||
if( ret < 0 && verbose != 0 )
|
||||
mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
|
||||
mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
|
||||
|
||||
mbedtls_ecp_group_free( &grp );
|
||||
mbedtls_ecp_point_free( &R );
|
||||
|
|
1599
library/error.c
1599
library/error.c
File diff suppressed because it is too large
Load diff
|
@ -115,7 +115,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
|
|||
|
||||
n = okm_len / hash_len;
|
||||
|
||||
if( (okm_len % hash_len) != 0 )
|
||||
if( okm_len % hash_len != 0 )
|
||||
{
|
||||
n++;
|
||||
}
|
||||
|
@ -136,6 +136,8 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
memset( t, 0, hash_len );
|
||||
|
||||
/*
|
||||
* Compute T = T(1) | T(2) | T(3) | ... | T(N)
|
||||
* Where T(N) is defined in RFC 5869 Section 2.3
|
||||
|
|
|
@ -553,14 +553,12 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
|
|||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_MD_SHA224:
|
||||
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
|
||||
case MBEDTLS_MD_SHA256:
|
||||
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
|
||||
#endif
|
||||
case MBEDTLS_MD_SHA512:
|
||||
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
|
||||
|
@ -599,14 +597,12 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
|||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_MD_SHA224:
|
||||
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
|
||||
case MBEDTLS_MD_SHA256:
|
||||
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
|
||||
#endif
|
||||
case MBEDTLS_MD_SHA512:
|
||||
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
|
||||
|
@ -856,14 +852,12 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
|
|||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_MD_SHA224:
|
||||
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
|
||||
case MBEDTLS_MD_SHA256:
|
||||
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
|
||||
#endif
|
||||
case MBEDTLS_MD_SHA512:
|
||||
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
|
||||
|
|
|
@ -761,7 +761,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size,
|
|||
if( !( oid->p[i] & 0x80 ) )
|
||||
{
|
||||
/* Last byte */
|
||||
ret = mbedtls_snprintf( p, n, ".%d", value );
|
||||
ret = mbedtls_snprintf( p, n, ".%u", value );
|
||||
OID_SAFE_SNPRINTF;
|
||||
value = 0;
|
||||
}
|
||||
|
|
|
@ -2356,7 +2356,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
unsigned char *end )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
size_t len;
|
||||
uint16_t len;
|
||||
((void) ssl);
|
||||
|
||||
/*
|
||||
|
@ -2373,7 +2373,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
len = (*p)[0] << 8 | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
if( end - (*p) < (int) len )
|
||||
if( end - (*p) < len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
|
|
|
@ -214,7 +214,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
|||
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
|
||||
const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||
|
||||
if( max_len > mfl )
|
||||
max_len = mfl;
|
||||
|
@ -3197,16 +3197,17 @@ static int ssl_check_dtls_clihlo_cookie(
|
|||
* that looks like a ClientHello.
|
||||
*
|
||||
* - if the input looks like a ClientHello without cookies,
|
||||
* send back HelloVerifyRequest, then
|
||||
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
|
||||
* send back HelloVerifyRequest, then return 0
|
||||
* - if the input looks like a ClientHello with a valid cookie,
|
||||
* reset the session of the current context, and
|
||||
* return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* - if anything goes wrong, return a specific error code
|
||||
*
|
||||
* mbedtls_ssl_read_record() will ignore the record if anything else than
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
|
||||
* cannot not return 0.
|
||||
* This function is called (through ssl_check_client_reconnect()) when an
|
||||
* unexpected record is found in ssl_get_next_record(), which will discard the
|
||||
* record if we return 0, and bubble up the return value otherwise (this
|
||||
* includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
|
||||
* errors, and is the right thing to do in both cases).
|
||||
*/
|
||||
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -3218,6 +3219,8 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
/* If we can't use cookies to verify reachability of the peer,
|
||||
* drop the record. */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
|
||||
"can't check reconnect validity" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -3233,16 +3236,23 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
int send_ret;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
|
||||
ssl->out_buf, len );
|
||||
/* Don't check write errors as we can't do anything here.
|
||||
* If the error is permanent we'll catch it later,
|
||||
* if it's not, then hopefully it'll work next time. */
|
||||
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
|
||||
ret = 0;
|
||||
send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
|
||||
(void) send_ret;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/* Got a valid cookie, partially reset context */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
|
||||
if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
|
||||
|
@ -4415,6 +4425,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
ssl->in_msglen = rec.data_len;
|
||||
|
||||
ret = ssl_check_client_reconnect( ssl );
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
|
|
@ -2841,7 +2841,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->handshake->ciphersuite_info;
|
||||
size_t dn_size, total_dn_size; /* excluding length bytes */
|
||||
uint16_t dn_size, total_dn_size; /* excluding length bytes */
|
||||
size_t ct_len, sa_len; /* including length bytes */
|
||||
unsigned char *buf, *p;
|
||||
const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||
|
@ -2969,11 +2969,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
while( crt != NULL && crt->version != 0 )
|
||||
{
|
||||
dn_size = crt->subject_raw.len;
|
||||
/* It follows from RFC 5280 A.1 that this length
|
||||
* can be represented in at most 11 bits. */
|
||||
dn_size = (uint16_t) crt->subject_raw.len;
|
||||
|
||||
if( end < p ||
|
||||
(size_t)( end - p ) < dn_size ||
|
||||
(size_t)( end - p ) < 2 + dn_size )
|
||||
if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
||||
break;
|
||||
|
@ -3812,7 +3812,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
const unsigned char *end )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t n;
|
||||
uint16_t n;
|
||||
|
||||
if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
|
||||
{
|
||||
|
@ -3832,7 +3832,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
n = ( (*p)[0] << 8 ) | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
|
||||
if( n == 0 || n > end - *p )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
|
|
|
@ -1514,9 +1514,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
|
||||
|
||||
psk = ssl->conf->psk_opaque;
|
||||
if( handshake->psk_opaque != 0 )
|
||||
psk = handshake->psk_opaque;
|
||||
psk = mbedtls_ssl_get_opaque_psk( ssl );
|
||||
|
||||
if( hash_alg == MBEDTLS_MD_SHA384 )
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
|
||||
|
@ -1850,14 +1848,18 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
{
|
||||
unsigned char *p = ssl->handshake->premaster;
|
||||
unsigned char *end = p + sizeof( ssl->handshake->premaster );
|
||||
const unsigned char *psk = ssl->conf->psk;
|
||||
size_t psk_len = ssl->conf->psk_len;
|
||||
const unsigned char *psk = NULL;
|
||||
size_t psk_len = 0;
|
||||
|
||||
/* If the psk callback was called, use its result */
|
||||
if( ssl->handshake->psk != NULL )
|
||||
if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
|
||||
== MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
||||
{
|
||||
psk = ssl->handshake->psk;
|
||||
psk_len = ssl->handshake->psk_len;
|
||||
/*
|
||||
* This should never happen because the existence of a PSK is always
|
||||
* checked before calling this function
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -3673,6 +3675,11 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
/* If the buffers are too small - reallocate */
|
||||
{
|
||||
int modified = 0;
|
||||
size_t written_in = 0;
|
||||
size_t written_out = 0;
|
||||
if( ssl->in_buf != NULL )
|
||||
{
|
||||
written_in = ssl->in_msg - ssl->in_buf;
|
||||
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
|
||||
{
|
||||
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
|
||||
|
@ -3686,6 +3693,11 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
modified = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( ssl->out_buf != NULL )
|
||||
{
|
||||
written_out = ssl->out_msg - ssl->out_buf;
|
||||
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
||||
{
|
||||
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
|
||||
|
@ -3699,10 +3711,15 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
modified = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
if( modified )
|
||||
{
|
||||
/* Update pointers here to avoid doing it twice. */
|
||||
mbedtls_ssl_reset_in_out_pointers( ssl );
|
||||
/* Fields below might not be properly updated with record
|
||||
* splitting, so they are manually updated here. */
|
||||
ssl->out_msg = ssl->out_buf + written_out;
|
||||
ssl->in_msg = ssl->in_buf + written_in;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -4889,7 +4906,42 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t read_mfl;
|
||||
|
||||
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
||||
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
|
||||
{
|
||||
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
||||
}
|
||||
|
||||
/* Check if a smaller max length was negotiated */
|
||||
if( ssl->session_out != NULL )
|
||||
{
|
||||
read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
|
||||
if( read_mfl < max_len )
|
||||
{
|
||||
max_len = read_mfl;
|
||||
}
|
||||
}
|
||||
|
||||
// During a handshake, use the value being negotiated
|
||||
if( ssl->session_negotiate != NULL )
|
||||
{
|
||||
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
|
||||
if( read_mfl < max_len )
|
||||
{
|
||||
max_len = read_mfl;
|
||||
}
|
||||
}
|
||||
|
||||
return( max_len );
|
||||
}
|
||||
|
||||
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t max_len;
|
||||
|
||||
|
@ -4914,6 +4966,13 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
|||
|
||||
return( max_len );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
@ -4946,7 +5005,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
|
||||
const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||
|
||||
if( max_len > mfl )
|
||||
max_len = mfl;
|
||||
|
@ -5892,9 +5951,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
|
||||
size_t written_in = 0;
|
||||
size_t written_out = 0;
|
||||
if( ssl->in_buf != NULL &&
|
||||
ssl->in_buf_len > buf_len &&
|
||||
ssl->in_left < buf_len )
|
||||
if( ssl->in_buf != NULL )
|
||||
{
|
||||
written_in = ssl->in_msg - ssl->in_buf;
|
||||
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
|
||||
{
|
||||
written_in = ssl->in_msg - ssl->in_buf;
|
||||
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
|
||||
|
@ -5907,13 +5967,16 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
modified = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
buf_len = mbedtls_ssl_get_output_buflen( ssl );
|
||||
if( ssl->out_buf != NULL &&
|
||||
ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
||||
ssl->out_left < buf_len )
|
||||
if(ssl->out_buf != NULL )
|
||||
{
|
||||
written_out = ssl->out_msg - ssl->out_buf;
|
||||
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
||||
ssl->out_left < buf_len )
|
||||
{
|
||||
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
||||
|
@ -5924,6 +5987,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
modified = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
if( modified )
|
||||
{
|
||||
/* Update pointers here to avoid doing it twice. */
|
||||
|
|
|
@ -870,7 +870,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s
|
|||
ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
|
||||
md_info ? mbedtls_md_get_name( md_info ) : "???",
|
||||
mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
|
||||
pss_opts->expected_salt_len );
|
||||
(unsigned int) pss_opts->expected_salt_len );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
}
|
||||
#else
|
||||
|
@ -1064,7 +1064,7 @@ cleanup:
|
|||
mbedtls_x509_crt_free( &clicert );
|
||||
#else
|
||||
((void) verbose);
|
||||
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -524,6 +524,12 @@ static int x509_get_basic_constraints( unsigned char **p,
|
|||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
/* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
|
||||
* overflow, which is an undefined behavior. */
|
||||
if( *max_pathlen == INT_MAX )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
|
||||
(*max_pathlen)++;
|
||||
|
||||
return( 0 );
|
||||
|
|
15
programs/.gitignore
vendored
15
programs/.gitignore
vendored
|
@ -12,8 +12,8 @@ hash/sha2sum
|
|||
pkey/dh_client
|
||||
pkey/dh_genprime
|
||||
pkey/dh_server
|
||||
pkey/ecdsa
|
||||
pkey/ecdh_curve25519
|
||||
pkey/ecdsa
|
||||
pkey/gen_key
|
||||
pkey/key_app
|
||||
pkey/key_app_writer
|
||||
|
@ -30,36 +30,37 @@ pkey/rsa_sign_pss
|
|||
pkey/rsa_verify
|
||||
pkey/rsa_verify_pss
|
||||
psa/crypto_examples
|
||||
psa/key_ladder_demo
|
||||
psa/psa_constant_names
|
||||
psa/psa_constant_names_generated.c
|
||||
psa/key_ladder_demo
|
||||
random/gen_entropy
|
||||
random/gen_random_ctr_drbg
|
||||
random/gen_random_havege
|
||||
ssl/dtls_client
|
||||
ssl/dtls_server
|
||||
ssl/mini_client
|
||||
ssl/ssl_client1
|
||||
ssl/ssl_client2
|
||||
ssl/ssl_context_info
|
||||
ssl/ssl_fork_server
|
||||
ssl/ssl_mail_client
|
||||
ssl/ssl_pthread_server
|
||||
ssl/ssl_server
|
||||
ssl/ssl_server2
|
||||
ssl/mini_client
|
||||
test/benchmark
|
||||
test/ecp-bench
|
||||
test/selftest
|
||||
test/cpp_dummy_build
|
||||
test/ecp-bench
|
||||
test/query_compile_time_config
|
||||
test/selftest
|
||||
test/ssl_cert_test
|
||||
test/udp_proxy
|
||||
test/zeroize
|
||||
test/query_compile_time_config
|
||||
util/pem2der
|
||||
util/strerror
|
||||
x509/cert_app
|
||||
x509/cert_req
|
||||
x509/crl_app
|
||||
x509/cert_write
|
||||
x509/crl_app
|
||||
x509/req_app
|
||||
|
||||
# generated files
|
||||
|
|
|
@ -8,5 +8,5 @@ add_subdirectory(psa)
|
|||
add_subdirectory(random)
|
||||
add_subdirectory(ssl)
|
||||
add_subdirectory(test)
|
||||
add_subdirectory(x509)
|
||||
add_subdirectory(util)
|
||||
add_subdirectory(x509)
|
||||
|
|
|
@ -53,8 +53,8 @@ endif
|
|||
APPS = \
|
||||
aes/aescrypt2$(EXEXT) \
|
||||
aes/crypt_and_hash$(EXEXT) \
|
||||
hash/hello$(EXEXT) \
|
||||
hash/generic_sum$(EXEXT) \
|
||||
hash/hello$(EXEXT) \
|
||||
pkey/dh_client$(EXEXT) \
|
||||
pkey/dh_genprime$(EXEXT) \
|
||||
pkey/dh_server$(EXEXT) \
|
||||
|
@ -68,39 +68,40 @@ APPS = \
|
|||
pkey/pk_encrypt$(EXEXT) \
|
||||
pkey/pk_sign$(EXEXT) \
|
||||
pkey/pk_verify$(EXEXT) \
|
||||
pkey/rsa_genkey$(EXEXT) \
|
||||
pkey/rsa_decrypt$(EXEXT) \
|
||||
pkey/rsa_encrypt$(EXEXT) \
|
||||
pkey/rsa_genkey$(EXEXT) \
|
||||
pkey/rsa_sign$(EXEXT) \
|
||||
pkey/rsa_verify$(EXEXT) \
|
||||
pkey/rsa_sign_pss$(EXEXT) \
|
||||
pkey/rsa_verify$(EXEXT) \
|
||||
pkey/rsa_verify_pss$(EXEXT) \
|
||||
psa/crypto_examples$(EXEXT) \
|
||||
psa/key_ladder_demo$(EXEXT) \
|
||||
psa/psa_constant_names$(EXEXT) \
|
||||
random/gen_entropy$(EXEXT) \
|
||||
random/gen_random_ctr_drbg$(EXEXT) \
|
||||
random/gen_random_havege$(EXEXT) \
|
||||
ssl/dtls_client$(EXEXT) \
|
||||
ssl/dtls_server$(EXEXT) \
|
||||
ssl/mini_client$(EXEXT) \
|
||||
ssl/ssl_client1$(EXEXT) \
|
||||
ssl/ssl_client2$(EXEXT) \
|
||||
ssl/ssl_context_info$(EXEXT) \
|
||||
ssl/ssl_fork_server$(EXEXT) \
|
||||
ssl/ssl_mail_client$(EXEXT) \
|
||||
ssl/ssl_server$(EXEXT) \
|
||||
ssl/ssl_server2$(EXEXT) \
|
||||
ssl/ssl_fork_server$(EXEXT) \
|
||||
ssl/mini_client$(EXEXT) \
|
||||
ssl/ssl_mail_client$(EXEXT) \
|
||||
random/gen_entropy$(EXEXT) \
|
||||
random/gen_random_havege$(EXEXT) \
|
||||
random/gen_random_ctr_drbg$(EXEXT) \
|
||||
test/benchmark$(EXEXT) \
|
||||
test/query_compile_time_config$(EXEXT) \
|
||||
test/selftest$(EXEXT) \
|
||||
test/udp_proxy$(EXEXT) \
|
||||
test/zeroize$(EXEXT) \
|
||||
test/query_compile_time_config$(EXEXT) \
|
||||
util/pem2der$(EXEXT) \
|
||||
util/strerror$(EXEXT) \
|
||||
x509/cert_app$(EXEXT) \
|
||||
x509/crl_app$(EXEXT) \
|
||||
x509/cert_req$(EXEXT) \
|
||||
x509/cert_write$(EXEXT) \
|
||||
x509/crl_app$(EXEXT) \
|
||||
x509/req_app$(EXEXT) \
|
||||
# End of APPS
|
||||
|
||||
|
@ -282,6 +283,10 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP)
|
|||
echo " CC ssl/ssl_server2.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.c $(DEP)
|
||||
echo " CC ssl/ssl_context_info.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
|
||||
echo " CC ssl/ssl_fork_server.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
|
|
@ -118,7 +118,7 @@ int main( int argc, char *argv[] )
|
|||
ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -298,7 +298,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( fread( buffer, 1, n, fin ) != (size_t) n )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
|
||||
mbedtls_fprintf( stderr, "fread(%u bytes) failed\n", n );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -413,7 +413,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( fwrite( buffer, 1, n, fout ) != (size_t) n )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
|
||||
mbedtls_fprintf( stderr, "fwrite(%u bytes) failed\n", n );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -219,7 +219,7 @@ int main( int argc, char *argv[] )
|
|||
p = &argv[6][4];
|
||||
keylen = 0;
|
||||
|
||||
while( sscanf( p, "%02X", &n ) > 0 &&
|
||||
while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
|
||||
keylen < (int) sizeof( key ) )
|
||||
{
|
||||
key[keylen++] = (unsigned char) n;
|
||||
|
@ -417,7 +417,7 @@ int main( int argc, char *argv[] )
|
|||
( ( filesize - mbedtls_md_get_size( md_info ) ) %
|
||||
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "File content not a multiple of the block size (%d).\n",
|
||||
mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
|
||||
mbedtls_cipher_get_block_size( &cipher_ctx ));
|
||||
goto exit;
|
||||
}
|
||||
|
@ -484,7 +484,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( fread( buffer, 1, ilen, fin ) != ilen )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n",
|
||||
mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
|
||||
mbedtls_cipher_get_block_size( &cipher_ctx ) );
|
||||
goto exit;
|
||||
}
|
||||
|
|
|
@ -189,7 +189,7 @@ int main( int argc, char *argv[] )
|
|||
sig, &sig_len,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
|
||||
|
|
|
@ -302,7 +302,7 @@ int main( int argc, char *argv[] )
|
|||
NULL, DEV_RANDOM_THRESHOLD,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -315,7 +315,7 @@ int main( int argc, char *argv[] )
|
|||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -328,7 +328,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_pk_setup( &key,
|
||||
mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -339,7 +339,7 @@ int main( int argc, char *argv[] )
|
|||
opt.rsa_keysize, 65537 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -353,7 +353,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -187,7 +187,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
@ -248,7 +248,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -360,7 +360,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -109,7 +109,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
i = 0;
|
||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
|
||||
i < (int) sizeof( buf ) )
|
||||
{
|
||||
buf[i++] = (unsigned char) c;
|
||||
|
@ -142,7 +142,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -107,7 +107,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -130,7 +130,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ int main( int argc, char *argv[] )
|
|||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -127,7 +127,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -123,7 +123,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||
buf, i ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -160,7 +160,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
i = 0;
|
||||
|
||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
|
||||
i < (int) sizeof( buf ) )
|
||||
buf[i++] = (unsigned char) c;
|
||||
|
||||
|
|
|
@ -129,7 +129,7 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout );
|
||||
if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -151,7 +151,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
|
||||
20, hash, buf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -114,7 +114,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
i = 0;
|
||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
|
||||
i < (int) sizeof( buf ) )
|
||||
buf[i++] = (unsigned char) c;
|
||||
|
||||
|
@ -144,7 +144,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ int main( void )
|
|||
status = ( expr ); \
|
||||
if( status != PSA_SUCCESS ) \
|
||||
{ \
|
||||
printf( "Error %d at line %u: %s\n", \
|
||||
printf( "Error %d at line %d: %s\n", \
|
||||
(int) status, \
|
||||
__LINE__, \
|
||||
#expr ); \
|
||||
|
|
|
@ -80,7 +80,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
|
||||
ret );
|
||||
(unsigned int) ret );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ set(libs
|
|||
set(targets
|
||||
dtls_client
|
||||
dtls_server
|
||||
mini_client
|
||||
ssl_client1
|
||||
ssl_client2
|
||||
ssl_server
|
||||
ssl_fork_server
|
||||
ssl_mail_client
|
||||
mini_client
|
||||
ssl_server
|
||||
)
|
||||
|
||||
if(USE_PKCS11_HELPER_LIBRARY)
|
||||
|
@ -44,6 +44,9 @@ add_executable(ssl_server2 ssl_server2.c)
|
|||
target_sources(ssl_server2 PUBLIC ../test/query_config.c)
|
||||
target_link_libraries(ssl_server2 ${libs})
|
||||
|
||||
add_executable(ssl_context_info ssl_context_info.c)
|
||||
target_link_libraries(ssl_context_info ${libs})
|
||||
|
||||
add_executable(ssl_fork_server ssl_fork_server.c)
|
||||
target_link_libraries(ssl_fork_server ${libs})
|
||||
|
||||
|
|
|
@ -149,7 +149,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_test_cas_pem_len );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -225,7 +225,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -303,7 +303,7 @@ send_request:
|
|||
goto close_notify;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -291,7 +291,7 @@ reset:
|
|||
client_ip, cliip_len ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! "
|
||||
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
|
||||
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -318,7 +318,7 @@ reset:
|
|||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto reset;
|
||||
}
|
||||
|
||||
|
@ -351,7 +351,7 @@ reset:
|
|||
goto close_notify;
|
||||
|
||||
default:
|
||||
printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
|
||||
printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -134,7 +134,7 @@ int main( void )
|
|||
mbedtls_test_cas_pem_len );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -203,7 +203,7 @@ int main( void )
|
|||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -67,6 +67,7 @@ int main( void )
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/timing.h"
|
||||
#include "mbedtls/base64.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
|
@ -139,6 +140,7 @@ int main( void )
|
|||
#define DFL_EXTENDED_MS -1
|
||||
#define DFL_ETM -1
|
||||
#define DFL_SERIALIZE 0
|
||||
#define DFL_CONTEXT_FILE ""
|
||||
#define DFL_EXTENDED_MS_ENFORCE -1
|
||||
#define DFL_CA_CALLBACK 0
|
||||
#define DFL_EAP_TLS 0
|
||||
|
@ -365,7 +367,12 @@ int main( void )
|
|||
#define USAGE_SERIALIZATION \
|
||||
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
||||
" options: 1 (serialize)\n" \
|
||||
" 2 (serialize with re-initialization)\n"
|
||||
" 2 (serialize with re-initialization)\n" \
|
||||
" context_file=%%s The file path to write a serialized connection\n"\
|
||||
" in the form of base64 code (serialize option\n" \
|
||||
" must be set)\n" \
|
||||
" default: \"\" (do nothing)\n" \
|
||||
" option: a file path\n"
|
||||
#else
|
||||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
@ -516,6 +523,9 @@ struct options
|
|||
* during renegotiation */
|
||||
const char *cid_val; /* the CID to use for incoming messages */
|
||||
int serialize; /* serialize/deserialize connection */
|
||||
const char *context_file; /* the file to write a serialized connection
|
||||
* in the form of base64 code (serialize
|
||||
* option must be set) */
|
||||
const char *cid_val_renego; /* the CID to use for incoming messages
|
||||
* after renegotiation */
|
||||
int reproducible; /* make communication reproducible */
|
||||
|
@ -823,7 +833,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
|
|||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret );
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
|
@ -1067,7 +1077,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -1091,7 +1101,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -1101,7 +1111,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
return( ret );
|
||||
}
|
||||
mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
|
||||
|
@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] )
|
|||
opt.etm = DFL_ETM;
|
||||
opt.dgram_packing = DFL_DGRAM_PACKING;
|
||||
opt.serialize = DFL_SERIALIZE;
|
||||
opt.context_file = DFL_CONTEXT_FILE;
|
||||
opt.eap_tls = DFL_EAP_TLS;
|
||||
opt.reproducible = DFL_REPRODUCIBLE;
|
||||
opt.nss_keylog = DFL_NSS_KEYLOG;
|
||||
|
@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] )
|
|||
if( opt.serialize < 0 || opt.serialize > 2)
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "context_file") == 0 )
|
||||
{
|
||||
opt.context_file = q;
|
||||
}
|
||||
else if( strcmp( p, "eap_tls" ) == 0 )
|
||||
{
|
||||
opt.eap_tls = atoi( q );
|
||||
|
@ -1998,7 +2013,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2009,7 +2024,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2067,7 +2082,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2102,7 +2117,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2127,7 +2142,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2164,7 +2179,7 @@ int main( int argc, char *argv[] )
|
|||
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2175,7 +2190,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2193,7 +2208,7 @@ int main( int argc, char *argv[] )
|
|||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2234,7 +2249,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2432,7 +2447,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2512,7 +2527,7 @@ int main( int argc, char *argv[] )
|
|||
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
mbedtls_printf(
|
||||
" Unable to verify the server's certificate. "
|
||||
|
@ -2553,8 +2568,10 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
||||
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
||||
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
|
@ -2582,7 +2599,7 @@ int main( int argc, char *argv[] )
|
|||
!= 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2603,7 +2620,7 @@ int main( int argc, char *argv[] )
|
|||
sizeof( eap_tls_iv ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2650,7 +2667,7 @@ int main( int argc, char *argv[] )
|
|||
&session_data_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2659,7 +2676,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2810,7 +2827,7 @@ send_request:
|
|||
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2938,7 +2955,7 @@ send_request:
|
|||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3002,7 +3019,7 @@ send_request:
|
|||
goto close_notify;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3030,7 +3047,7 @@ send_request:
|
|||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3041,7 +3058,7 @@ send_request:
|
|||
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3075,7 +3092,7 @@ send_request:
|
|||
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
@ -3093,17 +3110,67 @@ send_request:
|
|||
buf_len, &buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/* Save serialized context to the 'opt.context_file' as a base64 code */
|
||||
if( 0 < strlen( opt.context_file ) )
|
||||
{
|
||||
FILE *b64_file;
|
||||
uint8_t *b64_buf;
|
||||
size_t b64_len;
|
||||
|
||||
mbedtls_printf( " . Save serialized context to a file... " );
|
||||
|
||||
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
|
||||
|
||||
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
|
||||
"the base64 code\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
|
||||
context_buf, buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
|
||||
"-0x%x\n", (unsigned int) -ret );
|
||||
mbedtls_free( b64_buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
|
||||
opt.context_file );
|
||||
mbedtls_free( b64_buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
|
||||
(long) b64_len );
|
||||
mbedtls_free( b64_buf );
|
||||
fclose( b64_file );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_free( b64_buf );
|
||||
fclose( b64_file );
|
||||
|
||||
mbedtls_printf( "ok\n" );
|
||||
}
|
||||
|
||||
if( opt.serialize == 1 )
|
||||
{
|
||||
/* nothing to do here, done by context_save() already */
|
||||
mbedtls_printf( " . Context has been reset... ok" );
|
||||
mbedtls_printf( " . Context has been reset... ok\n" );
|
||||
}
|
||||
|
||||
if( opt.serialize == 2 )
|
||||
|
@ -3117,7 +3184,7 @@ send_request:
|
|||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3144,7 +3211,7 @@ send_request:
|
|||
buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
@ -3216,7 +3283,7 @@ reconnect:
|
|||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3227,7 +3294,7 @@ reconnect:
|
|||
session_data_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3235,7 +3302,7 @@ reconnect:
|
|||
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3245,7 +3312,7 @@ reconnect:
|
|||
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3256,7 +3323,7 @@ reconnect:
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3267,7 +3334,7 @@ reconnect:
|
|||
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3286,7 +3353,7 @@ exit:
|
|||
{
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
|
||||
mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
1112
programs/ssl/ssl_context_info.c
Normal file
1112
programs/ssl/ssl_context_info.c
Normal file
File diff suppressed because it is too large
Load diff
|
@ -309,7 +309,7 @@ reset:
|
|||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -63,6 +63,7 @@ int main( void )
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/timing.h"
|
||||
#include "mbedtls/base64.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
|
@ -172,6 +173,7 @@ int main( void )
|
|||
#define DFL_EXTENDED_MS -1
|
||||
#define DFL_ETM -1
|
||||
#define DFL_SERIALIZE 0
|
||||
#define DFL_CONTEXT_FILE ""
|
||||
#define DFL_EXTENDED_MS_ENFORCE -1
|
||||
#define DFL_CA_CALLBACK 0
|
||||
#define DFL_EAP_TLS 0
|
||||
|
@ -451,7 +453,12 @@ int main( void )
|
|||
#define USAGE_SERIALIZATION \
|
||||
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
||||
" options: 1 (serialize)\n" \
|
||||
" 2 (serialize with re-initialization)\n"
|
||||
" 2 (serialize with re-initialization)\n" \
|
||||
" context_file=%%s The file path to write a serialized connection\n"\
|
||||
" in the form of base64 code (serialize option\n" \
|
||||
" must be set)\n" \
|
||||
" default: \"\" (do nothing)\n" \
|
||||
" option: a file path\n"
|
||||
#else
|
||||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
@ -617,6 +624,9 @@ struct options
|
|||
* during renegotiation */
|
||||
const char *cid_val; /* the CID to use for incoming messages */
|
||||
int serialize; /* serialize/deserialize connection */
|
||||
const char *context_file; /* the file to write a serialized connection
|
||||
* in the form of base64 code (serialize
|
||||
* option must be set) */
|
||||
const char *cid_val_renego; /* the CID to use for incoming messages
|
||||
* after renegotiation */
|
||||
int reproducible; /* make communication reproducible */
|
||||
|
@ -922,7 +932,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
|
|||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret );
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
|
@ -1710,7 +1720,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] )
|
|||
opt.extended_ms = DFL_EXTENDED_MS;
|
||||
opt.etm = DFL_ETM;
|
||||
opt.serialize = DFL_SERIALIZE;
|
||||
opt.context_file = DFL_CONTEXT_FILE;
|
||||
opt.eap_tls = DFL_EAP_TLS;
|
||||
opt.reproducible = DFL_REPRODUCIBLE;
|
||||
opt.nss_keylog = DFL_NSS_KEYLOG;
|
||||
|
@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] )
|
|||
if( opt.serialize < 0 || opt.serialize > 2)
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "context_file") == 0 )
|
||||
{
|
||||
opt.context_file = q;
|
||||
}
|
||||
else if( strcmp( p, "eap_tls" ) == 0 )
|
||||
{
|
||||
opt.eap_tls = atoi( q );
|
||||
|
@ -2740,7 +2755,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2751,7 +2766,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2808,7 +2823,7 @@ int main( int argc, char *argv[] )
|
|||
#endif /* MBEDTLS_CERTS_C */
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2827,7 +2842,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2836,7 +2851,7 @@ int main( int argc, char *argv[] )
|
|||
key_cert_init++;
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2852,7 +2867,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2862,7 +2877,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2889,7 +2904,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_test_srv_crt_rsa_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_pk_parse_key( &pkey,
|
||||
|
@ -2897,7 +2912,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
key_cert_init = 2;
|
||||
|
@ -2908,7 +2923,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_test_srv_crt_ec_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_pk_parse_key( &pkey2,
|
||||
|
@ -2916,7 +2931,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
key_cert_init2 = 2;
|
||||
|
@ -2936,7 +2951,7 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2973,7 +2988,7 @@ int main( int argc, char *argv[] )
|
|||
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
|
||||
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -2990,7 +3005,7 @@ int main( int argc, char *argv[] )
|
|||
opt.transport,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3049,7 +3064,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3375,7 +3390,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( opt.psk_identity ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3416,7 +3431,7 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret );
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
@ -3429,7 +3444,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3514,7 +3529,7 @@ reset:
|
|||
}
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3524,7 +3539,7 @@ reset:
|
|||
ret = mbedtls_net_set_block( &client_fd );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3537,7 +3552,7 @@ reset:
|
|||
client_ip, cliip_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -3600,7 +3615,7 @@ handshake:
|
|||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
|
@ -3633,8 +3648,10 @@ handshake:
|
|||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
||||
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
||||
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
|
@ -3692,7 +3709,7 @@ handshake:
|
|||
!= 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3713,7 +3730,7 @@ handshake:
|
|||
sizeof( eap_tls_iv ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
|
||||
-ret );
|
||||
(unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -3804,7 +3821,7 @@ data_exchange:
|
|||
goto reset;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
@ -3850,7 +3867,7 @@ data_exchange:
|
|||
}
|
||||
|
||||
larger_buf[ori_len + extra_len] = '\0';
|
||||
mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n",
|
||||
mbedtls_printf( " %d bytes read (%d + %d)\n\n%s\n",
|
||||
ori_len + extra_len, ori_len, extra_len,
|
||||
(char *) larger_buf );
|
||||
|
||||
|
@ -3918,7 +3935,7 @@ data_exchange:
|
|||
goto close_notify;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
@ -4075,7 +4092,7 @@ data_exchange:
|
|||
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
@ -4093,13 +4110,63 @@ data_exchange:
|
|||
buf_len, &buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/* Save serialized context to the 'opt.context_file' as a base64 code */
|
||||
if( 0 < strlen( opt.context_file ) )
|
||||
{
|
||||
FILE *b64_file;
|
||||
uint8_t *b64_buf;
|
||||
size_t b64_len;
|
||||
|
||||
mbedtls_printf( " . Save serialized context to a file... " );
|
||||
|
||||
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
|
||||
|
||||
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
|
||||
"the base64 code\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
|
||||
context_buf, buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
|
||||
"-0x%x\n", (unsigned int) -ret );
|
||||
mbedtls_free( b64_buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
|
||||
opt.context_file );
|
||||
mbedtls_free( b64_buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
|
||||
(long) b64_len );
|
||||
mbedtls_free( b64_buf );
|
||||
fclose( b64_file );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_free( b64_buf );
|
||||
fclose( b64_file );
|
||||
|
||||
mbedtls_printf( "ok\n" );
|
||||
}
|
||||
|
||||
/*
|
||||
* This simulates a workflow where you have a long-lived server
|
||||
* instance, potentially with a pool of ssl_context objects, and you
|
||||
|
@ -4110,7 +4177,7 @@ data_exchange:
|
|||
if( opt.serialize == 1 )
|
||||
{
|
||||
/* nothing to do here, done by context_save() already */
|
||||
mbedtls_printf( " . Context has been reset... ok" );
|
||||
mbedtls_printf( " . Context has been reset... ok\n" );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -4132,7 +4199,7 @@ data_exchange:
|
|||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -4165,7 +4232,7 @@ data_exchange:
|
|||
buf_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
|
||||
"-0x%x\n\n", -ret );
|
||||
"-0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
@ -4208,7 +4275,7 @@ exit:
|
|||
{
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
|
||||
mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -112,7 +112,7 @@ int main( void )
|
|||
mbedtls_printf( "FAILED: %s\n", tmp );
|
||||
#else
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_printf( "FAILED: -0x%04x\n", -ret );
|
||||
mbedtls_printf( "FAILED: -0x%04x\n", (unsigned int) -ret );
|
||||
#endif
|
||||
|
||||
#define TIME_AND_TSC( TITLE, CODE ) \
|
||||
|
@ -150,6 +150,16 @@ do { \
|
|||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
|
||||
|
||||
/* How much space to reserve for the title when printing heap usage results.
|
||||
* Updated manually as the output of the following command:
|
||||
*
|
||||
* sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
|
||||
* awk '{print length+2}' | sort -rn | head -n1
|
||||
*
|
||||
* This computes the maximum length of a title +2 (because we appends "/s").
|
||||
* (If the value is too small, the only consequence is poor alignement.) */
|
||||
#define TITLE_SPACE 16
|
||||
|
||||
#define MEMORY_MEASURE_INIT \
|
||||
size_t max_used, max_blocks, max_bytes; \
|
||||
size_t prv_used, prv_blocks; \
|
||||
|
@ -158,7 +168,8 @@ do { \
|
|||
|
||||
#define MEMORY_MEASURE_PRINT( title_len ) \
|
||||
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
|
||||
for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
|
||||
ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
|
||||
while( ii-- ) mbedtls_printf( " " ); \
|
||||
max_used -= prv_used; \
|
||||
max_blocks -= prv_blocks; \
|
||||
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
|
||||
|
|
|
@ -133,6 +133,7 @@ int main( void )
|
|||
" modifying CID in first instance of the packet.\n" \
|
||||
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
|
||||
" protect_len=%%d default: (don't protect packets of this size)\n" \
|
||||
" inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
|
||||
"\n" \
|
||||
" seed=%%d default: (use current time)\n" \
|
||||
USAGE_PACK \
|
||||
|
@ -166,6 +167,7 @@ static struct options
|
|||
unsigned bad_cid; /* inject corrupted CID record */
|
||||
int protect_hvr; /* never drop or delay HelloVerifyRequest */
|
||||
int protect_len; /* never drop/delay packet of the given size*/
|
||||
int inject_clihlo; /* inject fake ClientHello after handshake */
|
||||
unsigned pack; /* merge packets into single datagram for
|
||||
* at most \c merge milliseconds if > 0 */
|
||||
unsigned int seed; /* seed for "random" events */
|
||||
|
@ -314,6 +316,12 @@ static void get_options( int argc, char *argv[] )
|
|||
if( opt.protect_len < 0 )
|
||||
exit_usage( p, q );
|
||||
}
|
||||
else if( strcmp( p, "inject_clihlo" ) == 0 )
|
||||
{
|
||||
opt.inject_clihlo = atoi( q );
|
||||
if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
|
||||
exit_usage( p, q );
|
||||
}
|
||||
else if( strcmp( p, "seed" ) == 0 )
|
||||
{
|
||||
opt.seed = atoi( q );
|
||||
|
@ -448,7 +456,7 @@ static int ctx_buffer_append( ctx_buffer *buf,
|
|||
{
|
||||
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
|
||||
{
|
||||
mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret );
|
||||
mbedtls_printf( "ctx_buffer_flush failed with -%#04x", (unsigned int) -ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
@ -487,7 +495,7 @@ static int dispatch_data( mbedtls_net_context *ctx,
|
|||
ret = mbedtls_net_send( ctx, data, len );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( "net_send returned -%#04x\n", -ret );
|
||||
mbedtls_printf( "net_send returned -%#04x\n", (unsigned int) -ret );
|
||||
}
|
||||
return( ret );
|
||||
}
|
||||
|
@ -523,11 +531,41 @@ void print_packet( const packet *p, const char *why )
|
|||
fflush( stdout );
|
||||
}
|
||||
|
||||
/*
|
||||
* In order to test the server's behaviour when receiving a ClientHello after
|
||||
* the connection is established (this could be a hard reset from the client,
|
||||
* but the server must not drop the existing connection before establishing
|
||||
* client reachability, see RFC 6347 Section 4.2.8), we memorize the first
|
||||
* ClientHello we see (which can't have a cookie), then replay it after the
|
||||
* first ApplicationData record - then we're done.
|
||||
*
|
||||
* This is controlled by the inject_clihlo option.
|
||||
*
|
||||
* We want an explicit state and a place to store the packet.
|
||||
*/
|
||||
typedef enum {
|
||||
ICH_INIT, /* haven't seen the first ClientHello yet */
|
||||
ICH_CACHED, /* cached the initial ClientHello */
|
||||
ICH_INJECTED, /* ClientHello already injected, done */
|
||||
} inject_clihlo_state_t;
|
||||
|
||||
static inject_clihlo_state_t inject_clihlo_state;
|
||||
static packet initial_clihlo;
|
||||
|
||||
int send_packet( const packet *p, const char *why )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_net_context *dst = p->dst;
|
||||
|
||||
/* save initial ClientHello? */
|
||||
if( opt.inject_clihlo != 0 &&
|
||||
inject_clihlo_state == ICH_INIT &&
|
||||
strcmp( p->type, "ClientHello" ) == 0 )
|
||||
{
|
||||
memcpy( &initial_clihlo, p, sizeof( packet ) );
|
||||
inject_clihlo_state = ICH_CACHED;
|
||||
}
|
||||
|
||||
/* insert corrupted CID record? */
|
||||
if( opt.bad_cid != 0 &&
|
||||
strcmp( p->type, "CID" ) == 0 &&
|
||||
|
@ -592,6 +630,23 @@ int send_packet( const packet *p, const char *why )
|
|||
}
|
||||
}
|
||||
|
||||
/* Inject ClientHello after first ApplicationData */
|
||||
if( opt.inject_clihlo != 0 &&
|
||||
inject_clihlo_state == ICH_CACHED &&
|
||||
strcmp( p->type, "ApplicationData" ) == 0 )
|
||||
{
|
||||
print_packet( &initial_clihlo, "injected" );
|
||||
|
||||
if( ( ret = dispatch_data( dst, initial_clihlo.buf,
|
||||
initial_clihlo.len ) ) <= 0 )
|
||||
{
|
||||
mbedtls_printf( " ! dispatch returned %d\n", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
inject_clihlo_state = ICH_INJECTED;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -944,7 +999,7 @@ exit:
|
|||
{
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf( "Last error was: -0x%04X - %s\n\n", - ret, error_buf );
|
||||
mbedtls_printf( "Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf );
|
||||
fflush( stdout );
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -79,7 +79,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
char error_buf[200];
|
||||
mbedtls_strerror( val, error_buf, 200 );
|
||||
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf );
|
||||
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf );
|
||||
}
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -258,7 +258,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -268,7 +268,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -282,7 +282,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -507,7 +507,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -527,7 +527,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -537,7 +537,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -561,7 +561,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -571,7 +571,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -596,7 +596,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -612,7 +612,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
|
||||
"returned -x%02x - %s\n\n", -ret, buf );
|
||||
"returned -x%02x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -646,7 +646,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -654,7 +654,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -669,7 +669,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -678,7 +678,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -696,7 +696,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -716,7 +716,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
|
||||
"_key_identifier returned -0x%04x - %s\n\n",
|
||||
-ret, buf );
|
||||
(unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -735,7 +735,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
|
||||
"key_identifier returned -0x%04x - %s\n\n",
|
||||
-ret, buf );
|
||||
(unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -754,7 +754,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -772,7 +772,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -790,7 +790,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
|
||||
-ret, buf );
|
||||
(unsigned int) -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ from types import SimpleNamespace
|
|||
import xml.etree.ElementTree as ET
|
||||
|
||||
|
||||
class AbiChecker(object):
|
||||
class AbiChecker:
|
||||
"""API and ABI checker."""
|
||||
|
||||
def __init__(self, old_version, new_version, configuration):
|
||||
|
|
505
scripts/assemble_changelog.py
Executable file
505
scripts/assemble_changelog.py
Executable file
|
@ -0,0 +1,505 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
"""Assemble Mbed TLS change log entries into the change log file.
|
||||
|
||||
Add changelog entries to the first level-2 section.
|
||||
Create a new level-2 section for unreleased changes if needed.
|
||||
Remove the input files unless --keep-entries is specified.
|
||||
|
||||
In each level-3 section, entries are sorted in chronological order
|
||||
(oldest first). From oldest to newest:
|
||||
* Merged entry files are sorted according to their merge date (date of
|
||||
the merge commit that brought the commit that created the file into
|
||||
the target branch).
|
||||
* Committed but unmerged entry files are sorted according to the date
|
||||
of the commit that adds them.
|
||||
* Uncommitted entry files are sorted according to their modification time.
|
||||
|
||||
You must run this program from within a git working directory.
|
||||
"""
|
||||
|
||||
# Copyright (C) 2019, Arm Limited, All Rights Reserved
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
|
||||
import argparse
|
||||
from collections import OrderedDict, namedtuple
|
||||
import datetime
|
||||
import functools
|
||||
import glob
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
class InputFormatError(Exception):
|
||||
def __init__(self, filename, line_number, message, *args, **kwargs):
|
||||
message = '{}:{}: {}'.format(filename, line_number,
|
||||
message.format(*args, **kwargs))
|
||||
super().__init__(message)
|
||||
|
||||
class CategoryParseError(Exception):
|
||||
def __init__(self, line_offset, error_message):
|
||||
self.line_offset = line_offset
|
||||
self.error_message = error_message
|
||||
super().__init__('{}: {}'.format(line_offset, error_message))
|
||||
|
||||
class LostContent(Exception):
|
||||
def __init__(self, filename, line):
|
||||
message = ('Lost content from {}: "{}"'.format(filename, line))
|
||||
super().__init__(message)
|
||||
|
||||
# The category names we use in the changelog.
|
||||
# If you edit this, update ChangeLog.d/README.md.
|
||||
STANDARD_CATEGORIES = (
|
||||
b'API changes',
|
||||
b'Default behavior changes',
|
||||
b'Requirement changes',
|
||||
b'New deprecations',
|
||||
b'Removals',
|
||||
b'Features',
|
||||
b'Security',
|
||||
b'Bugfix',
|
||||
b'Changes',
|
||||
)
|
||||
|
||||
CategoryContent = namedtuple('CategoryContent', [
|
||||
'name', 'title_line', # Title text and line number of the title
|
||||
'body', 'body_line', # Body text and starting line number of the body
|
||||
])
|
||||
|
||||
class ChangelogFormat:
|
||||
"""Virtual class documenting how to write a changelog format class."""
|
||||
|
||||
@classmethod
|
||||
def extract_top_version(cls, changelog_file_content):
|
||||
"""Split out the top version section.
|
||||
|
||||
If the top version is already released, create a new top
|
||||
version section for an unreleased version.
|
||||
|
||||
Return ``(header, top_version_title, top_version_body, trailer)``
|
||||
where the "top version" is the existing top version section if it's
|
||||
for unreleased changes, and a newly created section otherwise.
|
||||
To assemble the changelog after modifying top_version_body,
|
||||
concatenate the four pieces.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def version_title_text(cls, version_title):
|
||||
"""Return the text of a formatted version section title."""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def split_categories(cls, version_body):
|
||||
"""Split a changelog version section body into categories.
|
||||
|
||||
Return a list of `CategoryContent` the name is category title
|
||||
without any formatting.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def format_category(cls, title, body):
|
||||
"""Construct the text of a category section from its title and body."""
|
||||
raise NotImplementedError
|
||||
|
||||
class TextChangelogFormat(ChangelogFormat):
|
||||
"""The traditional Mbed TLS changelog format."""
|
||||
|
||||
_unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
|
||||
@classmethod
|
||||
def is_released_version(cls, title):
|
||||
# Look for an incomplete release date
|
||||
return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
|
||||
|
||||
_top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
|
||||
re.DOTALL)
|
||||
@classmethod
|
||||
def extract_top_version(cls, changelog_file_content):
|
||||
"""A version section starts with a line starting with '='."""
|
||||
m = re.search(cls._top_version_re, changelog_file_content)
|
||||
top_version_start = m.start(1)
|
||||
top_version_end = m.end(2)
|
||||
top_version_title = m.group(1)
|
||||
top_version_body = m.group(2)
|
||||
if cls.is_released_version(top_version_title):
|
||||
top_version_end = top_version_start
|
||||
top_version_title = cls._unreleased_version_text + b'\n\n'
|
||||
top_version_body = b''
|
||||
return (changelog_file_content[:top_version_start],
|
||||
top_version_title, top_version_body,
|
||||
changelog_file_content[top_version_end:])
|
||||
|
||||
@classmethod
|
||||
def version_title_text(cls, version_title):
|
||||
return re.sub(br'\n.*', version_title, re.DOTALL)
|
||||
|
||||
_category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
|
||||
@classmethod
|
||||
def split_categories(cls, version_body):
|
||||
"""A category title is a line with the title in column 0."""
|
||||
if not version_body:
|
||||
return []
|
||||
title_matches = list(re.finditer(cls._category_title_re, version_body))
|
||||
if not title_matches or title_matches[0].start() != 0:
|
||||
# There is junk before the first category.
|
||||
raise CategoryParseError(0, 'Junk found where category expected')
|
||||
title_starts = [m.start(1) for m in title_matches]
|
||||
body_starts = [m.end(0) for m in title_matches]
|
||||
body_ends = title_starts[1:] + [len(version_body)]
|
||||
bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
|
||||
for (body_start, body_end) in zip(body_starts, body_ends)]
|
||||
title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
|
||||
body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
|
||||
return [CategoryContent(title_match.group(1), title_line,
|
||||
body, body_line)
|
||||
for title_match, title_line, body, body_line
|
||||
in zip(title_matches, title_lines, bodies, body_lines)]
|
||||
|
||||
@classmethod
|
||||
def format_category(cls, title, body):
|
||||
# `split_categories` ensures that each body ends with a newline.
|
||||
# Make sure that there is additionally a blank line between categories.
|
||||
if not body.endswith(b'\n\n'):
|
||||
body += b'\n'
|
||||
return title + b'\n' + body
|
||||
|
||||
class ChangeLog:
|
||||
"""An Mbed TLS changelog.
|
||||
|
||||
A changelog file consists of some header text followed by one or
|
||||
more version sections. The version sections are in reverse
|
||||
chronological order. Each version section consists of a title and a body.
|
||||
|
||||
The body of a version section consists of zero or more category
|
||||
subsections. Each category subsection consists of a title and a body.
|
||||
|
||||
A changelog entry file has the same format as the body of a version section.
|
||||
|
||||
A `ChangelogFormat` object defines the concrete syntax of the changelog.
|
||||
Entry files must have the same format as the changelog file.
|
||||
"""
|
||||
|
||||
# Only accept dotted version numbers (e.g. "3.1", not "3").
|
||||
# Refuse ".x" in a version number where x is a letter: this indicates
|
||||
# a version that is not yet released. Something like "3.1a" is accepted.
|
||||
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
|
||||
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
|
||||
|
||||
def add_categories_from_text(self, filename, line_offset,
|
||||
text, allow_unknown_category):
|
||||
"""Parse a version section or entry file."""
|
||||
try:
|
||||
categories = self.format.split_categories(text)
|
||||
except CategoryParseError as e:
|
||||
raise InputFormatError(filename, line_offset + e.line_offset,
|
||||
e.error_message)
|
||||
for category in categories:
|
||||
if not allow_unknown_category and \
|
||||
category.name not in self.categories:
|
||||
raise InputFormatError(filename,
|
||||
line_offset + category.title_line,
|
||||
'Unknown category: "{}"',
|
||||
category.name.decode('utf8'))
|
||||
self.categories[category.name] += category.body
|
||||
|
||||
def __init__(self, input_stream, changelog_format):
|
||||
"""Create a changelog object.
|
||||
|
||||
Populate the changelog object from the content of the file
|
||||
input_stream.
|
||||
"""
|
||||
self.format = changelog_format
|
||||
whole_file = input_stream.read()
|
||||
(self.header,
|
||||
self.top_version_title, top_version_body,
|
||||
self.trailer) = self.format.extract_top_version(whole_file)
|
||||
# Split the top version section into categories.
|
||||
self.categories = OrderedDict()
|
||||
for category in STANDARD_CATEGORIES:
|
||||
self.categories[category] = b''
|
||||
offset = (self.header + self.top_version_title).count(b'\n') + 1
|
||||
self.add_categories_from_text(input_stream.name, offset,
|
||||
top_version_body, True)
|
||||
|
||||
def add_file(self, input_stream):
|
||||
"""Add changelog entries from a file.
|
||||
"""
|
||||
self.add_categories_from_text(input_stream.name, 1,
|
||||
input_stream.read(), False)
|
||||
|
||||
def write(self, filename):
|
||||
"""Write the changelog to the specified file.
|
||||
"""
|
||||
with open(filename, 'wb') as out:
|
||||
out.write(self.header)
|
||||
out.write(self.top_version_title)
|
||||
for title, body in self.categories.items():
|
||||
if not body:
|
||||
continue
|
||||
out.write(self.format.format_category(title, body))
|
||||
out.write(self.trailer)
|
||||
|
||||
|
||||
@functools.total_ordering
|
||||
class EntryFileSortKey:
|
||||
"""This classes defines an ordering on changelog entry files: older < newer.
|
||||
|
||||
* Merged entry files are sorted according to their merge date (date of
|
||||
the merge commit that brought the commit that created the file into
|
||||
the target branch).
|
||||
* Committed but unmerged entry files are sorted according to the date
|
||||
of the commit that adds them.
|
||||
* Uncommitted entry files are sorted according to their modification time.
|
||||
|
||||
This class assumes that the file is in a git working directory with
|
||||
the target branch checked out.
|
||||
"""
|
||||
|
||||
# Categories of files. A lower number is considered older.
|
||||
MERGED = 0
|
||||
COMMITTED = 1
|
||||
LOCAL = 2
|
||||
|
||||
@staticmethod
|
||||
def creation_hash(filename):
|
||||
"""Return the git commit id at which the given file was created.
|
||||
|
||||
Return None if the file was never checked into git.
|
||||
"""
|
||||
hashes = subprocess.check_output(['git', 'log', '--format=%H',
|
||||
'--follow',
|
||||
'--', filename])
|
||||
m = re.search(b'(.+)$', hashes)
|
||||
if not m:
|
||||
# The git output is empty. This means that the file was
|
||||
# never checked in.
|
||||
return None
|
||||
# The last commit in the log is the oldest one, which is when the
|
||||
# file was created.
|
||||
return m.group(0)
|
||||
|
||||
@staticmethod
|
||||
def list_merges(some_hash, target, *options):
|
||||
"""List merge commits from some_hash to target.
|
||||
|
||||
Pass options to git to select which commits are included.
|
||||
"""
|
||||
text = subprocess.check_output(['git', 'rev-list',
|
||||
'--merges', *options,
|
||||
b'..'.join([some_hash, target])])
|
||||
return text.rstrip(b'\n').split(b'\n')
|
||||
|
||||
@classmethod
|
||||
def merge_hash(cls, some_hash):
|
||||
"""Return the git commit id at which the given commit was merged.
|
||||
|
||||
Return None if the given commit was never merged.
|
||||
"""
|
||||
target = b'HEAD'
|
||||
# List the merges from some_hash to the target in two ways.
|
||||
# The ancestry list is the ones that are both descendants of
|
||||
# some_hash and ancestors of the target.
|
||||
ancestry = frozenset(cls.list_merges(some_hash, target,
|
||||
'--ancestry-path'))
|
||||
# The first_parents list only contains merges that are directly
|
||||
# on the target branch. We want it in reverse order (oldest first).
|
||||
first_parents = cls.list_merges(some_hash, target,
|
||||
'--first-parent', '--reverse')
|
||||
# Look for the oldest merge commit that's both on the direct path
|
||||
# and directly on the target branch. That's the place where some_hash
|
||||
# was merged on the target branch. See
|
||||
# https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
|
||||
for commit in first_parents:
|
||||
if commit in ancestry:
|
||||
return commit
|
||||
return None
|
||||
|
||||
@staticmethod
|
||||
def commit_timestamp(commit_id):
|
||||
"""Return the timestamp of the given commit."""
|
||||
text = subprocess.check_output(['git', 'show', '-s',
|
||||
'--format=%ct',
|
||||
commit_id])
|
||||
return datetime.datetime.utcfromtimestamp(int(text))
|
||||
|
||||
@staticmethod
|
||||
def file_timestamp(filename):
|
||||
"""Return the modification timestamp of the given file."""
|
||||
mtime = os.stat(filename).st_mtime
|
||||
return datetime.datetime.fromtimestamp(mtime)
|
||||
|
||||
def __init__(self, filename):
|
||||
"""Determine position of the file in the changelog entry order.
|
||||
|
||||
This constructor returns an object that can be used with comparison
|
||||
operators, with `sort` and `sorted`, etc. Older entries are sorted
|
||||
before newer entries.
|
||||
"""
|
||||
self.filename = filename
|
||||
creation_hash = self.creation_hash(filename)
|
||||
if not creation_hash:
|
||||
self.category = self.LOCAL
|
||||
self.datetime = self.file_timestamp(filename)
|
||||
return
|
||||
merge_hash = self.merge_hash(creation_hash)
|
||||
if not merge_hash:
|
||||
self.category = self.COMMITTED
|
||||
self.datetime = self.commit_timestamp(creation_hash)
|
||||
return
|
||||
self.category = self.MERGED
|
||||
self.datetime = self.commit_timestamp(merge_hash)
|
||||
|
||||
def sort_key(self):
|
||||
""""Return a concrete sort key for this entry file sort key object.
|
||||
|
||||
``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
|
||||
"""
|
||||
return (self.category, self.datetime, self.filename)
|
||||
|
||||
def __eq__(self, other):
|
||||
return self.sort_key() == other.sort_key()
|
||||
|
||||
def __lt__(self, other):
|
||||
return self.sort_key() < other.sort_key()
|
||||
|
||||
|
||||
def check_output(generated_output_file, main_input_file, merged_files):
|
||||
"""Make sanity checks on the generated output.
|
||||
|
||||
The intent of these sanity checks is to have reasonable confidence
|
||||
that no content has been lost.
|
||||
|
||||
The sanity check is that every line that is present in an input file
|
||||
is also present in an output file. This is not perfect but good enough
|
||||
for now.
|
||||
"""
|
||||
generated_output = set(open(generated_output_file, 'rb'))
|
||||
for line in open(main_input_file, 'rb'):
|
||||
if line not in generated_output:
|
||||
raise LostContent('original file', line)
|
||||
for merged_file in merged_files:
|
||||
for line in open(merged_file, 'rb'):
|
||||
if line not in generated_output:
|
||||
raise LostContent(merged_file, line)
|
||||
|
||||
def finish_output(changelog, output_file, input_file, merged_files):
|
||||
"""Write the changelog to the output file.
|
||||
|
||||
The input file and the list of merged files are used only for sanity
|
||||
checks on the output.
|
||||
"""
|
||||
if os.path.exists(output_file) and not os.path.isfile(output_file):
|
||||
# The output is a non-regular file (e.g. pipe). Write to it directly.
|
||||
output_temp = output_file
|
||||
else:
|
||||
# The output is a regular file. Write to a temporary file,
|
||||
# then move it into place atomically.
|
||||
output_temp = output_file + '.tmp'
|
||||
changelog.write(output_temp)
|
||||
check_output(output_temp, input_file, merged_files)
|
||||
if output_temp != output_file:
|
||||
os.rename(output_temp, output_file)
|
||||
|
||||
def remove_merged_entries(files_to_remove):
|
||||
for filename in files_to_remove:
|
||||
os.remove(filename)
|
||||
|
||||
def list_files_to_merge(options):
|
||||
"""List the entry files to merge, oldest first.
|
||||
|
||||
"Oldest" is defined by `EntryFileSortKey`.
|
||||
"""
|
||||
files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
|
||||
files_to_merge.sort(key=EntryFileSortKey)
|
||||
return files_to_merge
|
||||
|
||||
def merge_entries(options):
|
||||
"""Merge changelog entries into the changelog file.
|
||||
|
||||
Read the changelog file from options.input.
|
||||
Read entries to merge from the directory options.dir.
|
||||
Write the new changelog to options.output.
|
||||
Remove the merged entries if options.keep_entries is false.
|
||||
"""
|
||||
with open(options.input, 'rb') as input_file:
|
||||
changelog = ChangeLog(input_file, TextChangelogFormat)
|
||||
files_to_merge = list_files_to_merge(options)
|
||||
if not files_to_merge:
|
||||
sys.stderr.write('There are no pending changelog entries.\n')
|
||||
return
|
||||
for filename in files_to_merge:
|
||||
with open(filename, 'rb') as input_file:
|
||||
changelog.add_file(input_file)
|
||||
finish_output(changelog, options.output, options.input, files_to_merge)
|
||||
if not options.keep_entries:
|
||||
remove_merged_entries(files_to_merge)
|
||||
|
||||
def show_file_timestamps(options):
|
||||
"""List the files to merge and their timestamp.
|
||||
|
||||
This is only intended for debugging purposes.
|
||||
"""
|
||||
files = list_files_to_merge(options)
|
||||
for filename in files:
|
||||
ts = EntryFileSortKey(filename)
|
||||
print(ts.category, ts.datetime, filename)
|
||||
|
||||
def set_defaults(options):
|
||||
"""Add default values for missing options."""
|
||||
output_file = getattr(options, 'output', None)
|
||||
if output_file is None:
|
||||
options.output = options.input
|
||||
if getattr(options, 'keep_entries', None) is None:
|
||||
options.keep_entries = (output_file is not None)
|
||||
|
||||
def main():
|
||||
"""Command line entry point."""
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument('--dir', '-d', metavar='DIR',
|
||||
default='ChangeLog.d',
|
||||
help='Directory to read entries from'
|
||||
' (default: ChangeLog.d)')
|
||||
parser.add_argument('--input', '-i', metavar='FILE',
|
||||
default='ChangeLog',
|
||||
help='Existing changelog file to read from and augment'
|
||||
' (default: ChangeLog)')
|
||||
parser.add_argument('--keep-entries',
|
||||
action='store_true', dest='keep_entries', default=None,
|
||||
help='Keep the files containing entries'
|
||||
' (default: remove them if --output/-o is not specified)')
|
||||
parser.add_argument('--no-keep-entries',
|
||||
action='store_false', dest='keep_entries',
|
||||
help='Remove the files containing entries after they are merged'
|
||||
' (default: remove them if --output/-o is not specified)')
|
||||
parser.add_argument('--output', '-o', metavar='FILE',
|
||||
help='Output changelog file'
|
||||
' (default: overwrite the input)')
|
||||
parser.add_argument('--list-files-only',
|
||||
action='store_true',
|
||||
help=('Only list the files that would be processed '
|
||||
'(with some debugging information)'))
|
||||
options = parser.parse_args()
|
||||
set_defaults(options)
|
||||
if options.list_files_only:
|
||||
show_file_timestamps(options)
|
||||
return
|
||||
merge_entries(options)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -283,9 +283,13 @@ class ConfigFile(Config):
|
|||
def __init__(self, filename=None):
|
||||
"""Read the Mbed TLS configuration file."""
|
||||
if filename is None:
|
||||
for filename in self.default_path:
|
||||
if os.path.lexists(filename):
|
||||
for candidate in self.default_path:
|
||||
if os.path.lexists(candidate):
|
||||
filename = candidate
|
||||
break
|
||||
else:
|
||||
raise Exception('Mbed TLS configuration file not found',
|
||||
self.default_path)
|
||||
super().__init__()
|
||||
self.filename = filename
|
||||
self.current_section = 'header'
|
||||
|
@ -448,7 +452,7 @@ if __name__ == '__main__':
|
|||
value = config[args.symbol]
|
||||
if value:
|
||||
sys.stdout.write(value + '\n')
|
||||
return args.symbol not in config
|
||||
return 0 if args.symbol in config else 1
|
||||
elif args.command == 'set':
|
||||
if not args.force and args.symbol not in config.settings:
|
||||
sys.stderr.write("A #define for the symbol {} "
|
||||
|
@ -461,6 +465,7 @@ if __name__ == '__main__':
|
|||
else:
|
||||
config.adapt(args.adapter)
|
||||
config.write(args.write)
|
||||
return 0
|
||||
|
||||
# Import modules only used by main only if main is defined and called.
|
||||
# pylint: disable=wrong-import-position
|
||||
|
|
|
@ -42,10 +42,60 @@
|
|||
|
||||
HEADER_INCLUDED
|
||||
|
||||
const char * mbedtls_high_level_strerr( int error_code )
|
||||
{
|
||||
int high_level_error_code;
|
||||
const char *error_description = NULL;
|
||||
|
||||
if( error_code < 0 )
|
||||
error_code = -error_code;
|
||||
|
||||
/* Extract the high-level part from the error code. */
|
||||
high_level_error_code = error_code & 0xFF80;
|
||||
|
||||
switch( high_level_error_code )
|
||||
{
|
||||
/* Begin Auto-Generated Code. */
|
||||
HIGH_LEVEL_CODE_CHECKS
|
||||
/* End Auto-Generated Code. */
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return error_description;
|
||||
}
|
||||
|
||||
const char * mbedtls_low_level_strerr( int error_code )
|
||||
{
|
||||
int low_level_error_code;
|
||||
const char *error_description = NULL;
|
||||
|
||||
if( error_code < 0 )
|
||||
error_code = -error_code;
|
||||
|
||||
/* Extract the low-level part from the error code. */
|
||||
low_level_error_code = error_code & ~0xFF80;
|
||||
|
||||
switch( low_level_error_code )
|
||||
{
|
||||
/* Begin Auto-Generated Code. */
|
||||
LOW_LEVEL_CODE_CHECKS
|
||||
/* End Auto-Generated Code. */
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return error_description;
|
||||
}
|
||||
|
||||
void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
||||
{
|
||||
size_t len;
|
||||
int use_ret;
|
||||
const char * high_level_error_description = NULL;
|
||||
const char * low_level_error_description = NULL;
|
||||
|
||||
if( buflen == 0 )
|
||||
return;
|
||||
|
@ -59,14 +109,20 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
{
|
||||
use_ret = ret & 0xFF80;
|
||||
|
||||
// High level error codes
|
||||
//
|
||||
// BEGIN generated code
|
||||
HIGH_LEVEL_CODE_CHECKS
|
||||
// END generated code
|
||||
// Translate high level error code.
|
||||
high_level_error_description = mbedtls_high_level_strerr( ret );
|
||||
|
||||
if( strlen( buf ) == 0 )
|
||||
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
|
||||
if( high_level_error_description == NULL )
|
||||
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
|
||||
else
|
||||
mbedtls_snprintf( buf, buflen, "%s", high_level_error_description );
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
// Early return in case of a fatal error - do not try to translate low
|
||||
// level code.
|
||||
if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE))
|
||||
return;
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
}
|
||||
|
||||
use_ret = ret & ~0xFF80;
|
||||
|
@ -90,16 +146,13 @@ HIGH_LEVEL_CODE_CHECKS
|
|||
buflen -= len + 3;
|
||||
}
|
||||
|
||||
// Low level error codes
|
||||
//
|
||||
// BEGIN generated code
|
||||
LOW_LEVEL_CODE_CHECKS
|
||||
// END generated code
|
||||
// Translate low level error code.
|
||||
low_level_error_description = mbedtls_low_level_strerr( ret );
|
||||
|
||||
if( strlen( buf ) != 0 )
|
||||
return;
|
||||
|
||||
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
|
||||
if( low_level_error_description == NULL )
|
||||
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
|
||||
else
|
||||
mbedtls_snprintf( buf, buflen, "%s", low_level_error_description );
|
||||
}
|
||||
|
||||
#else /* MBEDTLS_ERROR_C */
|
||||
|
|
|
@ -18,7 +18,8 @@
|
|||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
<SOURCES>
|
||||
<ItemGroup>
|
||||
<SOURCES>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="mbedTLS.vcxproj">
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<PlatformToolset>Windows7.1SDK</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
|
|
|
@ -160,19 +160,9 @@ foreach my $line (@matches)
|
|||
${$old_define} = $define_name;
|
||||
}
|
||||
|
||||
if ($error_name eq "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE")
|
||||
{
|
||||
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
|
||||
"${white_space}\{\n".
|
||||
"${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n".
|
||||
"${white_space} return;\n".
|
||||
"${white_space}}\n"
|
||||
}
|
||||
else
|
||||
{
|
||||
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
|
||||
"${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n"
|
||||
}
|
||||
${$code_check} .= "${white_space}case -($error_name):\n".
|
||||
"${white_space} error_description = \"$module_name - $description\";\n".
|
||||
"${white_space} break;\n"
|
||||
};
|
||||
|
||||
if ($ll_old_define ne "")
|
||||
|
|
|
@ -125,10 +125,10 @@ sub gen_app {
|
|||
$path =~ s!/!\\!g;
|
||||
(my $appname = $path) =~ s/.*\\//;
|
||||
|
||||
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
|
||||
my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
|
||||
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
|
||||
$appname eq "query_compile_time_config" ) {
|
||||
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>\r";
|
||||
$srcs .= "\r\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>";
|
||||
}
|
||||
|
||||
my $content = $template;
|
||||
|
|
|
@ -67,9 +67,9 @@ if(MSVC)
|
|||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
|
||||
endif(MSVC)
|
||||
|
||||
add_test_suite(aes aes.ecb)
|
||||
add_test_suite(aes aes.cbc)
|
||||
add_test_suite(aes aes.cfb)
|
||||
add_test_suite(aes aes.ecb)
|
||||
add_test_suite(aes aes.ofb)
|
||||
add_test_suite(aes aes.rest)
|
||||
add_test_suite(aes aes.xts)
|
||||
|
@ -107,12 +107,12 @@ add_test_suite(ecjpake)
|
|||
add_test_suite(ecp)
|
||||
add_test_suite(entropy)
|
||||
add_test_suite(error)
|
||||
add_test_suite(gcm gcm.aes128_en)
|
||||
add_test_suite(gcm gcm.aes192_en)
|
||||
add_test_suite(gcm gcm.aes256_en)
|
||||
add_test_suite(gcm gcm.aes128_de)
|
||||
add_test_suite(gcm gcm.aes128_en)
|
||||
add_test_suite(gcm gcm.aes192_de)
|
||||
add_test_suite(gcm gcm.aes192_en)
|
||||
add_test_suite(gcm gcm.aes256_de)
|
||||
add_test_suite(gcm gcm.aes256_en)
|
||||
add_test_suite(gcm gcm.camellia)
|
||||
add_test_suite(gcm gcm.misc)
|
||||
add_test_suite(hkdf)
|
||||
|
@ -127,10 +127,10 @@ add_test_suite(mpi)
|
|||
add_test_suite(nist_kw)
|
||||
add_test_suite(oid)
|
||||
add_test_suite(pem)
|
||||
add_test_suite(pk)
|
||||
add_test_suite(pkcs1_v15)
|
||||
add_test_suite(pkcs1_v21)
|
||||
add_test_suite(pkcs5)
|
||||
add_test_suite(pk)
|
||||
add_test_suite(pkparse)
|
||||
add_test_suite(pkwrite)
|
||||
add_test_suite(poly1305)
|
||||
|
@ -144,14 +144,14 @@ add_test_suite(psa_crypto_se_driver_hal)
|
|||
add_test_suite(psa_crypto_se_driver_hal_mocks)
|
||||
add_test_suite(psa_crypto_slot_management)
|
||||
add_test_suite(psa_its)
|
||||
add_test_suite(rsa)
|
||||
add_test_suite(shax)
|
||||
add_test_suite(ssl)
|
||||
add_test_suite(timing)
|
||||
add_test_suite(rsa)
|
||||
add_test_suite(version)
|
||||
add_test_suite(xtea)
|
||||
add_test_suite(x509parse)
|
||||
add_test_suite(x509write)
|
||||
add_test_suite(xtea)
|
||||
|
||||
# Make scripts and data files needed for testing available in an
|
||||
# out-of-source build.
|
||||
|
|
431
tests/context-info.sh
Executable file
431
tests/context-info.sh
Executable file
|
@ -0,0 +1,431 @@
|
|||
#!/bin/sh
|
||||
|
||||
# context-info.sh
|
||||
#
|
||||
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||
#
|
||||
# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# This program is intended for testing the ssl_context_info program
|
||||
#
|
||||
|
||||
set -eu
|
||||
|
||||
if ! cd "$(dirname "$0")"; then
|
||||
exit 125
|
||||
fi
|
||||
|
||||
# Variables
|
||||
|
||||
THIS_SCRIPT_NAME=$(basename "$0")
|
||||
PROG_PATH="../programs/ssl/ssl_context_info"
|
||||
OUT_FILE="ssl_context_info.log"
|
||||
IN_DIR="data_files/base64"
|
||||
|
||||
USE_VALGRIND=0
|
||||
|
||||
T_COUNT=0
|
||||
T_PASSED=0
|
||||
T_FAILED=0
|
||||
|
||||
|
||||
# Functions
|
||||
|
||||
print_usage() {
|
||||
echo "Usage: $0 [options]"
|
||||
printf " -h|--help\tPrint this help.\n"
|
||||
printf " -m|--memcheck\tUse valgrind to check the memory.\n"
|
||||
}
|
||||
|
||||
# Print test name <name>
|
||||
print_name() {
|
||||
printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
|
||||
"........................................................................"
|
||||
}
|
||||
|
||||
# Print header to the test output file <test name> <file path> <test command>
|
||||
print_header()
|
||||
{
|
||||
date="$(date)"
|
||||
echo "******************************************************************" > $2
|
||||
echo "* File created by: $THIS_SCRIPT_NAME" >> $2
|
||||
echo "* Test name: $1" >> $2
|
||||
echo "* Date: $date" >> $2
|
||||
echo "* Command: $3" >> $2
|
||||
echo "******************************************************************" >> $2
|
||||
echo "" >> $2
|
||||
}
|
||||
|
||||
# Print footer at the end of file <file path>
|
||||
print_footer()
|
||||
{
|
||||
echo "" >> $1
|
||||
echo "******************************************************************" >> $1
|
||||
echo "* End command" >> $1
|
||||
echo "******************************************************************" >> $1
|
||||
echo "" >> $1
|
||||
}
|
||||
|
||||
# Use the arguments of this script
|
||||
get_options() {
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h|--help)
|
||||
print_usage
|
||||
exit 0
|
||||
;;
|
||||
-m|--memcheck)
|
||||
USE_VALGRIND=1
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: '$1'"
|
||||
print_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
}
|
||||
|
||||
# Current test failed
|
||||
fail()
|
||||
{
|
||||
T_FAILED=$(( $T_FAILED + 1))
|
||||
FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
|
||||
|
||||
echo "FAIL"
|
||||
echo " Error: $1"
|
||||
|
||||
cp -f "$OUT_FILE" "$FAIL_OUT"
|
||||
echo "Error: $1" >> "$FAIL_OUT"
|
||||
}
|
||||
|
||||
# Current test passed
|
||||
pass()
|
||||
{
|
||||
T_PASSED=$(( $T_PASSED + 1))
|
||||
echo "PASS"
|
||||
}
|
||||
|
||||
# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
|
||||
# Options: -m <pattern that MUST be present in the output of tested program>
|
||||
# -n <pattern that must NOT be present in the output of tested program>
|
||||
# -u <pattern that must be UNIQUE in the output of tested program>
|
||||
run_test()
|
||||
{
|
||||
TEST_NAME="$1"
|
||||
RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
|
||||
|
||||
if [ "-arg" = "$3" ]; then
|
||||
RUN_CMD="$RUN_CMD $4"
|
||||
shift 4
|
||||
else
|
||||
shift 2
|
||||
fi
|
||||
|
||||
# prepend valgrind to our commands if active
|
||||
if [ "$USE_VALGRIND" -gt 0 ]; then
|
||||
RUN_CMD="valgrind --leak-check=full $RUN_CMD"
|
||||
fi
|
||||
|
||||
T_COUNT=$(( $T_COUNT + 1))
|
||||
print_name "$TEST_NAME"
|
||||
|
||||
# run tested program
|
||||
print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
|
||||
eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
|
||||
print_footer "$OUT_FILE"
|
||||
|
||||
# check valgrind's results
|
||||
if [ "$USE_VALGRIND" -gt 0 ]; then
|
||||
if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
|
||||
grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
|
||||
then
|
||||
fail "Memory error detected"
|
||||
return
|
||||
fi
|
||||
fi
|
||||
|
||||
# check other assertions
|
||||
# lines beginning with == are added by valgrind, ignore them, because we already checked them before
|
||||
# lines with 'Serious error when reading debug info', are valgrind issues as well
|
||||
# lines beginning with * are added by this script, ignore too
|
||||
while [ $# -gt 0 ]
|
||||
do
|
||||
case $1 in
|
||||
"-m")
|
||||
if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
|
||||
fail "pattern '$2' MUST be present in the output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-n")
|
||||
if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
|
||||
fail "pattern '$2' MUST NOT be present in the output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-u")
|
||||
if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
|
||||
fail "lines following pattern '$2' must be once in the output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Unknown test: $1" >&2
|
||||
exit 1
|
||||
esac
|
||||
shift 2
|
||||
done
|
||||
|
||||
rm -f "$OUT_FILE"
|
||||
|
||||
pass
|
||||
}
|
||||
|
||||
get_options "$@"
|
||||
|
||||
# Tests
|
||||
|
||||
run_test "Default configuration, server" \
|
||||
"srv_def.txt" \
|
||||
-n "ERROR" \
|
||||
-u "major.* 2$" \
|
||||
-u "minor.* 21$" \
|
||||
-u "path.* 0$" \
|
||||
-u "MBEDTLS_HAVE_TIME$" \
|
||||
-u "MBEDTLS_X509_CRT_PARSE_C$" \
|
||||
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
|
||||
-u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
|
||||
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-u "MBEDTLS_SSL_ALPN$" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
-u "cipher flags.* 0x00$" \
|
||||
-u "Message-Digest.* SHA256$" \
|
||||
-u "compression.* disabled$" \
|
||||
-u "DTLS datagram packing.* enabled$" \
|
||||
-n "Certificate" \
|
||||
-n "bytes left to analyze from context"
|
||||
|
||||
run_test "Default configuration, client" \
|
||||
"cli_def.txt" \
|
||||
-n "ERROR" \
|
||||
-u "major.* 2$" \
|
||||
-u "minor.* 21$" \
|
||||
-u "path.* 0$" \
|
||||
-u "MBEDTLS_HAVE_TIME$" \
|
||||
-u "MBEDTLS_X509_CRT_PARSE_C$" \
|
||||
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
|
||||
-u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
|
||||
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-u "MBEDTLS_SSL_ALPN$" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
-u "cipher flags.* 0x00$" \
|
||||
-u "Message-Digest.* SHA256$" \
|
||||
-u "compression.* disabled$" \
|
||||
-u "DTLS datagram packing.* enabled$" \
|
||||
-u "cert. version .* 3$" \
|
||||
-u "serial number.* 02$" \
|
||||
-u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
|
||||
-u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
|
||||
-u "issued on.* 2019-02-10 14:44:06$" \
|
||||
-u "expires on.* 2029-02-10 14:44:06$" \
|
||||
-u "signed using.* RSA with SHA-256$" \
|
||||
-u "RSA key size.* 2048 bits$" \
|
||||
-u "basic constraints.* CA=false$" \
|
||||
-n "bytes left to analyze from context"
|
||||
|
||||
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
|
||||
"srv_ciphersuite.txt" \
|
||||
-n "ERROR" \
|
||||
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
|
||||
|
||||
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
|
||||
"cli_ciphersuite.txt" \
|
||||
-n "ERROR" \
|
||||
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
|
||||
|
||||
run_test "No packing, server" \
|
||||
"srv_no_packing.txt" \
|
||||
-n "ERROR" \
|
||||
-u "DTLS datagram packing.* disabled"
|
||||
|
||||
run_test "No packing, client" \
|
||||
"cli_no_packing.txt" \
|
||||
-n "ERROR" \
|
||||
-u "DTLS datagram packing.* disabled"
|
||||
|
||||
run_test "DTLS CID, server" \
|
||||
"srv_cid.txt" \
|
||||
-n "ERROR" \
|
||||
-u "in CID.* DE AD" \
|
||||
-u "out CID.* BE EF"
|
||||
|
||||
run_test "DTLS CID, client" \
|
||||
"cli_cid.txt" \
|
||||
-n "ERROR" \
|
||||
-u "in CID.* BE EF" \
|
||||
-u "out CID.* DE AD"
|
||||
|
||||
run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
|
||||
"srv_no_mfl.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
||||
|
||||
run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
|
||||
"cli_no_mfl.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
|
||||
|
||||
run_test "No MBEDTLS_SSL_ALPN, server" \
|
||||
"srv_no_alpn.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_ALPN"
|
||||
|
||||
run_test "No MBEDTLS_SSL_ALPN, client" \
|
||||
"cli_no_alpn.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_ALPN"
|
||||
|
||||
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
|
||||
"srv_no_keep_cert.txt" \
|
||||
-arg "--keep-peer-cert=0" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
-u "cipher flags.* 0x00" \
|
||||
-u "compression.* disabled" \
|
||||
-u "DTLS datagram packing.* enabled" \
|
||||
-n "ERROR"
|
||||
|
||||
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
|
||||
"cli_no_keep_cert.txt" \
|
||||
-arg "--keep-peer-cert=0" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
-u "cipher flags.* 0x00" \
|
||||
-u "compression.* disabled" \
|
||||
-u "DTLS datagram packing.* enabled" \
|
||||
-n "ERROR"
|
||||
|
||||
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
|
||||
"srv_no_keep_cert.txt" \
|
||||
-m "Deserializing" \
|
||||
-m "ERROR"
|
||||
|
||||
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
|
||||
"cli_no_keep_cert.txt" \
|
||||
-m "Deserializing" \
|
||||
-m "ERROR"
|
||||
|
||||
run_test "Minimal configuration, server" \
|
||||
"srv_min_cfg.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
|
||||
-n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
|
||||
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-n "MBEDTLS_SSL_ALPN$" \
|
||||
|
||||
run_test "Minimal configuration, client" \
|
||||
"cli_min_cfg.txt" \
|
||||
-n "ERROR" \
|
||||
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
|
||||
-n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
|
||||
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-n "MBEDTLS_SSL_ALPN$" \
|
||||
|
||||
run_test "MTU=10000" \
|
||||
"mtu_10000.txt" \
|
||||
-n "ERROR" \
|
||||
-u "MTU.* 10000$"
|
||||
|
||||
run_test "MFL=1024" \
|
||||
"mfl_1024.txt" \
|
||||
-n "ERROR" \
|
||||
-u "MFL.* 1024$"
|
||||
|
||||
run_test "Older version (v2.19.1)" \
|
||||
"v2.19.1.txt" \
|
||||
-n "ERROR" \
|
||||
-u "major.* 2$" \
|
||||
-u "minor.* 19$" \
|
||||
-u "path.* 1$" \
|
||||
-u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
|
||||
-u "Message-Digest.* SHA256$" \
|
||||
-u "compression.* disabled$" \
|
||||
-u "serial number.* 01:70:AF:40:B4:E6$" \
|
||||
-u "issuer name.* CN=ca$" \
|
||||
-u "subject name.* L=160001, OU=acc1, CN=device01$" \
|
||||
-u "issued on.* 2020-03-06 09:50:18$" \
|
||||
-u "expires on.* 2056-02-26 09:50:18$" \
|
||||
-u "signed using.* ECDSA with SHA256$" \
|
||||
-u "lifetime.* 0 sec.$" \
|
||||
-u "MFL.* none$" \
|
||||
-u "negotiate truncated HMAC.* disabled$" \
|
||||
-u "Encrypt-then-MAC.* enabled$" \
|
||||
-u "DTLS datagram packing.* enabled$" \
|
||||
-u "verify result.* 0x00000000$" \
|
||||
-n "bytes left to analyze from context"
|
||||
|
||||
run_test "Wrong base64 format" \
|
||||
"def_bad_b64.txt" \
|
||||
-m "ERROR" \
|
||||
-u "The length of the base64 code found should be a multiple of 4" \
|
||||
-n "bytes left to analyze from context"
|
||||
|
||||
run_test "Too much data at the beginning of base64 code" \
|
||||
"def_b64_too_big_1.txt" \
|
||||
-m "ERROR" \
|
||||
-n "The length of the base64 code found should be a multiple of 4" \
|
||||
|
||||
run_test "Too much data in the middle of base64 code" \
|
||||
"def_b64_too_big_2.txt" \
|
||||
-m "ERROR" \
|
||||
-n "The length of the base64 code found should be a multiple of 4" \
|
||||
|
||||
run_test "Too much data at the end of base64 code" \
|
||||
"def_b64_too_big_3.txt" \
|
||||
-m "ERROR" \
|
||||
-n "The length of the base64 code found should be a multiple of 4" \
|
||||
-u "bytes left to analyze from context"
|
||||
|
||||
run_test "Empty file as input" \
|
||||
"empty.txt" \
|
||||
-u "Finished. No valid base64 code found"
|
||||
|
||||
run_test "Not empty file without base64 code" \
|
||||
"../../context-info.sh" \
|
||||
-n "Deserializing"
|
||||
|
||||
run_test "Binary file instead of text file" \
|
||||
"../../../programs/ssl/ssl_context_info" \
|
||||
-m "ERROR" \
|
||||
-u "Too many bad symbols detected. File check aborted" \
|
||||
-n "Deserializing"
|
||||
|
||||
|
||||
# End of tests
|
||||
|
||||
if [ $T_FAILED -eq 0 ]; then
|
||||
printf "\nPASSED ( $T_COUNT tests )\n"
|
||||
else
|
||||
printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n"
|
||||
fi
|
||||
|
||||
exit $T_FAILED
|
2
tests/data_files/base64/cli_cid.txt
Normal file
2
tests/data_files/base64/cli_cid.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Client, CID 0xBEEF
|
||||
AhUAAH8AAA8AAAQ8AAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRZtK1pHRuu/Uw+Y91KCaqMAHKWeVJvuqjiTaElrahsx+HYoZ1+8i5BMY1NOL/y4TR9qZdxY+7NvNrEdEoFgcI/DqUN0aKs0zAIPmk92pFnjnbro5LxWRm3JbtIFcG6PdN+9aAbISrewt6EERIPhS45aH+Si08NLrvM+CcEBfqBBqOD+4LCZqT8nDBtALJyRqiykibsAAFRgAAAAF6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4Cvu8C3q0AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==
|
2
tests/data_files/base64/cli_ciphersuite.txt
Normal file
2
tests/data_files/base64/cli_ciphersuite.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// TLS-RSA-WITH-AES-256-CCM-8
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/cli_def.txt
Normal file
2
tests/data_files/base64/cli_def.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Client context with default MbedTLS configuration
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/cli_min_cfg.txt
Normal file
2
tests/data_files/base64/cli_min_cfg.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Minimal configuration
|
||||
AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA=
|
3
tests/data_files/base64/cli_no_alpn.txt
Normal file
3
tests/data_files/base64/cli_no_alpn.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
// Without MBEDTLS_SSL_ALPN
|
||||
AhUAAH8AAAYAAAQ8AAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQVUI/Wwt3q4XiqL74wCmkhAHKj0YgCvjZi3GKw0s7PJqjZzzLt+OuroC8Q2XeDf5nKKk8jkolZ+dXUftsPPizFgb2hGuYa4NhxXjiGlUpFEoXm7r78SwGfWxRgH5vJk6W3TdodkxTZkjMoWjlC2PANOHPeClw0szBmly7+s89LFZqnCXgyxE8xlv+l5IYSEPSj7UsmAAFRgAAAAF6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA
|
||||
|
2
tests/data_files/base64/cli_no_keep_cert.txt
Normal file
2
tests/data_files/base64/cli_no_keep_cert.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA==
|
2
tests/data_files/base64/cli_no_mfl.txt
Normal file
2
tests/data_files/base64/cli_no_mfl.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA=
|
2
tests/data_files/base64/cli_no_packing.txt
Normal file
2
tests/data_files/base64/cli_no_packing.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Without DTLS packing
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/def_b64_too_big_1.txt
Normal file
2
tests/data_files/base64/def_b64_too_big_1.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Context with added '1234' at the begining to simulate too much data in the base64 code
|
||||
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/def_b64_too_big_2.txt
Normal file
2
tests/data_files/base64/def_b64_too_big_2.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Context with added '1234' in the middle of code to simulate too much data
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7m1234gM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/def_b64_too_big_3.txt
Normal file
2
tests/data_files/base64/def_b64_too_big_3.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Context with added '1234' before '==' add the end to simulate too much data in the base64 code
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA1234==
|
2
tests/data_files/base64/def_bad_b64.txt
Normal file
2
tests/data_files/base64/def_bad_b64.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Context with added extra 'A' before '==' add the end to simulate bad length of base64 code
|
||||
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAAA==
|
0
tests/data_files/base64/empty.txt
Normal file
0
tests/data_files/base64/empty.txt
Normal file
2
tests/data_files/base64/mfl_1024.txt
Normal file
2
tests/data_files/base64/mfl_1024.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// MFL=1024
|
||||
AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA===
|
2
tests/data_files/base64/mtu_10000.txt
Normal file
2
tests/data_files/base64/mtu_10000.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// MTU=10000
|
||||
AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA==
|
2
tests/data_files/base64/srv_cid.txt
Normal file
2
tests/data_files/base64/srv_cid.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Server, CID 0xDEAD
|
||||
AhUAAH8AAA8AAABtAAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAACAAAAAAAAAAAAAAAAAAV6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4C3q0Cvu8AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==
|
2
tests/data_files/base64/srv_ciphersuite.txt
Normal file
2
tests/data_files/base64/srv_ciphersuite.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// TLS-RSA-WITH-AES-256-CCM-8
|
||||
AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/srv_def.txt
Normal file
2
tests/data_files/base64/srv_def.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Server context with default MbedTLS configuration
|
||||
AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
2
tests/data_files/base64/srv_min_cfg.txt
Normal file
2
tests/data_files/base64/srv_min_cfg.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Minimal configuration
|
||||
AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA
|
2
tests/data_files/base64/srv_no_alpn.txt
Normal file
2
tests/data_files/base64/srv_no_alpn.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
// Without MBEDTLS_SSL_ALPN
|
||||
AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue