mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:35:34 +00:00
Merging iotssl-457-badtail with development branch
This commit is contained in:
parent
b2beb84be6
commit
52754594b6
|
@ -29,6 +29,9 @@ if(CMAKE_COMPILER_IS_GNUCC)
|
|||
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
|
||||
endif()
|
||||
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
|
||||
endif()
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
|
@ -39,7 +42,7 @@ if(CMAKE_COMPILER_IS_GNUCC)
|
|||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
|
|
11
ChangeLog
11
ChangeLog
|
@ -29,6 +29,13 @@ Bugfix
|
|||
* Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
|
||||
result trying to unlock an unlocked mutex on invalid input (found by
|
||||
Fredrik Axelsson) (#257)
|
||||
* Fix -Wshadow warnings (found by hnrkp) (#240)
|
||||
* Fix memory corruption on client with overlong PSK identity, around
|
||||
SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
|
||||
Aleksandrs Saveljevs) (#238)
|
||||
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
||||
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
||||
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
|
||||
|
||||
Changes
|
||||
* The PEM parser now accepts a trailing space at end of lines (#226).
|
||||
|
@ -38,6 +45,10 @@ Changes
|
|||
* When verifying a certificate chain, if an intermediate certificate is
|
||||
trusted, no later cert is checked. (suggested by hannes-landeholm)
|
||||
(#220).
|
||||
* Prepend a "thread identifier" to debug messages (issue pointed out by
|
||||
Hugo Leisink) (#210).
|
||||
* Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
|
||||
length.
|
||||
|
||||
= mbed TLS 2.0.0 released 2015-07-13
|
||||
|
||||
|
|
|
@ -2027,6 +2027,26 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
|
|||
*/
|
||||
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Return the maximum fragment length (payload, in bytes).
|
||||
* This is the value negotiated with peer if any,
|
||||
* or the locally configured value.
|
||||
*
|
||||
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
|
||||
* called with a larger length value.
|
||||
* With TLS, \c mbedtls_ssl_write() will fragment the input if
|
||||
* necessary and return the number of bytes written; it is up
|
||||
* to the caller to call \c mbedtls_ssl_write() again in
|
||||
* order to send the remaining bytes if any.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Current maximum fragment length.
|
||||
*/
|
||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Return the peer certificate from the current connection
|
||||
|
@ -2124,26 +2144,33 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
|||
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Write exactly 'len' application data bytes
|
||||
* \brief Try to write exactly 'len' application data bytes
|
||||
*
|
||||
* \warning This function will do partial writes in some cases. If the
|
||||
* return value is non-negative but less than length, the
|
||||
* function must be called again with updated arguments:
|
||||
* buf + ret, len - ret (if ret is the return value) until
|
||||
* it returns a value equal to the last 'len' argument.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param buf buffer holding the data
|
||||
* \param len how many bytes must be written
|
||||
*
|
||||
* \return the number of bytes written,
|
||||
* or a negative error code.
|
||||
* \return the number of bytes actually written (may be less than len),
|
||||
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
|
||||
* or another negative error code.
|
||||
*
|
||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE,
|
||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||
* it must be called later with the *same* arguments,
|
||||
* until it returns a positive value.
|
||||
*
|
||||
* \note If the requested length is greater than the maximum
|
||||
* fragment length (either the built-in limit or the one set
|
||||
* or negotiated with the peer), then:
|
||||
* - with TLS, less bytes than requested are written. (In
|
||||
* order to write larger messages, this function should be
|
||||
* called in a loop.)
|
||||
* - with TLS, less bytes than requested are written.
|
||||
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
||||
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
|
||||
* active maximum fragment length.
|
||||
*/
|
||||
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
|
||||
|
||||
|
|
|
@ -43,6 +43,10 @@
|
|||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define DEBUG_BUF_SIZE 512
|
||||
|
||||
static int debug_threshold = 0;
|
||||
|
@ -52,6 +56,27 @@ void mbedtls_debug_set_threshold( int threshold )
|
|||
debug_threshold = threshold;
|
||||
}
|
||||
|
||||
/*
|
||||
* All calls to f_dbg must be made via this function
|
||||
*/
|
||||
static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
{
|
||||
/*
|
||||
* If in a threaded environment, we need a thread identifier.
|
||||
* Since there is no portable way to get one, use the address of the ssl
|
||||
* context instead, as it shouldn't be shared between threads.
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
|
||||
mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
|
||||
#else
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
#endif
|
||||
}
|
||||
|
||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *format, ... )
|
||||
|
@ -86,7 +111,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||
str[ret + 1] = '\0';
|
||||
}
|
||||
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
}
|
||||
|
||||
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
||||
|
@ -109,7 +134,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
|
||||
text, ret, -ret );
|
||||
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
}
|
||||
|
||||
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
||||
|
@ -126,7 +151,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
|
||||
text, (unsigned int) len );
|
||||
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
|
@ -140,7 +165,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
if( i > 0 )
|
||||
{
|
||||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
|
@ -162,7 +187,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " );
|
||||
|
||||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -207,7 +232,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
|
||||
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
|
||||
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
|
||||
idx = 0;
|
||||
for( i = n + 1, j = 0; i > 0; i-- )
|
||||
|
@ -227,7 +252,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
if( j > 0 )
|
||||
{
|
||||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
idx = 0;
|
||||
}
|
||||
}
|
||||
|
@ -244,7 +269,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
|
||||
|
||||
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
|
@ -261,7 +286,7 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
|
|||
|
||||
if( mbedtls_pk_debug( pk, items ) != 0 )
|
||||
{
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
|
||||
debug_send_line( ssl, level, file, line,
|
||||
"invalid PK context\n" );
|
||||
return;
|
||||
}
|
||||
|
@ -282,7 +307,7 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
|
|||
mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
|
||||
else
|
||||
#endif
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
|
||||
debug_send_line( ssl, level, file, line,
|
||||
"should not happen\n" );
|
||||
}
|
||||
}
|
||||
|
@ -305,7 +330,7 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
|
|||
memcpy( str, start, len );
|
||||
str[len] = '\0';
|
||||
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
|
||||
start = cur + 1;
|
||||
}
|
||||
|
@ -327,7 +352,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
char buf[1024];
|
||||
|
||||
mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
|
||||
debug_send_line( ssl, level, file, line, str );
|
||||
|
||||
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
|
||||
debug_print_line_by_line( ssl, level, file, line, buf );
|
||||
|
|
|
@ -140,7 +140,7 @@ int mbedtls_platform_entropy_poll( void *data,
|
|||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
FILE *file;
|
||||
size_t ret;
|
||||
size_t read_len;
|
||||
((void) data);
|
||||
|
||||
#if defined(HAVE_GETRANDOM)
|
||||
|
@ -165,8 +165,8 @@ int mbedtls_platform_entropy_poll( void *data,
|
|||
if( file == NULL )
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
ret = fread( output, 1, len, file );
|
||||
if( ret != len )
|
||||
read_len = fread( output, 1, len, file );
|
||||
if( read_len != len )
|
||||
{
|
||||
fclose( file );
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
|
|
@ -47,13 +47,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
|
||||
static const unsigned char PI_SUBST[256] =
|
||||
{
|
||||
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
|
||||
|
|
|
@ -47,13 +47,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
|
|
@ -46,13 +46,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
|
|
@ -46,13 +46,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
|
@ -46,13 +46,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
|
@ -52,13 +52,13 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
|
||||
/*
|
||||
* 64-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
|
@ -1748,6 +1748,12 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
|
||||
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
||||
|
||||
if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate (part of) the pre-master as
|
||||
* struct {
|
||||
|
@ -2522,6 +2528,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
i = 4;
|
||||
n = ssl->conf->psk_identity_len;
|
||||
|
||||
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
|
||||
"SSL buffer too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[i++] = (unsigned char)( n );
|
||||
|
||||
|
@ -2550,6 +2564,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||
*/
|
||||
n = ssl->handshake->dhm_ctx.len;
|
||||
|
||||
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
|
||||
" or SSL buffer too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[i++] = (unsigned char)( n );
|
||||
|
||||
|
|
|
@ -694,8 +694,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
else
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* Initialize HMAC contexts */
|
||||
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
|
||||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
|
||||
|
@ -1455,7 +1453,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
int ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -3718,6 +3716,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
|
||||
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
|
||||
|
@ -5459,6 +5460,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
|||
if( psk_len > MBEDTLS_PSK_MAX_LEN )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
/* Identity len will be encoded on two bytes */
|
||||
if( ( psk_identity_len >> 16 ) != 0 ||
|
||||
psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( conf->psk != NULL || conf->psk_identity != NULL )
|
||||
{
|
||||
mbedtls_free( conf->psk );
|
||||
|
@ -5862,6 +5870,29 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t max_len;
|
||||
|
||||
/*
|
||||
* Assume mfl_code is correct since it was checked when set
|
||||
*/
|
||||
max_len = mfl_code_to_length[ssl->conf->mfl_code];
|
||||
|
||||
/*
|
||||
* Check if a smaller max length was negotiated
|
||||
*/
|
||||
if( ssl->session_out != NULL &&
|
||||
mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
|
||||
{
|
||||
max_len = mfl_code_to_length[ssl->session_out->mfl_code];
|
||||
}
|
||||
|
||||
return max_len;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -5894,6 +5925,9 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
ret = mbedtls_ssl_handshake_client_step( ssl );
|
||||
|
@ -5913,6 +5947,9 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret = 0;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
|
||||
|
||||
while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||
|
@ -6008,6 +6045,9 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/* On server, just send the request */
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
|
@ -6085,6 +6125,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
int ret, record_read = 0;
|
||||
size_t n;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
@ -6339,23 +6382,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
unsigned int max_len;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/*
|
||||
* Assume mfl_code is correct since it was checked when set
|
||||
*/
|
||||
max_len = mfl_code_to_length[ssl->conf->mfl_code];
|
||||
|
||||
/*
|
||||
* Check if a smaller max length was negotiated
|
||||
*/
|
||||
if( ssl->session_out != NULL &&
|
||||
mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
|
||||
{
|
||||
max_len = mfl_code_to_length[ssl->session_out->mfl_code];
|
||||
}
|
||||
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
|
||||
|
||||
if( len > max_len )
|
||||
{
|
||||
|
@ -6444,6 +6471,9 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
|
||||
{
|
||||
|
@ -6479,6 +6509,9 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
|
||||
|
||||
if( ssl->out_left != 0 )
|
||||
|
|
|
@ -75,7 +75,7 @@ int main( void )
|
|||
|
||||
unsigned char *p, *end;
|
||||
unsigned char buf[2048];
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
const char *pers = "dh_client";
|
||||
|
||||
mbedtls_entropy_context entropy;
|
||||
|
|
|
@ -74,7 +74,7 @@ int main( void )
|
|||
mbedtls_net_context listen_fd, client_fd;
|
||||
|
||||
unsigned char buf[2048];
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf2[2];
|
||||
const char *pers = "dh_server";
|
||||
|
||||
|
|
|
@ -151,8 +151,11 @@ exit:
|
|||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -151,8 +151,11 @@ exit:
|
|||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -64,7 +64,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_pk_context pk;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
const char *pers = "mbedtls_pk_sign";
|
||||
|
@ -129,7 +129,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>-sig.txt
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
|
||||
|
||||
|
@ -156,8 +156,11 @@ exit:
|
|||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -59,7 +59,7 @@ int main( int argc, char *argv[] )
|
|||
int ret = 1;
|
||||
size_t i;
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
|
@ -86,7 +86,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Extract the signature from the text file
|
||||
* Extract the signature from the file
|
||||
*/
|
||||
ret = 1;
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
|
||||
|
@ -103,8 +103,8 @@ int main( int argc, char *argv[] )
|
|||
fclose( f );
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file and compare
|
||||
* it with the hash decrypted from the signature.
|
||||
* Compute the SHA-256 hash of the input file and
|
||||
* verify the signature
|
||||
*/
|
||||
mbedtls_printf( "\n . Verifying the SHA-256 signature" );
|
||||
fflush( stdout );
|
||||
|
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
|
||||
|
||||
ret = 0;
|
||||
|
||||
|
@ -132,8 +132,11 @@ exit:
|
|||
mbedtls_pk_free( &pk );
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
|
||||
mbedtls_printf( " ! Last error was: %s\n", buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#define KEY_SIZE 1024
|
||||
#define KEY_SIZE 2048
|
||||
#define EXPONENT 65537
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdio.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
|
@ -58,8 +59,9 @@ int main( int argc, char *argv[] )
|
|||
int ret;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
ret = 1;
|
||||
|
||||
|
@ -135,11 +137,11 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>-sig.txt
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||
|
||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
||||
if( ( f = fopen( filename, "wb+" ) ) == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
|
||||
|
@ -152,7 +154,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
|
||||
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
|
||||
|
||||
exit:
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_pk_context pk;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
const char *pers = "rsa_sign_pss";
|
||||
|
@ -140,7 +140,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>-sig.txt
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
|
@ -57,8 +58,9 @@ int main( int argc, char *argv[] )
|
|||
int ret, c;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
ret = 1;
|
||||
if( argc != 2 )
|
||||
|
@ -99,17 +101,15 @@ int main( int argc, char *argv[] )
|
|||
* Extract the RSA signature from the text file
|
||||
*/
|
||||
ret = 1;
|
||||
i = strlen( argv[1] );
|
||||
memcpy( argv[1] + i, ".sig", 5 );
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||
|
||||
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
|
||||
if( ( f = fopen( filename, "rb" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
|
||||
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
argv[1][i] = '\0', i = 0;
|
||||
|
||||
i = 0;
|
||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||
i < (int) sizeof( buf ) )
|
||||
buf[i++] = (unsigned char) c;
|
||||
|
@ -123,8 +123,8 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file and compare
|
||||
* it with the hash decrypted from the RSA signature.
|
||||
* Compute the SHA-256 hash of the input file and
|
||||
* verify the signature
|
||||
*/
|
||||
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
|
||||
fflush( stdout );
|
||||
|
@ -144,7 +144,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
|
||||
|
||||
ret = 0;
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ int main( int argc, char *argv[] )
|
|||
int ret = 1;
|
||||
size_t i;
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char hash[20];
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
|
@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
|
||||
|
||||
/*
|
||||
* Extract the RSA signature from the text file
|
||||
* Extract the RSA signature from the file
|
||||
*/
|
||||
ret = 1;
|
||||
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
|
||||
|
@ -117,8 +117,8 @@ int main( int argc, char *argv[] )
|
|||
fclose( f );
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file and compare
|
||||
* it with the hash decrypted from the RSA signature.
|
||||
* Compute the SHA-256 hash of the input file and
|
||||
* verify the signature
|
||||
*/
|
||||
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
|
||||
fflush( stdout );
|
||||
|
@ -138,7 +138,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
|
||||
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
|
||||
|
||||
ret = 0;
|
||||
|
||||
|
|
|
@ -1240,6 +1240,11 @@ int main( int argc, char *argv[] )
|
|||
else
|
||||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
{
|
||||
|
|
|
@ -1925,7 +1925,7 @@ reset:
|
|||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
{
|
||||
char vrfy_buf[512];
|
||||
uint32_t flags = mbedtls_ssl_get_verify_result( &ssl );
|
||||
flags = mbedtls_ssl_get_verify_result( &ssl );
|
||||
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
|
||||
|
@ -1946,6 +1946,11 @@ reset:
|
|||
else
|
||||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
{
|
||||
|
|
|
@ -108,31 +108,31 @@ int main( void )
|
|||
|
||||
#define TIME_AND_TSC( TITLE, CODE ) \
|
||||
do { \
|
||||
unsigned long i, j, tsc; \
|
||||
unsigned long ii, jj, tsc; \
|
||||
\
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
fflush( stdout ); \
|
||||
\
|
||||
mbedtls_set_alarm( 1 ); \
|
||||
for( i = 1; ! mbedtls_timing_alarmed; i++ ) \
|
||||
mbedtls_set_alarm( 1 ); \
|
||||
for( ii = 1; ! mbedtls_timing_alarmed; ii++ ) \
|
||||
{ \
|
||||
CODE; \
|
||||
} \
|
||||
\
|
||||
tsc = mbedtls_timing_hardclock(); \
|
||||
for( j = 0; j < 1024; j++ ) \
|
||||
tsc = mbedtls_timing_hardclock(); \
|
||||
for( jj = 0; jj < 1024; jj++ ) \
|
||||
{ \
|
||||
CODE; \
|
||||
} \
|
||||
\
|
||||
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
|
||||
i * BUFSIZE / 1024, \
|
||||
( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \
|
||||
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
|
||||
ii * BUFSIZE / 1024, \
|
||||
( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
|
||||
} while( 0 )
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
|
||||
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
|
||||
mbedtls_printf( "FAILED: %s\n", tmp );
|
||||
#else
|
||||
#define PRINT_ERROR \
|
||||
|
@ -144,12 +144,12 @@ do { \
|
|||
#define MEMORY_MEASURE_INIT \
|
||||
size_t max_used, max_blocks, max_bytes; \
|
||||
size_t prv_used, prv_blocks; \
|
||||
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
|
||||
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
|
||||
mbedtls_memory_buffer_alloc_max_reset( );
|
||||
|
||||
#define MEMORY_MEASURE_PRINT( title_len ) \
|
||||
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
|
||||
for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \
|
||||
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
|
||||
for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " ); \
|
||||
max_used -= prv_used; \
|
||||
max_blocks -= prv_blocks; \
|
||||
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
|
||||
|
@ -162,16 +162,16 @@ do { \
|
|||
|
||||
#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
|
||||
do { \
|
||||
unsigned long i; \
|
||||
unsigned long ii; \
|
||||
int ret; \
|
||||
MEMORY_MEASURE_INIT; \
|
||||
\
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
fflush( stdout ); \
|
||||
mbedtls_set_alarm( 3 ); \
|
||||
mbedtls_set_alarm( 3 ); \
|
||||
\
|
||||
ret = 0; \
|
||||
for( i = 1; ! mbedtls_timing_alarmed && ! ret ; i++ ) \
|
||||
for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ ) \
|
||||
{ \
|
||||
CODE; \
|
||||
} \
|
||||
|
@ -182,9 +182,9 @@ do { \
|
|||
} \
|
||||
else \
|
||||
{ \
|
||||
mbedtls_printf( "%6lu " TYPE "/s", i / 3 ); \
|
||||
mbedtls_printf( "%6lu " TYPE "/s", ii / 3 ); \
|
||||
MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
|
||||
mbedtls_printf( "\n" ); \
|
||||
mbedtls_printf( "\n" ); \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
|
|
|
@ -389,7 +389,7 @@ void update_dropped( const packet *p )
|
|||
|
||||
while( cur < end )
|
||||
{
|
||||
size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
|
||||
len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
|
||||
|
||||
id = len % sizeof( dropped );
|
||||
++dropped[id];
|
||||
|
|
|
@ -1085,6 +1085,8 @@ run_test "Max fragment length: not used, reference" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-s "Maximum fragment length is 16384" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
@ -1094,6 +1096,8 @@ run_test "Max fragment length: used by client" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 4096" \
|
||||
-s "Maximum fragment length is 4096" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
@ -1103,6 +1107,8 @@ run_test "Max fragment length: used by server" \
|
|||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-s "Maximum fragment length is 4096" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
@ -1113,6 +1119,7 @@ run_test "Max fragment length: gnutls server" \
|
|||
"$G_SRV" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 4096" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
|
@ -1120,6 +1127,8 @@ run_test "Max fragment length: client, message just fits" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
@ -1131,6 +1140,8 @@ run_test "Max fragment length: client, larger message" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
@ -1143,6 +1154,8 @@ run_test "Max fragment length: DTLS client, larger message" \
|
|||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
||||
1 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
|
|
@ -25,6 +25,11 @@ void string_debug(void *data, int level, const char *file, int line, const char
|
|||
*p++ = ':';
|
||||
*p++ = ' ';
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Skip "thread ID" (up to the first space) as it is not predictable */
|
||||
while( *str++ != ' ' );
|
||||
#endif
|
||||
|
||||
memcpy( p, str, strlen( str ) );
|
||||
p += strlen( str );
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "mbedtls",
|
||||
"version": "2.0.5",
|
||||
"version": "2.0.6",
|
||||
"description": "The mbed TLS crypto/SSL/TLS library",
|
||||
"private": true,
|
||||
"license": "GPL-2.0",
|
||||
|
|
Loading…
Reference in a new issue