diff --git a/ChangeLog b/ChangeLog index 03511e84a..fe1ce5c4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,8 +45,14 @@ Bugfix * Fix potential unintended sign extension in asn1_get_len() on 64-bit platforms. * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid). + * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and + POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced + in 1.3.10). + * Add missing extern "C" guard in aesni.h (reported by amir zamani). Changes + * ssl_set_own_cert() now longers calls pk_check_pair() since the + performance impact was bad for some users (this was introduced in 1.3.10). * Move from SHA-1 to SHA-256 in example programs using signatures (suggested by Thorsten Mühlfelder). * Remove some unneeded inclusions of header files from the standard library diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index a31d9a565..2d9f66fba 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -682,8 +682,7 @@ INPUT_ENCODING = UTF-8 # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl -FILE_PATTERNS = *.c \ - *.h +FILE_PATTERNS = *.h # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. @@ -697,9 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = tests/fct.h \ - programs \ - CMakeFiles +EXCLUDE = configs # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index bb514ca6d..02419eda5 100644 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -37,6 +37,10 @@ #if defined(POLARSSL_HAVE_X86_64) +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief AES-NI features detection routine * @@ -99,6 +103,10 @@ int aesni_setkey_enc( unsigned char *rk, const unsigned char *key, size_t bits ); +#ifdef __cplusplus +} +#endif + #endif /* POLARSSL_HAVE_X86_64 */ #endif /* POLARSSL_AESNI_H */ diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 2d39c7a1b..c3f4b382d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -448,7 +448,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ) #if defined(POLARSSL_SELF_TEST) -static unsigned char entropy_source_pr[96] = +static const unsigned char entropy_source_pr[96] = { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16, 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02, 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b, @@ -462,7 +462,7 @@ static unsigned char entropy_source_pr[96] = 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56, 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 }; -static unsigned char entropy_source_nopr[64] = +static const unsigned char entropy_source_nopr[64] = { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14, 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe, 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d, @@ -521,7 +521,7 @@ int ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, - entropy_source_pr, nonce_pers_pr, 16, 32 ) ); + (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) ); ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON ); CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) ); CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) ); @@ -538,7 +538,7 @@ int ctr_drbg_self_test( int verbose ) test_offset = 0; CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, - entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); + (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) ); CHK( ctr_drbg_random( &ctx, buf, 16 ) ); CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) ); CHK( ctr_drbg_random( &ctx, buf, 16 ) ); diff --git a/library/gcm.c b/library/gcm.c index 1a49180ca..d46f97de9 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -508,10 +508,10 @@ void gcm_free( gcm_context *ctx ) */ #define MAX_TESTS 6 -static int key_index[MAX_TESTS] = +static const int key_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 1 }; -static unsigned char key[MAX_TESTS][32] = +static const unsigned char key[MAX_TESTS][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -523,13 +523,13 @@ static unsigned char key[MAX_TESTS][32] = 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, }; -static size_t iv_len[MAX_TESTS] = +static const size_t iv_len[MAX_TESTS] = { 12, 12, 12, 12, 8, 60 }; -static int iv_index[MAX_TESTS] = +static const int iv_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 2 }; -static unsigned char iv[MAX_TESTS][64] = +static const unsigned char iv[MAX_TESTS][64] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, @@ -545,13 +545,13 @@ static unsigned char iv[MAX_TESTS][64] = 0xa6, 0x37, 0xb3, 0x9b }, }; -static size_t add_len[MAX_TESTS] = +static const size_t add_len[MAX_TESTS] = { 0, 0, 0, 20, 20, 20 }; -static int add_index[MAX_TESTS] = +static const int add_index[MAX_TESTS] = { 0, 0, 0, 1, 1, 1 }; -static unsigned char additional[MAX_TESTS][64] = +static const unsigned char additional[MAX_TESTS][64] = { { 0x00 }, { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, @@ -559,13 +559,13 @@ static unsigned char additional[MAX_TESTS][64] = 0xab, 0xad, 0xda, 0xd2 }, }; -static size_t pt_len[MAX_TESTS] = +static const size_t pt_len[MAX_TESTS] = { 0, 16, 64, 60, 60, 60 }; -static int pt_index[MAX_TESTS] = +static const int pt_index[MAX_TESTS] = { 0, 0, 1, 1, 1, 1 }; -static unsigned char pt[MAX_TESTS][64] = +static const unsigned char pt[MAX_TESTS][64] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, @@ -579,7 +579,7 @@ static unsigned char pt[MAX_TESTS][64] = 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, }; -static unsigned char ct[MAX_TESTS * 3][64] = +static const unsigned char ct[MAX_TESTS * 3][64] = { { 0x00 }, { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, @@ -688,7 +688,7 @@ static unsigned char ct[MAX_TESTS * 3][64] = 0x44, 0xae, 0x7e, 0x3f }, }; -static unsigned char tag[MAX_TESTS * 3][16] = +static const unsigned char tag[MAX_TESTS * 3][16] = { { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }, @@ -939,8 +939,6 @@ int gcm_self_test( int verbose ) return( 0 ); } - - #endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ #endif /* POLARSSL_GCM_C */ diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index c3a673cb4..8b73dfd2c 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -396,7 +396,7 @@ int hmac_drbg_self_test( int verbose ) #define OUTPUT_LEN 80 /* From a NIST PR=true test vector */ -static unsigned char entropy_pr[] = { +static const unsigned char entropy_pr[] = { 0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f, 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11, 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42, @@ -412,7 +412,7 @@ static const unsigned char result_pr[OUTPUT_LEN] = { 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 }; /* From a NIST PR=false test vector */ -static unsigned char entropy_nopr[] = { +static const unsigned char entropy_nopr[] = { 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, @@ -461,7 +461,7 @@ int hmac_drbg_self_test( int verbose ) test_offset = 0; CHK( hmac_drbg_init( &ctx, md_info, - hmac_drbg_self_test_entropy, entropy_pr, + hmac_drbg_self_test_entropy, (void *) entropy_pr, NULL, 0 ) ); hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON ); CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); @@ -480,7 +480,7 @@ int hmac_drbg_self_test( int verbose ) test_offset = 0; CHK( hmac_drbg_init( &ctx, md_info, - hmac_drbg_self_test_entropy, entropy_nopr, + hmac_drbg_self_test_entropy, (void *) entropy_nopr, NULL, 0 ) ); CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) ); CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); diff --git a/library/md5.c b/library/md5.c index 4f0c5c1ef..05651cb08 100644 --- a/library/md5.c +++ b/library/md5.c @@ -443,7 +443,7 @@ void md5_hmac( const unsigned char *key, size_t keylen, /* * RFC 1321 test vectors */ -static unsigned char md5_test_buf[7][81] = +static const unsigned char md5_test_buf[7][81] = { { "" }, { "a" }, @@ -481,7 +481,7 @@ static const unsigned char md5_test_sum[7][16] = /* * RFC 2202 test vectors */ -static unsigned char md5_hmac_test_key[7][26] = +static const unsigned char md5_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" }, { "Jefe" }, @@ -498,7 +498,7 @@ static const int md5_hmac_test_keylen[7] = 16, 4, 16, 25, 16, 80, 80 }; -static unsigned char md5_hmac_test_buf[7][74] = +static const unsigned char md5_hmac_test_buf[7][74] = { { "Hi There" }, { "what do ya want for nothing?" }, diff --git a/library/pkcs5.c b/library/pkcs5.c index dae5e4142..12ec5ea27 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -300,39 +300,37 @@ int pkcs5_self_test( int verbose ) #define MAX_TESTS 6 -static size_t plen[MAX_TESTS] = - { 8, 8, 8, 8, 24, 9 }; +static const size_t plen[MAX_TESTS] = + { 8, 8, 8, 24, 9 }; -static unsigned char password[MAX_TESTS][32] = +static const unsigned char password[MAX_TESTS][32] = { "password", "password", "password", - "password", "passwordPASSWORDpassword", "pass\0word", }; -static size_t slen[MAX_TESTS] = - { 4, 4, 4, 4, 36, 5 }; +static const size_t slen[MAX_TESTS] = + { 4, 4, 4, 36, 5 }; -static unsigned char salt[MAX_TESTS][40] = +static const unsigned char salt[MAX_TESTS][40] = { "salt", "salt", "salt", - "salt", "saltSALTsaltSALTsaltSALTsaltSALTsalt", "sa\0lt", }; -static uint32_t it_cnt[MAX_TESTS] = - { 1, 2, 4096, 16777216, 4096, 4096 }; +static const uint32_t it_cnt[MAX_TESTS] = + { 1, 2, 4096, 4096, 4096 }; -static uint32_t key_len[MAX_TESTS] = - { 20, 20, 20, 20, 25, 16 }; +static const uint32_t key_len[MAX_TESTS] = + { 20, 20, 20, 25, 16 }; -static unsigned char result_key[MAX_TESTS][32] = +static const unsigned char result_key[MAX_TESTS][32] = { { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, @@ -343,9 +341,6 @@ static unsigned char result_key[MAX_TESTS][32] = { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 0x65, 0xa4, 0x29, 0xc1 }, - { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, - 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, - 0x26, 0x34, 0xe9, 0x84 }, { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, @@ -376,9 +371,6 @@ int pkcs5_self_test( int verbose ) goto exit; } - if( verbose != 0 ) - polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" ); - for( i = 0; i < MAX_TESTS; i++ ) { if( verbose != 0 ) diff --git a/library/sha1.c b/library/sha1.c index 53f5f2642..db9f2c103 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -476,7 +476,7 @@ void sha1_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-1 test vectors */ -static unsigned char sha1_test_buf[3][57] = +static const unsigned char sha1_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, @@ -501,7 +501,7 @@ static const unsigned char sha1_test_sum[3][20] = /* * RFC 2202 test vectors */ -static unsigned char sha1_hmac_test_key[7][26] = +static const unsigned char sha1_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -521,7 +521,7 @@ static const int sha1_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 80, 80 }; -static unsigned char sha1_hmac_test_buf[7][74] = +static const unsigned char sha1_hmac_test_buf[7][74] = { { "Hi There" }, { "what do ya want for nothing?" }, diff --git a/library/sha256.c b/library/sha256.c index 1b2d4b22f..3f7add607 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -483,7 +483,7 @@ void sha256_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-2 test vectors */ -static unsigned char sha256_test_buf[3][57] = +static const unsigned char sha256_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, @@ -533,7 +533,7 @@ static const unsigned char sha256_test_sum[6][32] = /* * RFC 4231 test vectors */ -static unsigned char sha256_hmac_test_key[7][26] = +static const unsigned char sha256_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -553,7 +553,7 @@ static const int sha256_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 131, 131 }; -static unsigned char sha256_hmac_test_buf[7][153] = +static const unsigned char sha256_hmac_test_buf[7][153] = { { "Hi There" }, { "what do ya want for nothing?" }, diff --git a/library/sha512.c b/library/sha512.c index 1ef088f2f..560a83d45 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -488,7 +488,7 @@ void sha512_hmac( const unsigned char *key, size_t keylen, /* * FIPS-180-2 test vectors */ -static unsigned char sha512_test_buf[3][113] = +static const unsigned char sha512_test_buf[3][113] = { { "abc" }, { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" @@ -557,7 +557,7 @@ static const unsigned char sha512_test_sum[6][64] = /* * RFC 4231 test vectors */ -static unsigned char sha512_hmac_test_key[7][26] = +static const unsigned char sha512_hmac_test_key[7][26] = { { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" "\x0B\x0B\x0B\x0B" }, @@ -577,7 +577,7 @@ static const int sha512_hmac_test_keylen[7] = 20, 4, 20, 25, 20, 131, 131 }; -static unsigned char sha512_hmac_test_buf[7][153] = +static const unsigned char sha512_hmac_test_buf[7][153] = { { "Hi There" }, { "what do ya want for nothing?" }, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a20432b9c..25d7d259a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5390,7 +5390,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key = pk_key; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } #if defined(POLARSSL_RSA_C) @@ -5419,7 +5419,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } #endif /* POLARSSL_RSA_C */ @@ -5448,7 +5448,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, key_cert->cert = own_cert; key_cert->key_own_alloc = 1; - return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) ); + return( 0 ); } #endif /* POLARSSL_X509_CRT_PARSE_C */ diff --git a/scripts/memory.sh b/scripts/memory.sh index 2e5621549..36626b884 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -12,7 +12,7 @@ CONFIG_H='include/mbedtls/config.h' CLIENT='mini_client' -CFLAGS_EXEC=-fno-asynchronous-unwind-tables +CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections' CFLAGS_MEM=-g3 if [ -r $CONFIG_H ]; then :; else @@ -25,6 +25,11 @@ if grep -i cmake Makefile >/dev/null; then exit 1 fi +if [ $( uname ) != Linux ]; then + echo "Only work on Linux" >&2 + exit 1 +fi + if git status | grep -F $CONFIG_H >/dev/null 2>&1; then echo "config.h not clean" >&2 exit 1 @@ -54,7 +59,7 @@ do_config() cd programs CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null strip ssl/$CLIENT - stat -f '%z' ssl/$CLIENT + stat -c '%s' ssl/$CLIENT cd .. printf " Peak ram usage... "