mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-18 14:57:25 +00:00
Merge mbedtls 2.16.6 into baremetal
Conflicts:
mbedtls.doxyfile - PROJECT_NAME - mbed TLS v2.16.6 chosen.
doc_mainpage.h - mbed TLS v2.16.6 version chosen.
hmac_drbg.h - line 260, extended description chosen.
- line 313, extended description chosen.
- line 338, extended description chosen.
version.h - 2.16.6 chosen.
CMakeLists.txt - 2.16.6 chosen.
test_suite_version.data - 2.16.6 chosen.
Makefile - 141 - manual correction - baremetal version of C_SOURCE_FILES
with variables for directories plus 2.16.6 CTAGS addition.
pkparse.c - lines 846 onwards - the asn1_get_nonzero_mpi implementation chosen.
ssl_tls.c - line 5269 - edited manually, left the ret=0, because baremetal has
a different behaviour since commit 87b5626
, but added a debug
message that's new in 2.16.6.
all.sh:
- component_build_deprecated - chosen the refactored version from 2.16.6,
but with extra flags from baremetal.
- rest of the _no_xxx tests - merged make options to have PTHREAD=1 and
other changes from 2.16.6 (like -O1 instead of -O0).
- component_build_arm_none_eabi_gcc_no_64bit_multiplication - added
TINYCRYPT_BUILD=0 to the 2.16.6 version of make.
x509/req_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/crl_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/cert_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_mail_client.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_pthread_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_fork_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client1.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client2.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
- line 132 - new options of both branches added.
- skip close notify handled as in 2.16.6, but with `ssl` instead of `&ssl`.
- Merged the 2.16.6 usage split with additional baremetal usages.
- Merged options from baremetal and 2.16.6.
ssl_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_server2.c - Merged the 2.16.6 usage split with additional baremetal usages.
config.pl - fixed missing defines from the documentation, removed duplicates,
and reorganised so that the documentation and excluded list
are ordered in the same way.
test_suite_x509parse.data - only added the two new pathlen tests.
x509_crt.c - change the return code by removing
MBEDTLS_ERR_X509_INVALID_EXTENSIONS, since it's added by
x509_crt_frame_parse_ext not by an "or", but by "+=".
Changelog - Assigned all entries to appropriate sections.
ssl-opt.sh - line 8263 - merged options.
- removed lines 1165 - 1176 - there was a duplicate test, probably
an artifact of previous merges.
check-files.py - sticked to old formatting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
2d21e3e47b
commit
825ebd483f
5
.github/pull_request_template.md
vendored
5
.github/pull_request_template.md
vendored
|
@ -1,8 +1,5 @@
|
|||
Notes:
|
||||
* Pull requests cannot be accepted until:
|
||||
- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/)
|
||||
or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/)
|
||||
- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards)
|
||||
* Pull requests cannot be accepted until the PR follows the [contributing guidelines](../CONTRIBUTING.md). In particular, each commit must have at least one `Signed-off-by:` line from the committer to certify that the contribution is made under the terms of the [Developer Certificate of Origin](../dco.txt).
|
||||
* This is just a template, so feel free to use/remove the unnecessary things
|
||||
## Description
|
||||
A few sentences describing the overall goals of the pull request's commits.
|
||||
|
|
22
.pylintrc
22
.pylintrc
|
@ -40,7 +40,27 @@ max-attributes=15
|
|||
max-module-lines=2000
|
||||
|
||||
[MESSAGES CONTROL]
|
||||
disable=
|
||||
# * locally-disabled, locally-enabled: If we disable or enable a message
|
||||
# locally, it's by design. There's no need to clutter the Pylint output
|
||||
# with this information.
|
||||
# * logging-format-interpolation: Pylint warns about things like
|
||||
# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
|
||||
# This is of minor utility (mainly a performance gain when there are
|
||||
# many messages that use formatting and are below the log level).
|
||||
# Some versions of Pylint (including 1.8, which is the version on
|
||||
# Ubuntu 18.04) only recognize old-style format strings using '%',
|
||||
# and complain about something like ``log.info('{}', foo)`` with
|
||||
# logging-too-many-args (Pylint supports new-style formatting if
|
||||
# declared globally with logging_format_style under [LOGGING] but
|
||||
# this requires Pylint >=2.2).
|
||||
# * no-else-return: Allow the perfectly reasonable idiom
|
||||
# if condition1:
|
||||
# return value1
|
||||
# else:
|
||||
# return value2
|
||||
# * unnecessary-pass: If we take the trouble of adding a line with "pass",
|
||||
# it's because we think the code is clearer that way.
|
||||
disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
|
||||
|
||||
[REPORTS]
|
||||
# Don't diplay statistics. Just the facts.
|
||||
|
|
72
.travis.yml
72
.travis.yml
|
@ -1,48 +1,64 @@
|
|||
language: c
|
||||
compiler:
|
||||
- clang
|
||||
- gcc
|
||||
compiler: gcc
|
||||
sudo: false
|
||||
cache: ccache
|
||||
|
||||
# blocklist
|
||||
branches:
|
||||
except:
|
||||
- development-psa
|
||||
- coverity_scan
|
||||
jobs:
|
||||
include:
|
||||
- name: basic checks and reference configurations
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- gnutls-bin
|
||||
- doxygen
|
||||
- graphviz
|
||||
- gcc-arm-none-eabi
|
||||
- libnewlib-arm-none-eabi
|
||||
language: python # Needed to get pip for Python 3
|
||||
python: 3.5 # version from Ubuntu 16.04
|
||||
install:
|
||||
- pip install pylint==2.4.4
|
||||
script:
|
||||
- tests/scripts/all.sh -k 'check_*'
|
||||
- tests/scripts/all.sh -k test_default_out_of_box
|
||||
- tests/scripts/test-ref-configs.pl
|
||||
- tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
||||
|
||||
- name: full configuration
|
||||
script:
|
||||
- tests/scripts/all.sh -k test_full_cmake_gcc_asan
|
||||
|
||||
- name: check compilation guards
|
||||
script:
|
||||
- tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
|
||||
|
||||
- name: macOS
|
||||
os: osx
|
||||
compiler: clang
|
||||
script:
|
||||
- tests/scripts/all.sh -k test_default_out_of_box
|
||||
|
||||
- name: Windows
|
||||
os: windows
|
||||
script:
|
||||
- scripts/windows_msbuild.bat v141 # Visual Studio 2017
|
||||
|
||||
script:
|
||||
- tests/scripts/recursion.pl library/*.c
|
||||
- tests/scripts/check-generated-files.sh
|
||||
- tests/scripts/check-doxy-blocks.pl
|
||||
- tests/scripts/check-names.sh
|
||||
- tests/scripts/check-files.py
|
||||
- tests/scripts/doxygen.sh
|
||||
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
|
||||
- make
|
||||
- make test
|
||||
- programs/test/selftest
|
||||
- OSSL_NO_DTLS=1 tests/compat.sh
|
||||
- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
|
||||
- tests/scripts/test-ref-configs.pl
|
||||
- tests/scripts/curves.pl
|
||||
- tests/scripts/key-exchanges.pl
|
||||
after_failure:
|
||||
- tests/scripts/travis-log-failure.sh
|
||||
|
||||
env:
|
||||
global:
|
||||
- SEED=1
|
||||
- secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
|
||||
- secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
|
||||
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- doxygen
|
||||
- graphviz
|
||||
- gnutls-bin
|
||||
coverity_scan:
|
||||
project:
|
||||
name: "ARMmbed/mbedtls"
|
||||
notification_email: simon.butcher@arm.com
|
||||
notification_email: support-mbedtls@arm.com
|
||||
build_command_prepend:
|
||||
build_command: make
|
||||
branch_pattern: coverity_scan
|
||||
|
|
|
@ -5,11 +5,6 @@ We gratefully accept bug reports and contributions from the community. There are
|
|||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||
- The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
|
||||
|
||||
Contributor License Agreement (CLA)
|
||||
-----------------------------------
|
||||
- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
|
||||
- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||
|
||||
Coding Standards
|
||||
----------------
|
||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
|
||||
|
@ -19,12 +14,13 @@ Coding Standards
|
|||
|
||||
Making a Contribution
|
||||
---------------------
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
|
||||
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
|
||||
1. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
|
||||
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
|
||||
1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
|
||||
1. All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
|
||||
1. Ensure that each commit has at least one `Signed-off-by:` line from the committer. If anyone else contributes to the commit, they should also add their own `Signed-off-by:` line. By adding this line, contributor(s) certify that the contribution is made under the terms of the [Developer Certificate of Origin](dco.txt). The contribution licensing is described in the [License section of the README](README.md#License).
|
||||
|
||||
API/ABI Compatibility
|
||||
---------------------
|
||||
|
@ -46,18 +42,14 @@ Mbed TLS maintains several LTS (Long Term Support) branches, which are maintaine
|
|||
|
||||
When backporting to these branches please observe the following rules:
|
||||
|
||||
1. Any change to the library which changes the API or ABI cannot be backported.
|
||||
|
||||
2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
|
||||
|
||||
3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
|
||||
1. Any change to the library which changes the API or ABI cannot be backported.
|
||||
1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
|
||||
1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
|
||||
|
||||
It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
|
||||
|
||||
Currently maintained LTS branches are:
|
||||
|
||||
1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
|
||||
|
||||
1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
|
||||
|
||||
|
||||
|
@ -84,12 +76,7 @@ Documentation
|
|||
Mbed TLS is well documented, but if you think documentation is needed, speak out!
|
||||
|
||||
1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
|
||||
|
||||
2. Complex parts in the code should include comments.
|
||||
|
||||
3. If needed, a Readme file is advised.
|
||||
|
||||
4. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
|
||||
|
||||
5. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
|
||||
|
||||
1. Complex parts in the code should include comments.
|
||||
1. If needed, a Readme file is advised.
|
||||
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
|
||||
1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
|
||||
|
|
24
ChangeLog
24
ChangeLog
|
@ -63,7 +63,24 @@ Changes
|
|||
* Reduce RAM consumption during session renegotiation by not storing
|
||||
the peer CRT chain and session ticket twice.
|
||||
|
||||
= mbed TLS 2.16.X branch released XXXX-XX-XX
|
||||
= mbed TLS 2.16.6 branch released 2020-04-14
|
||||
|
||||
Security
|
||||
* Fix side channel in ECC code that allowed an adversary with access to
|
||||
precise enough timing and memory access information (typically an
|
||||
untrusted operating system attacking a secure enclave) to fully recover
|
||||
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
|
||||
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
|
||||
* Fix a potentially remotely exploitable buffer overread in a
|
||||
DTLS client when parsing the Hello Verify Request message.
|
||||
|
||||
Bugfix
|
||||
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
|
||||
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
|
||||
* Fix a function name in a debug message. Contributed by Ercan Ozturk in
|
||||
#3013.
|
||||
|
||||
= mbed TLS 2.16.5 branch released 2020-02-20
|
||||
|
||||
Security
|
||||
* Fix potential memory overread when performing an ECDSA signature
|
||||
|
@ -80,6 +97,11 @@ Security
|
|||
|
||||
Bugfix
|
||||
* Fix an unchecked call to mbedtls_md() in the x509write module.
|
||||
* Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
|
||||
RSA keys that would later be rejected by functions expecting private
|
||||
keys. Found by Catena cyber using oss-fuzz (issue 20467).
|
||||
* Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
|
||||
RSA keys with invalid values by silently fixing those values.
|
||||
|
||||
= mbed TLS 2.16.4 branch released 2020-01-15
|
||||
|
||||
|
|
67
ChangeLog.d/00README.md
Normal file
67
ChangeLog.d/00README.md
Normal file
|
@ -0,0 +1,67 @@
|
|||
# Pending changelog entry directory
|
||||
|
||||
This directory contains changelog entries that have not yet been merged
|
||||
to the changelog file ([`../ChangeLog`](../ChangeLog)).
|
||||
|
||||
## Changelog entry file format
|
||||
|
||||
A changelog entry file must have the extension `*.txt` and must have the
|
||||
following format:
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Security
|
||||
* Change description.
|
||||
* Another change description.
|
||||
|
||||
Features
|
||||
* Yet another change description. This is a long change description that
|
||||
spans multiple lines.
|
||||
* Yet again another change description.
|
||||
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The permitted changelog entry categories are as follows:
|
||||
<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
|
||||
|
||||
API changes
|
||||
Default behavior changes
|
||||
Requirement changes
|
||||
New deprecations
|
||||
Removals
|
||||
Features
|
||||
Security
|
||||
Bugfix
|
||||
Changes
|
||||
|
||||
Use “Changes” for anything that doesn't fit in the other categories, such as
|
||||
performance, documentation and test improvements.
|
||||
|
||||
## How to write a changelog entry
|
||||
|
||||
Each entry starts with three spaces, an asterisk and a space. Continuation
|
||||
lines start with 5 spaces. Lines wrap at 79 characters.
|
||||
|
||||
Write full English sentences with proper capitalization and punctuation. Use
|
||||
the present tense. Use the imperative where applicable. For example: “Fix a
|
||||
bug in mbedtls_xxx() ….”
|
||||
|
||||
Include GitHub issue numbers where relevant. Use the format “#1234” for an
|
||||
Mbed TLS issue. Add other external references such as CVE numbers where
|
||||
applicable.
|
||||
|
||||
Credit the author of the contribution if the contribution is not a member of
|
||||
the Mbed TLS development team. Also credit bug reporters where applicable.
|
||||
|
||||
**Explain why, not how**. Remember that the audience is the users of the
|
||||
library, not its developers. In particular, for a bug fix, explain the
|
||||
consequences of the bug, not how the bug was fixed. For a new feature, explain
|
||||
why one might be interested in the feature. For an API change or a deprecation,
|
||||
explain how to update existing applications.
|
||||
|
||||
See [existing entries](../ChangeLog) for examples.
|
||||
|
||||
## How `ChangeLog` is updated
|
||||
|
||||
Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
|
||||
from a Git working copy
|
||||
to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
|
4
ChangeLog.d/bugfix.txt
Normal file
4
ChangeLog.d/bugfix.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Bugfix
|
||||
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
|
||||
Completes a previous fix in Mbed TLS 2.16 that only fixed the build for
|
||||
the example programs. Reported in #1430 and fix contributed by irwir.
|
5
ChangeLog.d/max_pathlen.txt
Normal file
5
ChangeLog.d/max_pathlen.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix undefined behavior in X.509 certificate parsing if the
|
||||
pathLenConstraint basic constraint value is equal to INT_MAX.
|
||||
The actual effect with almost every compiler is the intended
|
||||
behavior, so this is unlikely to be exploitable anywhere. #3197
|
4
ChangeLog.d/unified-exit-in-examples.txt
Normal file
4
ChangeLog.d/unified-exit-in-examples.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Changes
|
||||
* Unify the example programs termination to call mbedtls_exit() instead of
|
||||
using a return command. This has been done to enable customization of the
|
||||
behavior in bare metal environments.
|
4
Makefile
4
Makefile
|
@ -139,8 +139,10 @@ endif
|
|||
|
||||
## Editor navigation files
|
||||
C_SOURCE_FILES = $(wildcard $(INCLUDE_DIR)/*/*.h $(LIBRARY_DIR)/*.[hc] $(PROGRAMS_DIR)/*/*.[hc] $(TESTS_DIR)/suites/*.function)
|
||||
# Exuberant-ctags invocation. Other ctags implementations may require different options.
|
||||
CTAGS = ctags --langmap=c:+.h.function -o
|
||||
tags: $(C_SOURCE_FILES)
|
||||
ctags -o $@ $(C_SOURCE_FILES)
|
||||
$(CTAGS) $@ $(C_SOURCE_FILES)
|
||||
TAGS: $(C_SOURCE_FILES)
|
||||
etags -o $@ $(C_SOURCE_FILES)
|
||||
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
|
||||
|
|
23
README.md
23
README.md
|
@ -1,6 +1,8 @@
|
|||
README for Mbed TLS
|
||||
===================
|
||||
|
||||
Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
|
@ -167,21 +169,12 @@ Mbed TLS can be ported to many different architectures, OS's and platforms. Befo
|
|||
- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
|
||||
- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See [here](./apache-2.0.txt) for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
|
||||
|
||||
Contributing
|
||||
------------
|
||||
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
|
||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
|
||||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||
|
||||
To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||
|
||||
### Making a Contribution
|
||||
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
|
||||
2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
3. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
|
||||
|
||||
We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this.
|
||||
|
|
37
dco.txt
Normal file
37
dco.txt
Normal file
|
@ -0,0 +1,37 @@
|
|||
Developer Certificate of Origin
|
||||
Version 1.1
|
||||
|
||||
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
|
||||
1 Letterman Drive
|
||||
Suite D4700
|
||||
San Francisco, CA, 94129
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this
|
||||
license document, but changing it is not allowed.
|
||||
|
||||
|
||||
Developer's Certificate of Origin 1.1
|
||||
|
||||
By making a contribution to this project, I certify that:
|
||||
|
||||
(a) The contribution was created in whole or in part by me and I
|
||||
have the right to submit it under the open source license
|
||||
indicated in the file; or
|
||||
|
||||
(b) The contribution is based upon previous work that, to the best
|
||||
of my knowledge, is covered under an appropriate open source
|
||||
license and I have the right under that license to submit that
|
||||
work with modifications, whether created in whole or in part
|
||||
by me, under the same open source license (unless I am
|
||||
permitted to submit under a different license), as indicated
|
||||
in the file; or
|
||||
|
||||
(c) The contribution was provided directly to me by some other
|
||||
person who certified (a), (b) or (c) and I have not modified
|
||||
it.
|
||||
|
||||
(d) I understand and agree that this project and the contribution
|
||||
are public and that a record of the contribution (including all
|
||||
personal information I submit with it, including my sign-off) is
|
||||
maintained indefinitely and may be redistributed consistent with
|
||||
this project or the open source license(s) involved.
|
|
@ -24,7 +24,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.16.4 source code documentation
|
||||
* @mainpage mbed TLS v2.16.6 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.16.4"
|
||||
PROJECT_NAME = "mbed TLS v2.16.6"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
|
|
@ -619,6 +619,23 @@
|
|||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
|
||||
#error "One or more versions of the TLS protocol are enabled " \
|
||||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
@ -931,6 +948,10 @@
|
|||
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
|
||||
#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
|
|
@ -40,16 +40,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 16
|
||||
#define MBEDTLS_VERSION_PATCH 4
|
||||
#define MBEDTLS_VERSION_PATCH 6
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02100400
|
||||
#define MBEDTLS_VERSION_STRING "2.16.4"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.4"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02100600
|
||||
#define MBEDTLS_VERSION_STRING "2.16.6"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.6"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -162,15 +162,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.4 SOVERSION 3)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.6 SOVERSION 3)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.4 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.6 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.4 SOVERSION 12)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.6 SOVERSION 12)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
|
|
@ -1938,6 +1938,20 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
|
|||
|
||||
final_norm:
|
||||
#endif
|
||||
/*
|
||||
* Knowledge of the jacobian coordinates may leak the last few bits of the
|
||||
* scalar [1], and since our MPI implementation isn't constant-flow,
|
||||
* inversion (used for coordinate normalization) may leak the full value
|
||||
* of its input via side-channels [2].
|
||||
*
|
||||
* [1] https://eprint.iacr.org/2003/191
|
||||
* [2] https://eprint.iacr.org/2020/055
|
||||
*
|
||||
* Avoid the leak by randomizing coordinates before we normalize them.
|
||||
*/
|
||||
if( f_rng != 0 )
|
||||
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
|
||||
|
||||
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
|
||||
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
|
||||
|
||||
|
@ -2308,6 +2322,20 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Knowledge of the projective coordinates may leak the last few bits of the
|
||||
* scalar [1], and since our MPI implementation isn't constant-flow,
|
||||
* inversion (used for coordinate normalization) may leak the full value
|
||||
* of its input via side-channels [2].
|
||||
*
|
||||
* [1] https://eprint.iacr.org/2003/191
|
||||
* [2] https://eprint.iacr.org/2020/055
|
||||
*
|
||||
* Avoid the leak by randomizing coordinates before we normalize them.
|
||||
*/
|
||||
if( f_rng != NULL )
|
||||
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
|
||||
|
||||
cleanup:
|
||||
|
|
|
@ -752,6 +752,32 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/*
|
||||
* Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
|
||||
*
|
||||
* The value zero is:
|
||||
* - never a valid value for an RSA parameter
|
||||
* - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
|
||||
*
|
||||
* Since values can't be omitted in PKCS#1, passing a zero value to
|
||||
* rsa_complete() would be incorrect, so reject zero values early.
|
||||
*/
|
||||
static int asn1_get_nonzero_mpi( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_mpi *X )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = mbedtls_asn1_get_mpi( p, end, X );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse a PKCS#1 encoded private RSA key
|
||||
*/
|
||||
|
@ -804,46 +830,36 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||
}
|
||||
|
||||
/* Import N */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
|
||||
NULL, NULL ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import E */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
||||
NULL, 0, p, len ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
|
||||
NULL, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import D */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
||||
p, len, NULL, 0 ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
|
||||
&T, NULL ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import P */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
|
||||
NULL, NULL ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import Q */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
|
||||
NULL, NULL ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
|
||||
/*
|
||||
* The RSA CRT parameters DP, DQ and QP are nominally redundant, in
|
||||
* that they can be easily recomputed from D, P and Q. However by
|
||||
|
@ -856,28 +872,42 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||
*/
|
||||
|
||||
/* Import DP */
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0)
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Import DQ */
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0)
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Import QP */
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0)
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
#else
|
||||
/* Verify existance of the CRT params */
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
#endif
|
||||
|
||||
/* Complete the RSA private key */
|
||||
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
|
||||
/* rsa_complete() doesn't complete anything with the default
|
||||
* implementation but is still called:
|
||||
* - for the benefit of alternative implementation that may want to
|
||||
* pre-compute stuff beyond what's provided (eg Montgomery factors)
|
||||
* - as is also sanity-checks the key
|
||||
*
|
||||
* Furthermore, we also check the public part for consistency with
|
||||
* mbedtls_pk_parse_pubkey(), as it includes size minima for example.
|
||||
*/
|
||||
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
|
|
|
@ -1516,6 +1516,19 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
|
||||
|
||||
/* Check that there is enough room for:
|
||||
* - 2 bytes of version
|
||||
* - 1 byte of cookie_len
|
||||
*/
|
||||
if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "incoming HelloVerifyRequest message is too short" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* ProtocolVersion server_version;
|
||||
|
@ -1546,8 +1559,6 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
cookie_len = *p++;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
|
||||
|
||||
if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
|
@ -1556,6 +1567,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
|
||||
|
||||
mbedtls_free( ssl->handshake->verify_cookie );
|
||||
|
||||
|
|
|
@ -1529,8 +1529,6 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
if( mbedtls_ssl_hw_record_init != NULL )
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
|
||||
|
@ -4084,15 +4082,18 @@ static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
|
|||
/*
|
||||
* Swap transform_out and out_ctr with the alternative ones
|
||||
*/
|
||||
static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_transform *tmp_transform;
|
||||
unsigned char tmp_out_ctr[8];
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
int ret;
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
if( ssl->transform_out == ssl->handshake->alt_transform_out )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
|
||||
return;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
|
||||
|
@ -4119,7 +4120,9 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -4156,7 +4159,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
|
||||
ssl->handshake->cur_msg = ssl->handshake->flight;
|
||||
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
|
||||
ssl_swap_epochs( ssl );
|
||||
if( ( ret = ssl_swap_epochs( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
||||
}
|
||||
|
@ -4179,7 +4183,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
|
||||
ssl_swap_epochs( ssl );
|
||||
if( ( ret = ssl_swap_epochs( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
||||
|
@ -4216,7 +4221,10 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
|
||||
{
|
||||
if( is_finished )
|
||||
ssl_swap_epochs( ssl );
|
||||
{
|
||||
if( ( ret = ssl_swap_epochs( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -5263,16 +5271,22 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
int send_ret;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
|
||||
ssl->out_buf, len );
|
||||
/* Don't check write errors as we can't do anything here.
|
||||
* If the error is permanent we'll catch it later,
|
||||
* if it's not, then hopefully it'll work next time. */
|
||||
(void) mbedtls_ssl_get_send( ssl )( ssl->p_bio, ssl->out_buf, len );
|
||||
send_ret = mbedtls_ssl_get_send( ssl )( ssl->p_bio, ssl->out_buf, len );
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_get_send", send_ret );
|
||||
(void) send_ret;
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/* Got a valid cookie, partially reset context */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
|
||||
if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
|
||||
|
|
|
@ -1297,7 +1297,7 @@ cleanup:
|
|||
mbedtls_x509_crt_free( &clicert );
|
||||
#else
|
||||
((void) verbose);
|
||||
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -850,6 +850,11 @@ static int x509_get_basic_constraints( unsigned char **p,
|
|||
if( *p != end )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
/* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
|
||||
* overflow, which is an undefined behavior. */
|
||||
if( *max_pathlen == INT_MAX )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
|
||||
(*max_pathlen)++;
|
||||
|
||||
return( 0 );
|
||||
|
|
|
@ -76,7 +76,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
|
||||
"and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
|
||||
"not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -477,6 +477,6 @@ exit:
|
|||
mbedtls_aes_free( &aes_ctx );
|
||||
mbedtls_md_free( &sha_ctx );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -78,7 +78,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -97,7 +97,8 @@ int mbedtls_hardware_poll( void *data, unsigned char *output,
|
|||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1, i, n;
|
||||
int ret = 1, i;
|
||||
unsigned n;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
int mode;
|
||||
size_t keylen, ilen, olen;
|
||||
|
@ -574,6 +575,6 @@ exit:
|
|||
mbedtls_cipher_free( &cipher_ctx );
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -215,7 +215,7 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -225,12 +225,12 @@ int main( int argc, char *argv[] )
|
|||
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
@ -249,6 +249,6 @@ int main( int argc, char *argv[] )
|
|||
exit:
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -70,7 +70,7 @@ int main( void )
|
|||
mbedtls_printf( "\n MD5('%s') = ", str );
|
||||
|
||||
if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
|
||||
return( MBEDTLS_EXIT_FAILURE );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
|
||||
for( i = 0; i < 16; i++ )
|
||||
mbedtls_printf( "%02x", digest[i] );
|
||||
|
@ -82,6 +82,6 @@ int main( void )
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( MBEDTLS_EXIT_SUCCESS );
|
||||
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_MD5_C */
|
||||
|
|
|
@ -68,7 +68,7 @@ int main( void )
|
|||
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -319,7 +319,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
|
||||
|
|
|
@ -45,7 +45,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_GENPRIME not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -103,7 +103,7 @@ int main( int argc, char **argv )
|
|||
{
|
||||
usage:
|
||||
mbedtls_printf( USAGE );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
|
@ -209,7 +209,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
|
||||
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
|
||||
|
|
|
@ -68,7 +68,7 @@ int main( void )
|
|||
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -342,7 +342,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
|
||||
|
|
|
@ -45,7 +45,7 @@ int main( void )
|
|||
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
|
||||
"not defined\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -238,7 +238,7 @@ exit:
|
|||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
|
||||
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -66,7 +66,7 @@ int main( void )
|
|||
{
|
||||
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
#if defined(VERBOSE)
|
||||
|
@ -201,7 +201,7 @@ int main( int argc, char *argv[] )
|
|||
sig, &sig_len,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
|
||||
|
@ -260,7 +260,7 @@ exit:
|
|||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
ECPARAMS */
|
||||
|
|
|
@ -133,7 +133,7 @@ int main( void )
|
|||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_PEM_WRITE_C"
|
||||
"not defined.\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -458,7 +458,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
|
||||
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -70,7 +70,7 @@ int main( void )
|
|||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -323,6 +323,6 @@ cleanup:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -449,6 +449,6 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -124,6 +124,6 @@ cleanup:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -56,7 +56,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
|
||||
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -76,7 +76,8 @@ int mbedtls_hardware_poll( void *data, unsigned char *output,
|
|||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1, c;
|
||||
int ret = 1;
|
||||
unsigned c;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i, olen = 0;
|
||||
mbedtls_pk_context pk;
|
||||
|
@ -183,7 +184,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -57,7 +57,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -188,7 +188,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -47,7 +47,7 @@ int main( void )
|
|||
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -197,7 +197,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
|
|
|
@ -45,7 +45,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
|
||||
"MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -160,7 +160,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
|
||||
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -55,7 +55,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -77,7 +77,7 @@ int main( int argc, char *argv[] )
|
|||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
int c;
|
||||
unsigned c;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
|
||||
|
@ -219,6 +219,6 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -55,7 +55,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -196,7 +196,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -60,7 +60,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
|
||||
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -198,7 +198,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
|
||||
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
|
||||
|
|
|
@ -46,7 +46,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -200,7 +200,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
|
||||
MBEDTLS_FS_IO */
|
||||
|
|
|
@ -47,7 +47,7 @@ int main( void )
|
|||
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -187,7 +187,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
|
||||
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
|
|
|
@ -45,7 +45,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -71,7 +71,8 @@ int mbedtls_hardware_poll( void *data, unsigned char *output,
|
|||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1, c;
|
||||
int ret = 1;
|
||||
unsigned c;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
|
@ -173,7 +174,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
|
||||
MBEDTLS_FS_IO */
|
||||
|
|
|
@ -47,7 +47,7 @@ int main( void )
|
|||
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -164,7 +164,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
|
||||
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -75,13 +75,13 @@ int main( int argc, char *argv[] )
|
|||
if( argc < 2 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
mbedtls_entropy_init( &entropy );
|
||||
|
@ -111,6 +111,6 @@ cleanup:
|
|||
fclose( f );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_ENTROPY_C */
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -81,13 +81,13 @@ int main( int argc, char *argv[] )
|
|||
if( argc < 2 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
mbedtls_entropy_init( &entropy );
|
||||
|
@ -144,6 +144,6 @@ cleanup:
|
|||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -65,13 +65,13 @@ int main( int argc, char *argv[] )
|
|||
if( argc < 2 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
mbedtls_havege_init( &hs );
|
||||
|
@ -104,6 +104,6 @@ int main( int argc, char *argv[] )
|
|||
exit:
|
||||
mbedtls_havege_free( &hs );
|
||||
fclose( f );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_HAVEGE_C */
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_exit exit
|
||||
|
@ -48,7 +49,7 @@ int main( void )
|
|||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -409,7 +410,7 @@ exit:
|
|||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
|
||||
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_time_t time_t
|
||||
|
@ -61,7 +62,7 @@ int main( void )
|
|||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C not defined.\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -479,7 +480,7 @@ exit:
|
|||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
|
||||
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
|
||||
|
|
|
@ -60,7 +60,7 @@ int main( void )
|
|||
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
|
||||
"not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -332,6 +332,6 @@ exit:
|
|||
mbedtls_x509_crt_free( &ca );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -52,7 +52,7 @@ int main( void )
|
|||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or"
|
||||
"not defined, and/or MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -363,7 +363,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
|
||||
|
|
|
@ -53,7 +53,7 @@ int main( void )
|
|||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||
"MBEDTLS_NET_C not defined, or "
|
||||
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -131,6 +131,7 @@ int main( void )
|
|||
#define DFL_ETM -1
|
||||
#define DFL_SERIALIZE 0
|
||||
#define DFL_EXTENDED_MS_ENFORCE -1
|
||||
#define DFL_SKIP_CLOSE_NOTIFY 0
|
||||
|
||||
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
||||
#define GET_REQUEST_END "\r\n\r\n"
|
||||
|
@ -335,7 +336,9 @@ int main( void )
|
|||
#define USAGE_FORCE_VERSION ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
* length limit: 4095 bytes in C99. */
|
||||
#define USAGE1 \
|
||||
"\n usage: ssl_client2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" server_name=%%s default: localhost\n" \
|
||||
|
@ -355,17 +358,22 @@ int main( void )
|
|||
" options: 1 (level-triggered, implies nbio=1),\n" \
|
||||
USAGE_READ_TIMEOUT \
|
||||
" max_resend=%%d default: 0 (no resend on timeout)\n" \
|
||||
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
|
||||
"\n" \
|
||||
USAGE_DTLS \
|
||||
USAGE_CID \
|
||||
"\n" \
|
||||
"\n"
|
||||
|
||||
#define USAGE2 \
|
||||
USAGE_AUTH_MODE \
|
||||
USAGE_IO \
|
||||
"\n" \
|
||||
USAGE_PSK \
|
||||
USAGE_ECJPAKE \
|
||||
USAGE_ECRESTART \
|
||||
"\n" \
|
||||
"\n"
|
||||
|
||||
#define USAGE3 \
|
||||
USAGE_ALLOW_LEGACY_RENEGO \
|
||||
USAGE_RENEGO \
|
||||
" exchanges=%%d default: 1\n" \
|
||||
|
@ -385,7 +393,8 @@ int main( void )
|
|||
USAGE_CURVES \
|
||||
USAGE_RECSPLIT \
|
||||
USAGE_DHMLEN \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
USAGE_MIN_VERSION \
|
||||
|
@ -466,6 +475,7 @@ struct options
|
|||
int serialize; /* serialize/deserialize connection */
|
||||
const char *cid_val_renego; /* the CID to use for incoming messages
|
||||
* after renegotiation */
|
||||
int skip_close_notify; /* skip sending the close_notify alert */
|
||||
} opt;
|
||||
|
||||
int query_config( const char *config );
|
||||
|
@ -1060,7 +1070,10 @@ int main( int argc, char *argv[] )
|
|||
if( ret == 0 )
|
||||
ret = 1;
|
||||
|
||||
mbedtls_printf( USAGE );
|
||||
mbedtls_printf( USAGE1 );
|
||||
mbedtls_printf( USAGE2 );
|
||||
mbedtls_printf( USAGE3 );
|
||||
mbedtls_printf( USAGE4 );
|
||||
|
||||
list = mbedtls_ssl_list_ciphersuites();
|
||||
while( *list )
|
||||
|
@ -1129,6 +1142,7 @@ int main( int argc, char *argv[] )
|
|||
opt.etm = DFL_ETM;
|
||||
opt.dgram_packing = DFL_DGRAM_PACKING;
|
||||
opt.serialize = DFL_SERIALIZE;
|
||||
opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
|
@ -1523,7 +1537,13 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "query_config" ) == 0 )
|
||||
{
|
||||
return query_config( q );
|
||||
mbedtls_exit( query_config( q ) );
|
||||
}
|
||||
else if( strcmp( p, "skip_close_notify" ) == 0 )
|
||||
{
|
||||
opt.skip_close_notify = atoi( q );
|
||||
if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "serialize") == 0 )
|
||||
{
|
||||
|
@ -2892,10 +2912,25 @@ close_notify:
|
|||
mbedtls_printf( " . Closing the connection..." );
|
||||
fflush( stdout );
|
||||
|
||||
/*
|
||||
* Most of the time sending a close_notify before closing is the right
|
||||
* thing to do. However, when the server already knows how many messages
|
||||
* are expected and closes the connection by itself, this alert becomes
|
||||
* redundant. Sometimes with DTLS this redundancy becomes a problem by
|
||||
* leading to a race condition where the server might close the connection
|
||||
* before seeing the alert, and since UDP is connection-less when the
|
||||
* alert arrives it will be seen as a new connection, which will fail as
|
||||
* the alert is clearly not a valid ClientHello. This may cause spurious
|
||||
* failures in tests that use DTLS and resumption with ssl_server2 in
|
||||
* ssl-opt.sh, avoided by enabling skip_close_notify client-side.
|
||||
*/
|
||||
if( opt.skip_close_notify == 0 )
|
||||
{
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
mbedtls_printf( " done\n" );
|
||||
|
||||
|
@ -3049,7 +3084,7 @@ exit:
|
|||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
|
||||
|
|
|
@ -56,14 +56,14 @@ int main( int argc, char *argv[] )
|
|||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
|
||||
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#elif defined(_WIN32)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
|
||||
"to work correctly.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -461,7 +461,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
|
||||
|
|
|
@ -56,7 +56,7 @@ int main( void )
|
|||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"not defined, and/or MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -906,7 +906,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
|
||||
|
|
|
@ -55,7 +55,7 @@ int main( void )
|
|||
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
|
||||
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -553,7 +553,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
|
|
|
@ -53,7 +53,7 @@ int main( void )
|
|||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
|
||||
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -441,7 +441,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
|
||||
|
|
|
@ -52,7 +52,7 @@ int main( void )
|
|||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C not defined, or "
|
||||
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -451,7 +451,9 @@ int main( void )
|
|||
#define USAGE_FORCE_VERSION ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
* length limit: 4095 bytes in C99. */
|
||||
#define USAGE1 \
|
||||
"\n usage: ssl_server2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" server_addr=%%s default: (all interfaces)\n" \
|
||||
|
@ -472,7 +474,8 @@ int main( void )
|
|||
USAGE_COOKIES \
|
||||
USAGE_ANTI_REPLAY \
|
||||
USAGE_BADMAC_LIMIT \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE2 \
|
||||
USAGE_AUTH_MODE \
|
||||
USAGE_CERT_REQ_CA_LIST \
|
||||
USAGE_IO \
|
||||
|
@ -481,7 +484,8 @@ int main( void )
|
|||
"\n" \
|
||||
USAGE_PSK \
|
||||
USAGE_ECJPAKE \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE3 \
|
||||
USAGE_ALLOW_LEGACY_RENEGO \
|
||||
USAGE_RENEGO \
|
||||
" exchanges=%%d default: 1\n" \
|
||||
|
@ -494,7 +498,8 @@ int main( void )
|
|||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
USAGE_CURVES \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
USAGE_MIN_VERSION \
|
||||
|
@ -1650,7 +1655,10 @@ int main( int argc, char *argv[] )
|
|||
if( ret == 0 )
|
||||
ret = 1;
|
||||
|
||||
mbedtls_printf( USAGE );
|
||||
mbedtls_printf( USAGE1 );
|
||||
mbedtls_printf( USAGE2 );
|
||||
mbedtls_printf( USAGE3 );
|
||||
mbedtls_printf( USAGE4 );
|
||||
|
||||
list = mbedtls_ssl_list_ciphersuites();
|
||||
while( *list )
|
||||
|
@ -2166,7 +2174,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "query_config" ) == 0 )
|
||||
{
|
||||
return query_config( q );
|
||||
mbedtls_exit( query_config( q ) );
|
||||
}
|
||||
else if( strcmp( p, "serialize") == 0 )
|
||||
{
|
||||
|
@ -4053,7 +4061,7 @@ exit:
|
|||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
mbedtls_exit( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -155,6 +155,16 @@ do { \
|
|||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
|
||||
|
||||
/* How much space to reserve for the title when printing heap usage results.
|
||||
* Updated manually as the output of the following command:
|
||||
*
|
||||
* sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
|
||||
* awk '{print length+2}' | sort -rn | head -n1
|
||||
*
|
||||
* This computes the maximum length of a title +2 (because we appends "/s").
|
||||
* (If the value is too small, the only consequence is poor alignement.) */
|
||||
#define TITLE_SPACE 11
|
||||
|
||||
#define MEMORY_MEASURE_INIT \
|
||||
size_t max_used, max_blocks, max_bytes; \
|
||||
size_t prv_used, prv_blocks; \
|
||||
|
@ -163,7 +173,8 @@ do { \
|
|||
|
||||
#define MEMORY_MEASURE_PRINT( title_len ) \
|
||||
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
|
||||
for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
|
||||
ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
|
||||
while( ii-- ) mbedtls_printf( " " ); \
|
||||
max_used -= prv_used; \
|
||||
max_blocks -= prv_blocks; \
|
||||
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
|
||||
|
@ -1018,7 +1029,7 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_TIMING_C */
|
||||
|
|
|
@ -513,7 +513,5 @@ int main( int argc, char *argv[] )
|
|||
if( suites_failed > 0)
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
|
||||
/* return() is here to prevent compiler warnings */
|
||||
return( MBEDTLS_EXIT_SUCCESS );
|
||||
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
|
||||
}
|
||||
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
#define mbedtls_printf printf
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -50,7 +51,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -146,6 +147,7 @@ int mbedtls_hardware_poll( void *data, unsigned char *output,
|
|||
" modifying CID in first instance of the packet.\n" \
|
||||
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
|
||||
" protect_len=%%d default: (don't protect packets of this size)\n" \
|
||||
" inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
|
||||
"\n" \
|
||||
" seed=%%d default: (use current time)\n" \
|
||||
USAGE_PACK \
|
||||
|
@ -179,6 +181,7 @@ static struct options
|
|||
unsigned bad_cid; /* inject corrupted CID record */
|
||||
int protect_hvr; /* never drop or delay HelloVerifyRequest */
|
||||
int protect_len; /* never drop/delay packet of the given size*/
|
||||
int inject_clihlo; /* inject fake ClientHello after handshake */
|
||||
unsigned pack; /* merge packets into single datagram for
|
||||
* at most \c merge milliseconds if > 0 */
|
||||
unsigned int seed; /* seed for "random" events */
|
||||
|
@ -327,6 +330,12 @@ static void get_options( int argc, char *argv[] )
|
|||
if( opt.protect_len < 0 )
|
||||
exit_usage( p, q );
|
||||
}
|
||||
else if( strcmp( p, "inject_clihlo" ) == 0 )
|
||||
{
|
||||
opt.inject_clihlo = atoi( q );
|
||||
if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
|
||||
exit_usage( p, q );
|
||||
}
|
||||
else if( strcmp( p, "seed" ) == 0 )
|
||||
{
|
||||
opt.seed = atoi( q );
|
||||
|
@ -536,11 +545,41 @@ void print_packet( const packet *p, const char *why )
|
|||
fflush( stdout );
|
||||
}
|
||||
|
||||
/*
|
||||
* In order to test the server's behaviour when receiving a ClientHello after
|
||||
* the connection is established (this could be a hard reset from the client,
|
||||
* but the server must not drop the existing connection before establishing
|
||||
* client reachability, see RFC 6347 Section 4.2.8), we memorize the first
|
||||
* ClientHello we see (which can't have a cookie), then replay it after the
|
||||
* first ApplicationData record - then we're done.
|
||||
*
|
||||
* This is controlled by the inject_clihlo option.
|
||||
*
|
||||
* We want an explicit state and a place to store the packet.
|
||||
*/
|
||||
typedef enum {
|
||||
ICH_INIT, /* haven't seen the first ClientHello yet */
|
||||
ICH_CACHED, /* cached the initial ClientHello */
|
||||
ICH_INJECTED, /* ClientHello already injected, done */
|
||||
} inject_clihlo_state_t;
|
||||
|
||||
static inject_clihlo_state_t inject_clihlo_state;
|
||||
static packet initial_clihlo;
|
||||
|
||||
int send_packet( const packet *p, const char *why )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_net_context *dst = p->dst;
|
||||
|
||||
/* save initial ClientHello? */
|
||||
if( opt.inject_clihlo != 0 &&
|
||||
inject_clihlo_state == ICH_INIT &&
|
||||
strcmp( p->type, "ClientHello" ) == 0 )
|
||||
{
|
||||
memcpy( &initial_clihlo, p, sizeof( packet ) );
|
||||
inject_clihlo_state = ICH_CACHED;
|
||||
}
|
||||
|
||||
/* insert corrupted CID record? */
|
||||
if( opt.bad_cid != 0 &&
|
||||
strcmp( p->type, "CID" ) == 0 &&
|
||||
|
@ -605,6 +644,23 @@ int send_packet( const packet *p, const char *why )
|
|||
}
|
||||
}
|
||||
|
||||
/* Inject ClientHello after first ApplicationData */
|
||||
if( opt.inject_clihlo != 0 &&
|
||||
inject_clihlo_state == ICH_CACHED &&
|
||||
strcmp( p->type, "ApplicationData" ) == 0 )
|
||||
{
|
||||
print_packet( &initial_clihlo, "injected" );
|
||||
|
||||
if( ( ret = dispatch_data( dst, initial_clihlo.buf,
|
||||
initial_clihlo.len ) ) <= 0 )
|
||||
{
|
||||
mbedtls_printf( " ! dispatch returned %d\n", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
inject_clihlo_state = ICH_INJECTED;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -977,7 +1033,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_NET_C */
|
||||
|
|
|
@ -40,8 +40,10 @@
|
|||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif
|
||||
|
@ -72,14 +74,14 @@ int main( int argc, char** argv )
|
|||
{
|
||||
mbedtls_printf( "This program takes exactly 1 agument\n" );
|
||||
usage();
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
fp = fopen( argv[1], "r" );
|
||||
if( fp == NULL )
|
||||
{
|
||||
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
|
||||
|
@ -97,7 +99,7 @@ int main( int argc, char** argv )
|
|||
fclose( fp );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -290,6 +290,6 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -29,7 +29,9 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
|
||||
|
@ -48,7 +50,7 @@
|
|||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
int main( int argc, char *argv[] )
|
||||
|
@ -59,7 +61,7 @@ int main( int argc, char *argv[] )
|
|||
if( argc != 2 )
|
||||
{
|
||||
mbedtls_printf( USAGE );
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
|
||||
val = strtol( argv[1], &end, 10 );
|
||||
|
@ -87,6 +89,6 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( val );
|
||||
mbedtls_exit( val );
|
||||
}
|
||||
#endif /* MBEDTLS_ERROR_C */
|
||||
|
|
|
@ -51,7 +51,7 @@ int main( void )
|
|||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_X509_REMOVE_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -559,7 +559,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
|
||||
|
|
|
@ -46,7 +46,7 @@ int main( void )
|
|||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
|
||||
"not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -457,7 +457,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
|
||||
|
|
|
@ -47,7 +47,7 @@ int main( void )
|
|||
"MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_ERROR_C not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -849,7 +849,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
|
||||
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
|
|
|
@ -44,7 +44,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_X509_REMOVE_INFO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -162,7 +162,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
|
||||
MBEDTLS_FS_IO */
|
||||
|
|
|
@ -44,7 +44,7 @@ int main( void )
|
|||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_X509_REMOVE_INFO not defined.\n");
|
||||
return( 0 );
|
||||
mbedtls_exit( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
|
@ -162,7 +162,7 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( exit_code );
|
||||
mbedtls_exit( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
|
||||
MBEDTLS_FS_IO */
|
||||
|
|
|
@ -29,7 +29,7 @@ from types import SimpleNamespace
|
|||
import xml.etree.ElementTree as ET
|
||||
|
||||
|
||||
class AbiChecker(object):
|
||||
class AbiChecker:
|
||||
"""API and ABI checker."""
|
||||
|
||||
def __init__(self, old_version, new_version, configuration):
|
||||
|
|
505
scripts/assemble_changelog.py
Executable file
505
scripts/assemble_changelog.py
Executable file
|
@ -0,0 +1,505 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
"""Assemble Mbed TLS change log entries into the change log file.
|
||||
|
||||
Add changelog entries to the first level-2 section.
|
||||
Create a new level-2 section for unreleased changes if needed.
|
||||
Remove the input files unless --keep-entries is specified.
|
||||
|
||||
In each level-3 section, entries are sorted in chronological order
|
||||
(oldest first). From oldest to newest:
|
||||
* Merged entry files are sorted according to their merge date (date of
|
||||
the merge commit that brought the commit that created the file into
|
||||
the target branch).
|
||||
* Committed but unmerged entry files are sorted according to the date
|
||||
of the commit that adds them.
|
||||
* Uncommitted entry files are sorted according to their modification time.
|
||||
|
||||
You must run this program from within a git working directory.
|
||||
"""
|
||||
|
||||
# Copyright (C) 2019, Arm Limited, All Rights Reserved
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
|
||||
import argparse
|
||||
from collections import OrderedDict, namedtuple
|
||||
import datetime
|
||||
import functools
|
||||
import glob
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
class InputFormatError(Exception):
|
||||
def __init__(self, filename, line_number, message, *args, **kwargs):
|
||||
message = '{}:{}: {}'.format(filename, line_number,
|
||||
message.format(*args, **kwargs))
|
||||
super().__init__(message)
|
||||
|
||||
class CategoryParseError(Exception):
|
||||
def __init__(self, line_offset, error_message):
|
||||
self.line_offset = line_offset
|
||||
self.error_message = error_message
|
||||
super().__init__('{}: {}'.format(line_offset, error_message))
|
||||
|
||||
class LostContent(Exception):
|
||||
def __init__(self, filename, line):
|
||||
message = ('Lost content from {}: "{}"'.format(filename, line))
|
||||
super().__init__(message)
|
||||
|
||||
# The category names we use in the changelog.
|
||||
# If you edit this, update ChangeLog.d/README.md.
|
||||
STANDARD_CATEGORIES = (
|
||||
b'API changes',
|
||||
b'Default behavior changes',
|
||||
b'Requirement changes',
|
||||
b'New deprecations',
|
||||
b'Removals',
|
||||
b'Features',
|
||||
b'Security',
|
||||
b'Bugfix',
|
||||
b'Changes',
|
||||
)
|
||||
|
||||
CategoryContent = namedtuple('CategoryContent', [
|
||||
'name', 'title_line', # Title text and line number of the title
|
||||
'body', 'body_line', # Body text and starting line number of the body
|
||||
])
|
||||
|
||||
class ChangelogFormat:
|
||||
"""Virtual class documenting how to write a changelog format class."""
|
||||
|
||||
@classmethod
|
||||
def extract_top_version(cls, changelog_file_content):
|
||||
"""Split out the top version section.
|
||||
|
||||
If the top version is already released, create a new top
|
||||
version section for an unreleased version.
|
||||
|
||||
Return ``(header, top_version_title, top_version_body, trailer)``
|
||||
where the "top version" is the existing top version section if it's
|
||||
for unreleased changes, and a newly created section otherwise.
|
||||
To assemble the changelog after modifying top_version_body,
|
||||
concatenate the four pieces.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def version_title_text(cls, version_title):
|
||||
"""Return the text of a formatted version section title."""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def split_categories(cls, version_body):
|
||||
"""Split a changelog version section body into categories.
|
||||
|
||||
Return a list of `CategoryContent` the name is category title
|
||||
without any formatting.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
@classmethod
|
||||
def format_category(cls, title, body):
|
||||
"""Construct the text of a category section from its title and body."""
|
||||
raise NotImplementedError
|
||||
|
||||
class TextChangelogFormat(ChangelogFormat):
|
||||
"""The traditional Mbed TLS changelog format."""
|
||||
|
||||
_unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
|
||||
@classmethod
|
||||
def is_released_version(cls, title):
|
||||
# Look for an incomplete release date
|
||||
return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
|
||||
|
||||
_top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
|
||||
re.DOTALL)
|
||||
@classmethod
|
||||
def extract_top_version(cls, changelog_file_content):
|
||||
"""A version section starts with a line starting with '='."""
|
||||
m = re.search(cls._top_version_re, changelog_file_content)
|
||||
top_version_start = m.start(1)
|
||||
top_version_end = m.end(2)
|
||||
top_version_title = m.group(1)
|
||||
top_version_body = m.group(2)
|
||||
if cls.is_released_version(top_version_title):
|
||||
top_version_end = top_version_start
|
||||
top_version_title = cls._unreleased_version_text + b'\n\n'
|
||||
top_version_body = b''
|
||||
return (changelog_file_content[:top_version_start],
|
||||
top_version_title, top_version_body,
|
||||
changelog_file_content[top_version_end:])
|
||||
|
||||
@classmethod
|
||||
def version_title_text(cls, version_title):
|
||||
return re.sub(br'\n.*', version_title, re.DOTALL)
|
||||
|
||||
_category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
|
||||
@classmethod
|
||||
def split_categories(cls, version_body):
|
||||
"""A category title is a line with the title in column 0."""
|
||||
if not version_body:
|
||||
return []
|
||||
title_matches = list(re.finditer(cls._category_title_re, version_body))
|
||||
if not title_matches or title_matches[0].start() != 0:
|
||||
# There is junk before the first category.
|
||||
raise CategoryParseError(0, 'Junk found where category expected')
|
||||
title_starts = [m.start(1) for m in title_matches]
|
||||
body_starts = [m.end(0) for m in title_matches]
|
||||
body_ends = title_starts[1:] + [len(version_body)]
|
||||
bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
|
||||
for (body_start, body_end) in zip(body_starts, body_ends)]
|
||||
title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
|
||||
body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
|
||||
return [CategoryContent(title_match.group(1), title_line,
|
||||
body, body_line)
|
||||
for title_match, title_line, body, body_line
|
||||
in zip(title_matches, title_lines, bodies, body_lines)]
|
||||
|
||||
@classmethod
|
||||
def format_category(cls, title, body):
|
||||
# `split_categories` ensures that each body ends with a newline.
|
||||
# Make sure that there is additionally a blank line between categories.
|
||||
if not body.endswith(b'\n\n'):
|
||||
body += b'\n'
|
||||
return title + b'\n' + body
|
||||
|
||||
class ChangeLog:
|
||||
"""An Mbed TLS changelog.
|
||||
|
||||
A changelog file consists of some header text followed by one or
|
||||
more version sections. The version sections are in reverse
|
||||
chronological order. Each version section consists of a title and a body.
|
||||
|
||||
The body of a version section consists of zero or more category
|
||||
subsections. Each category subsection consists of a title and a body.
|
||||
|
||||
A changelog entry file has the same format as the body of a version section.
|
||||
|
||||
A `ChangelogFormat` object defines the concrete syntax of the changelog.
|
||||
Entry files must have the same format as the changelog file.
|
||||
"""
|
||||
|
||||
# Only accept dotted version numbers (e.g. "3.1", not "3").
|
||||
# Refuse ".x" in a version number where x is a letter: this indicates
|
||||
# a version that is not yet released. Something like "3.1a" is accepted.
|
||||
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
|
||||
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
|
||||
|
||||
def add_categories_from_text(self, filename, line_offset,
|
||||
text, allow_unknown_category):
|
||||
"""Parse a version section or entry file."""
|
||||
try:
|
||||
categories = self.format.split_categories(text)
|
||||
except CategoryParseError as e:
|
||||
raise InputFormatError(filename, line_offset + e.line_offset,
|
||||
e.error_message)
|
||||
for category in categories:
|
||||
if not allow_unknown_category and \
|
||||
category.name not in self.categories:
|
||||
raise InputFormatError(filename,
|
||||
line_offset + category.title_line,
|
||||
'Unknown category: "{}"',
|
||||
category.name.decode('utf8'))
|
||||
self.categories[category.name] += category.body
|
||||
|
||||
def __init__(self, input_stream, changelog_format):
|
||||
"""Create a changelog object.
|
||||
|
||||
Populate the changelog object from the content of the file
|
||||
input_stream.
|
||||
"""
|
||||
self.format = changelog_format
|
||||
whole_file = input_stream.read()
|
||||
(self.header,
|
||||
self.top_version_title, top_version_body,
|
||||
self.trailer) = self.format.extract_top_version(whole_file)
|
||||
# Split the top version section into categories.
|
||||
self.categories = OrderedDict()
|
||||
for category in STANDARD_CATEGORIES:
|
||||
self.categories[category] = b''
|
||||
offset = (self.header + self.top_version_title).count(b'\n') + 1
|
||||
self.add_categories_from_text(input_stream.name, offset,
|
||||
top_version_body, True)
|
||||
|
||||
def add_file(self, input_stream):
|
||||
"""Add changelog entries from a file.
|
||||
"""
|
||||
self.add_categories_from_text(input_stream.name, 1,
|
||||
input_stream.read(), False)
|
||||
|
||||
def write(self, filename):
|
||||
"""Write the changelog to the specified file.
|
||||
"""
|
||||
with open(filename, 'wb') as out:
|
||||
out.write(self.header)
|
||||
out.write(self.top_version_title)
|
||||
for title, body in self.categories.items():
|
||||
if not body:
|
||||
continue
|
||||
out.write(self.format.format_category(title, body))
|
||||
out.write(self.trailer)
|
||||
|
||||
|
||||
@functools.total_ordering
|
||||
class EntryFileSortKey:
|
||||
"""This classes defines an ordering on changelog entry files: older < newer.
|
||||
|
||||
* Merged entry files are sorted according to their merge date (date of
|
||||
the merge commit that brought the commit that created the file into
|
||||
the target branch).
|
||||
* Committed but unmerged entry files are sorted according to the date
|
||||
of the commit that adds them.
|
||||
* Uncommitted entry files are sorted according to their modification time.
|
||||
|
||||
This class assumes that the file is in a git working directory with
|
||||
the target branch checked out.
|
||||
"""
|
||||
|
||||
# Categories of files. A lower number is considered older.
|
||||
MERGED = 0
|
||||
COMMITTED = 1
|
||||
LOCAL = 2
|
||||
|
||||
@staticmethod
|
||||
def creation_hash(filename):
|
||||
"""Return the git commit id at which the given file was created.
|
||||
|
||||
Return None if the file was never checked into git.
|
||||
"""
|
||||
hashes = subprocess.check_output(['git', 'log', '--format=%H',
|
||||
'--follow',
|
||||
'--', filename])
|
||||
m = re.search(b'(.+)$', hashes)
|
||||
if not m:
|
||||
# The git output is empty. This means that the file was
|
||||
# never checked in.
|
||||
return None
|
||||
# The last commit in the log is the oldest one, which is when the
|
||||
# file was created.
|
||||
return m.group(0)
|
||||
|
||||
@staticmethod
|
||||
def list_merges(some_hash, target, *options):
|
||||
"""List merge commits from some_hash to target.
|
||||
|
||||
Pass options to git to select which commits are included.
|
||||
"""
|
||||
text = subprocess.check_output(['git', 'rev-list',
|
||||
'--merges', *options,
|
||||
b'..'.join([some_hash, target])])
|
||||
return text.rstrip(b'\n').split(b'\n')
|
||||
|
||||
@classmethod
|
||||
def merge_hash(cls, some_hash):
|
||||
"""Return the git commit id at which the given commit was merged.
|
||||
|
||||
Return None if the given commit was never merged.
|
||||
"""
|
||||
target = b'HEAD'
|
||||
# List the merges from some_hash to the target in two ways.
|
||||
# The ancestry list is the ones that are both descendants of
|
||||
# some_hash and ancestors of the target.
|
||||
ancestry = frozenset(cls.list_merges(some_hash, target,
|
||||
'--ancestry-path'))
|
||||
# The first_parents list only contains merges that are directly
|
||||
# on the target branch. We want it in reverse order (oldest first).
|
||||
first_parents = cls.list_merges(some_hash, target,
|
||||
'--first-parent', '--reverse')
|
||||
# Look for the oldest merge commit that's both on the direct path
|
||||
# and directly on the target branch. That's the place where some_hash
|
||||
# was merged on the target branch. See
|
||||
# https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
|
||||
for commit in first_parents:
|
||||
if commit in ancestry:
|
||||
return commit
|
||||
return None
|
||||
|
||||
@staticmethod
|
||||
def commit_timestamp(commit_id):
|
||||
"""Return the timestamp of the given commit."""
|
||||
text = subprocess.check_output(['git', 'show', '-s',
|
||||
'--format=%ct',
|
||||
commit_id])
|
||||
return datetime.datetime.utcfromtimestamp(int(text))
|
||||
|
||||
@staticmethod
|
||||
def file_timestamp(filename):
|
||||
"""Return the modification timestamp of the given file."""
|
||||
mtime = os.stat(filename).st_mtime
|
||||
return datetime.datetime.fromtimestamp(mtime)
|
||||
|
||||
def __init__(self, filename):
|
||||
"""Determine position of the file in the changelog entry order.
|
||||
|
||||
This constructor returns an object that can be used with comparison
|
||||
operators, with `sort` and `sorted`, etc. Older entries are sorted
|
||||
before newer entries.
|
||||
"""
|
||||
self.filename = filename
|
||||
creation_hash = self.creation_hash(filename)
|
||||
if not creation_hash:
|
||||
self.category = self.LOCAL
|
||||
self.datetime = self.file_timestamp(filename)
|
||||
return
|
||||
merge_hash = self.merge_hash(creation_hash)
|
||||
if not merge_hash:
|
||||
self.category = self.COMMITTED
|
||||
self.datetime = self.commit_timestamp(creation_hash)
|
||||
return
|
||||
self.category = self.MERGED
|
||||
self.datetime = self.commit_timestamp(merge_hash)
|
||||
|
||||
def sort_key(self):
|
||||
""""Return a concrete sort key for this entry file sort key object.
|
||||
|
||||
``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
|
||||
"""
|
||||
return (self.category, self.datetime, self.filename)
|
||||
|
||||
def __eq__(self, other):
|
||||
return self.sort_key() == other.sort_key()
|
||||
|
||||
def __lt__(self, other):
|
||||
return self.sort_key() < other.sort_key()
|
||||
|
||||
|
||||
def check_output(generated_output_file, main_input_file, merged_files):
|
||||
"""Make sanity checks on the generated output.
|
||||
|
||||
The intent of these sanity checks is to have reasonable confidence
|
||||
that no content has been lost.
|
||||
|
||||
The sanity check is that every line that is present in an input file
|
||||
is also present in an output file. This is not perfect but good enough
|
||||
for now.
|
||||
"""
|
||||
generated_output = set(open(generated_output_file, 'rb'))
|
||||
for line in open(main_input_file, 'rb'):
|
||||
if line not in generated_output:
|
||||
raise LostContent('original file', line)
|
||||
for merged_file in merged_files:
|
||||
for line in open(merged_file, 'rb'):
|
||||
if line not in generated_output:
|
||||
raise LostContent(merged_file, line)
|
||||
|
||||
def finish_output(changelog, output_file, input_file, merged_files):
|
||||
"""Write the changelog to the output file.
|
||||
|
||||
The input file and the list of merged files are used only for sanity
|
||||
checks on the output.
|
||||
"""
|
||||
if os.path.exists(output_file) and not os.path.isfile(output_file):
|
||||
# The output is a non-regular file (e.g. pipe). Write to it directly.
|
||||
output_temp = output_file
|
||||
else:
|
||||
# The output is a regular file. Write to a temporary file,
|
||||
# then move it into place atomically.
|
||||
output_temp = output_file + '.tmp'
|
||||
changelog.write(output_temp)
|
||||
check_output(output_temp, input_file, merged_files)
|
||||
if output_temp != output_file:
|
||||
os.rename(output_temp, output_file)
|
||||
|
||||
def remove_merged_entries(files_to_remove):
|
||||
for filename in files_to_remove:
|
||||
os.remove(filename)
|
||||
|
||||
def list_files_to_merge(options):
|
||||
"""List the entry files to merge, oldest first.
|
||||
|
||||
"Oldest" is defined by `EntryFileSortKey`.
|
||||
"""
|
||||
files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
|
||||
files_to_merge.sort(key=EntryFileSortKey)
|
||||
return files_to_merge
|
||||
|
||||
def merge_entries(options):
|
||||
"""Merge changelog entries into the changelog file.
|
||||
|
||||
Read the changelog file from options.input.
|
||||
Read entries to merge from the directory options.dir.
|
||||
Write the new changelog to options.output.
|
||||
Remove the merged entries if options.keep_entries is false.
|
||||
"""
|
||||
with open(options.input, 'rb') as input_file:
|
||||
changelog = ChangeLog(input_file, TextChangelogFormat)
|
||||
files_to_merge = list_files_to_merge(options)
|
||||
if not files_to_merge:
|
||||
sys.stderr.write('There are no pending changelog entries.\n')
|
||||
return
|
||||
for filename in files_to_merge:
|
||||
with open(filename, 'rb') as input_file:
|
||||
changelog.add_file(input_file)
|
||||
finish_output(changelog, options.output, options.input, files_to_merge)
|
||||
if not options.keep_entries:
|
||||
remove_merged_entries(files_to_merge)
|
||||
|
||||
def show_file_timestamps(options):
|
||||
"""List the files to merge and their timestamp.
|
||||
|
||||
This is only intended for debugging purposes.
|
||||
"""
|
||||
files = list_files_to_merge(options)
|
||||
for filename in files:
|
||||
ts = EntryFileSortKey(filename)
|
||||
print(ts.category, ts.datetime, filename)
|
||||
|
||||
def set_defaults(options):
|
||||
"""Add default values for missing options."""
|
||||
output_file = getattr(options, 'output', None)
|
||||
if output_file is None:
|
||||
options.output = options.input
|
||||
if getattr(options, 'keep_entries', None) is None:
|
||||
options.keep_entries = (output_file is not None)
|
||||
|
||||
def main():
|
||||
"""Command line entry point."""
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument('--dir', '-d', metavar='DIR',
|
||||
default='ChangeLog.d',
|
||||
help='Directory to read entries from'
|
||||
' (default: ChangeLog.d)')
|
||||
parser.add_argument('--input', '-i', metavar='FILE',
|
||||
default='ChangeLog',
|
||||
help='Existing changelog file to read from and augment'
|
||||
' (default: ChangeLog)')
|
||||
parser.add_argument('--keep-entries',
|
||||
action='store_true', dest='keep_entries', default=None,
|
||||
help='Keep the files containing entries'
|
||||
' (default: remove them if --output/-o is not specified)')
|
||||
parser.add_argument('--no-keep-entries',
|
||||
action='store_false', dest='keep_entries',
|
||||
help='Remove the files containing entries after they are merged'
|
||||
' (default: remove them if --output/-o is not specified)')
|
||||
parser.add_argument('--output', '-o', metavar='FILE',
|
||||
help='Output changelog file'
|
||||
' (default: overwrite the input)')
|
||||
parser.add_argument('--list-files-only',
|
||||
action='store_true',
|
||||
help=('Only list the files that would be processed '
|
||||
'(with some debugging information)'))
|
||||
options = parser.parse_args()
|
||||
set_defaults(options)
|
||||
if options.list_files_only:
|
||||
show_file_timestamps(options)
|
||||
return
|
||||
merge_entries(options)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -21,11 +21,13 @@
|
|||
#
|
||||
# MBEDTLS_TEST_NULL_ENTROPY
|
||||
# MBEDTLS_DEPRECATED_REMOVED
|
||||
# MBEDTLS_DEPRECATED_WARNING
|
||||
# MBEDTLS_HAVE_SSE2
|
||||
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||
# MBEDTLS_ECP_DP_M221_ENABLED
|
||||
# MBEDTLS_ECP_DP_M383_ENABLED
|
||||
# MBEDTLS_ECP_DP_M511_ENABLED
|
||||
# MBEDTLS_MEMORY_DEBUG
|
||||
# MBEDTLS_MEMORY_BACKTRACE
|
||||
# MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
|
@ -34,7 +36,7 @@
|
|||
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
# MBEDTLS_SHA256_NO_SHA224
|
||||
# MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
# MBEDTLS_SSL_PROTO_NO_DTLS
|
||||
# MBEDTLS_SSL_PROTO_NO_TLS
|
||||
# MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
# MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
||||
# MBEDTLS_RSA_NO_CRT
|
||||
|
@ -54,8 +56,13 @@
|
|||
# MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
# MBEDTLS_AES_ONLY_ENCRYPT
|
||||
# MBEDTLS_AES_SCA_COUNTERMEASURES
|
||||
# MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
||||
# and any symbol beginning _ALT
|
||||
#
|
||||
# The baremetal configuration excludes options that require a library or
|
||||
# operating system feature that is typically not present on bare metal
|
||||
# systems. Features that are excluded from "full" won't be in "baremetal"
|
||||
# either.
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
@ -98,9 +105,9 @@ EOU
|
|||
my @excluded = qw(
|
||||
MBEDTLS_TEST_NULL_ENTROPY
|
||||
MBEDTLS_DEPRECATED_REMOVED
|
||||
MBEDTLS_DEPRECATED_WARNING
|
||||
MBEDTLS_HAVE_SSE2
|
||||
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
||||
MBEDTLS_ECP_DP_M221_ENABLED
|
||||
MBEDTLS_ECP_DP_M383_ENABLED
|
||||
MBEDTLS_ECP_DP_M511_ENABLED
|
||||
|
@ -109,7 +116,6 @@ MBEDTLS_MEMORY_BACKTRACE
|
|||
MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
MBEDTLS_RSA_NO_CRT
|
||||
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
MBEDTLS_SHA256_NO_SHA224
|
||||
|
@ -117,6 +123,7 @@ MBEDTLS_SSL_HW_RECORD_ACCEL
|
|||
MBEDTLS_SSL_PROTO_NO_TLS
|
||||
MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
||||
MBEDTLS_RSA_NO_CRT
|
||||
MBEDTLS_USE_TINYCRYPT
|
||||
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
|
@ -129,34 +136,38 @@ MBEDTLS_ZLIB_SUPPORT
|
|||
MBEDTLS_PKCS11_C
|
||||
MBEDTLS_NO_UDBL_DIVISION
|
||||
MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
MBEDTLS_USE_TINYCRYPT
|
||||
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
MBEDTLS_AES_ONLY_ENCRYPT
|
||||
MBEDTLS_AES_SCA_COUNTERMEASURES
|
||||
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
||||
_ALT\s*$
|
||||
);
|
||||
|
||||
# Things that should be disabled in "baremetal"
|
||||
my @excluded_baremetal = qw(
|
||||
MBEDTLS_NET_C
|
||||
MBEDTLS_TIMING_C
|
||||
MBEDTLS_FS_IO
|
||||
MBEDTLS_ENTROPY_NV_SEED
|
||||
MBEDTLS_FS_IO
|
||||
MBEDTLS_HAVEGE_C
|
||||
MBEDTLS_HAVE_TIME
|
||||
MBEDTLS_HAVE_TIME_DATE
|
||||
MBEDTLS_DEPRECATED_WARNING
|
||||
MBEDTLS_HAVEGE_C
|
||||
MBEDTLS_THREADING_C
|
||||
MBEDTLS_THREADING_PTHREAD
|
||||
MBEDTLS_MEMORY_BACKTRACE
|
||||
MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
MBEDTLS_PLATFORM_TIME_ALT
|
||||
MBEDTLS_NET_C
|
||||
MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
MBEDTLS_PLATFORM_TIME_ALT
|
||||
MBEDTLS_THREADING_C
|
||||
MBEDTLS_THREADING_PTHREAD
|
||||
MBEDTLS_TIMING_C
|
||||
);
|
||||
|
||||
# Things that should be enabled in "full" even if they match @excluded
|
||||
# Things that should be enabled in "full" even if they match @excluded.
|
||||
# Platform ALTs enable global variables that allow configuring the behavior
|
||||
# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT
|
||||
# which requires the application to provide relevant functions like
|
||||
# non-platform ALTs.
|
||||
my @non_excluded = qw(
|
||||
PLATFORM_[A-Z0-9]+_ALT
|
||||
PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT
|
||||
);
|
||||
|
||||
# Things that should be enabled in "baremetal"
|
||||
|
|
|
@ -18,7 +18,8 @@
|
|||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
<SOURCES>
|
||||
<ItemGroup>
|
||||
<SOURCES>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="mbedTLS.vcxproj">
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<PlatformToolset>Windows7.1SDK</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
|
|
|
@ -93,10 +93,10 @@ sub gen_app {
|
|||
$path =~ s!/!\\!g;
|
||||
(my $appname = $path) =~ s/.*\\//;
|
||||
|
||||
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
|
||||
my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
|
||||
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
|
||||
$appname eq "query_compile_time_config" ) {
|
||||
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>\r";
|
||||
$srcs .= "\r\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>";
|
||||
}
|
||||
|
||||
my $content = $template;
|
||||
|
|
|
@ -23,11 +23,15 @@ print_version()
|
|||
shift
|
||||
ARGS="$1"
|
||||
shift
|
||||
FAIL_MSG="$1"
|
||||
VARIANT="$1"
|
||||
shift
|
||||
|
||||
if ! `type "$BIN" > /dev/null 2>&1`; then
|
||||
echo "* $FAIL_MSG"
|
||||
if [ -n "$VARIANT" ]; then
|
||||
VARIANT=" ($VARIANT)"
|
||||
fi
|
||||
|
||||
if ! type "$BIN" > /dev/null 2>&1; then
|
||||
echo " * ${BIN##*/}$VARIANT: Not found."
|
||||
return 0
|
||||
fi
|
||||
|
||||
|
@ -41,81 +45,127 @@ print_version()
|
|||
VERSION_STR=`echo "$VERSION_STR" | $FILTER`
|
||||
done
|
||||
|
||||
echo "* ${BIN##*/}: $BIN: $VERSION_STR"
|
||||
if [ -z "$VERSION_STR" ]; then
|
||||
VERSION_STR="Version could not be determined."
|
||||
fi
|
||||
|
||||
echo " * ${BIN##*/}$VARIANT: ${BIN} : ${VERSION_STR} "
|
||||
}
|
||||
|
||||
echo "** Platform:"
|
||||
echo
|
||||
|
||||
if [ `uname -s` = "Linux" ]; then
|
||||
echo "Linux variant"
|
||||
lsb_release -d -c
|
||||
else
|
||||
echo "Unknown Unix variant"
|
||||
fi
|
||||
|
||||
echo
|
||||
|
||||
print_version "uname" "-a" ""
|
||||
|
||||
echo
|
||||
echo
|
||||
echo "** Tool Versions:"
|
||||
echo
|
||||
|
||||
if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
|
||||
: "${ARMC5_CC:=armcc}"
|
||||
print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2"
|
||||
print_version "$ARMC5_CC" "--vsn" "" "head -n 2"
|
||||
echo
|
||||
|
||||
: "${ARMC6_CC:=armclang}"
|
||||
print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2"
|
||||
print_version "$ARMC6_CC" "--vsn" "" "head -n 2"
|
||||
echo
|
||||
fi
|
||||
|
||||
print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1"
|
||||
print_version "arm-none-eabi-gcc" "--version" "" "head -n 1"
|
||||
echo
|
||||
|
||||
print_version "gcc" "--version" "gcc not found!" "head -n 1"
|
||||
print_version "gcc" "--version" "" "head -n 1"
|
||||
echo
|
||||
|
||||
print_version "clang" "--version" "clang not found" "head -n 2"
|
||||
print_version "clang" "--version" "" "head -n 2"
|
||||
echo
|
||||
|
||||
print_version "ldd" "--version" \
|
||||
"No ldd present: can't determine libc version!" \
|
||||
"head -n 1"
|
||||
print_version "ldd" "--version" "" "head -n 1"
|
||||
echo
|
||||
|
||||
print_version "valgrind" "--version" "valgrind not found!"
|
||||
print_version "valgrind" "--version" ""
|
||||
echo
|
||||
|
||||
print_version "gdb" "--version" "" "head -n 1"
|
||||
echo
|
||||
|
||||
print_version "perl" "--version" "" "head -n 2" "grep ."
|
||||
echo
|
||||
|
||||
print_version "python" "--version" "" "head -n 1"
|
||||
echo
|
||||
|
||||
# Find the installed version of Pylint. Installed as a distro package this can
|
||||
# be pylint3 and as a PEP egg, pylint. In test scripts We prefer pylint over
|
||||
# pylint3
|
||||
if type pylint >/dev/null 2>/dev/null; then
|
||||
print_version "pylint" "--version" "" "sed /^.*config/d" "grep pylint"
|
||||
elif type pylint3 >/dev/null 2>/dev/null; then
|
||||
print_version "pylint3" "--version" "" "sed /^.*config/d" "grep pylint"
|
||||
else
|
||||
echo " * pylint or pylint3: Not found."
|
||||
fi
|
||||
echo
|
||||
|
||||
: ${OPENSSL:=openssl}
|
||||
print_version "$OPENSSL" "version" "openssl not found!"
|
||||
print_version "$OPENSSL" "version" "default"
|
||||
echo
|
||||
|
||||
if [ -n "${OPENSSL_LEGACY+set}" ]; then
|
||||
print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
|
||||
echo
|
||||
print_version "$OPENSSL_LEGACY" "version" "legacy"
|
||||
else
|
||||
echo " * openssl (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
if [ -n "${OPENSSL_NEXT+set}" ]; then
|
||||
print_version "$OPENSSL_NEXT" "version" "openssl next version not found!"
|
||||
echo
|
||||
print_version "$OPENSSL_NEXT" "version" "next"
|
||||
else
|
||||
echo " * openssl (next): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
: ${GNUTLS_CLI:=gnutls-cli}
|
||||
print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
|
||||
print_version "$GNUTLS_CLI" "--version" "default" "head -n 1"
|
||||
echo
|
||||
|
||||
: ${GNUTLS_SERV:=gnutls-serv}
|
||||
print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
|
||||
print_version "$GNUTLS_SERV" "--version" "default" "head -n 1"
|
||||
echo
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_CLI" "--version" \
|
||||
"gnuTLS client legacy version not found!" \
|
||||
"head -n 1"
|
||||
echo
|
||||
fi
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_SERV" "--version" \
|
||||
"gnuTLS server legacy version not found!" \
|
||||
"head -n 1"
|
||||
echo
|
||||
fi
|
||||
|
||||
if `hash dpkg > /dev/null 2>&1`; then
|
||||
echo "* asan:"
|
||||
dpkg -s libasan2 2> /dev/null | grep -i version
|
||||
dpkg -s libasan1 2> /dev/null | grep -i version
|
||||
dpkg -s libasan0 2> /dev/null | grep -i version
|
||||
print_version "$GNUTLS_LEGACY_CLI" "--version" "legacy" "head -n 1"
|
||||
else
|
||||
echo "* No dpkg present: can't determine asan version!"
|
||||
echo " * gnutls-cli (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_SERV" "--version" "legacy" "head -n 1"
|
||||
else
|
||||
echo " * gnutls-serv (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
echo " * Installed asan versions:"
|
||||
if type dpkg-query >/dev/null 2>/dev/null; then
|
||||
if ! dpkg-query -f '${Status} ${Package}: ${Version}\n' -W 'libasan*' |
|
||||
awk '$3 == "installed" && $4 !~ /-/ {print $4, $5}' |
|
||||
grep .
|
||||
then
|
||||
echo " No asan versions installed."
|
||||
fi
|
||||
else
|
||||
echo " Unable to determine the asan version without dpkg."
|
||||
fi
|
||||
echo
|
||||
|
|
20
scripts/windows_msbuild.bat
Normal file
20
scripts/windows_msbuild.bat
Normal file
|
@ -0,0 +1,20 @@
|
|||
@rem Build and test Mbed TLS with Visual Studio using msbuild.
|
||||
@rem Usage: windows_msbuild [RETARGET]
|
||||
@rem RETARGET: version of Visual Studio to emulate
|
||||
@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset
|
||||
|
||||
@rem These parameters are hard-coded for now.
|
||||
set "arch=x64" & @rem "x86" or "x64"
|
||||
set "cfg=Release" & @rem "Debug" or "Release"
|
||||
set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat"
|
||||
|
||||
if not "%~1"=="" set "retarget=,PlatformToolset=%1"
|
||||
|
||||
@rem If the %USERPROFILE%\Source directory exists, then running
|
||||
@rem vcvarsall.bat will silently change the directory to that directory.
|
||||
@rem Setting the VSCMD_START_DIR environment variable causes it to change
|
||||
@rem to that directory instead.
|
||||
set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010"
|
||||
|
||||
"%vcvarsall%" x64 && ^
|
||||
msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln
|
20
tests/data_files/server1_pathlen_int_max-1.crt
Normal file
20
tests/data_files/server1_pathlen_int_max-1.crt
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
o1YwVDASBgNVHRMECzAJAQH/AgR////+MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs
|
||||
Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG
|
||||
9w0BAQUFAAOCAQEAfuvq7FomQTSJmGInVwQjQddgoXpnmCZ97TpVq7jHLCFADowQ
|
||||
jeiAsxmD8mwAQqw/By0U2PSmQcS7Vrn7Le0nFKNRYYrtpx5rsTFJzS/tQsgCe0Pf
|
||||
zhiBgD1Dhw6PWAPmy+JlvhJF7REmFsM8KHQd0xSvJzB1gLN9FVlnd87C73bdDJZQ
|
||||
Zdn977+Sn5anAFGHDWeKo8GYaYGnPBQqkX0Q2EKWR7yrwcKMogOevxELogB0jRj3
|
||||
L+nBpz7mO2J6XQ85ip+tLWAGCEHo0omAIQorAoCSqtLiaz47HxOdNK0hnM7V5k8P
|
||||
05AVhxDa3WqZ9FmMaDc8j8XqmOgKYVMC4/WS0g==
|
||||
-----END CERTIFICATE-----
|
20
tests/data_files/server1_pathlen_int_max.crt
Normal file
20
tests/data_files/server1_pathlen_int_max.crt
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
o1YwVDASBgNVHRMECzAJAQH/AgR/////MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs
|
||||
Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG
|
||||
9w0BAQUFAAOCAQEAe5jPPMyWrKYGljJH2uh1gEh7KoYhmGIUfYu5A8Z2ou04yFZh
|
||||
LDyWJnkE/qpNaIw3kPuoyGBTtADYzttPvxretUmaMyteOQe8DK/mmr8vl+gb54ZP
|
||||
2jUE+R27Jp5GSGfl20LNVTBkKJloSyDaVzPI3ozje2lAsXsil8NTKbVJtfjZ9un+
|
||||
mGrpywSV7RpZC2PznGFdqQehwwnOscz0cVeMQqGcMRH3D5Bk2SjVexCaPu47QSyE
|
||||
fNm6cATiNHjw/2dg5Aue7e4K+R6le+xY3Qy85Fq/lKDeMmbrJRrNyJ9lblCeihUd
|
||||
qhkAEPelpaq5ZRM6cYJQoo0Ak64j4svjOZeF0g==
|
||||
-----END CERTIFICATE-----
|
|
@ -131,6 +131,7 @@ pre_initialize_variables () {
|
|||
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
|
||||
: ${ARMC5_BIN_DIR:=/usr/bin}
|
||||
: ${ARMC6_BIN_DIR:=/usr/bin}
|
||||
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
|
||||
|
||||
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
|
||||
if [ -z "${MAKEFLAGS+set}" ]; then
|
||||
|
@ -192,6 +193,9 @@ General options:
|
|||
-f|--force Force the tests to overwrite any modified files.
|
||||
-k|--keep-going Run all tests and report errors at the end.
|
||||
-m|--memory Additional optional memory tests.
|
||||
--arm-none-eabi-gcc-prefix=<string>
|
||||
Prefix for a cross-compiler for arm-none-eabi
|
||||
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
|
||||
--armcc Run ARM Compiler builds (on by default).
|
||||
--except Exclude the COMPONENTs listed on the command line,
|
||||
instead of running only those.
|
||||
|
@ -276,9 +280,13 @@ armc6_build_test()
|
|||
{
|
||||
FLAGS="$1"
|
||||
|
||||
msg "build: ARM Compiler 6 ($FLAGS), make"
|
||||
msg "build: ARM Compiler 6 ($FLAGS)"
|
||||
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
|
||||
WARNING_CFLAGS='-xc -std=c99' make lib
|
||||
|
||||
msg "size: ARM Compiler 6 ($FLAGS)"
|
||||
"$ARMC6_FROMELF" -z library/*.o
|
||||
|
||||
make clean
|
||||
}
|
||||
|
||||
|
@ -312,6 +320,7 @@ pre_parse_command_line () {
|
|||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
|
||||
--armcc) no_armcc=;;
|
||||
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
|
||||
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
|
||||
|
@ -513,7 +522,7 @@ pre_check_tools () {
|
|||
esac
|
||||
|
||||
case " $RUN_COMPONENTS " in
|
||||
*_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";;
|
||||
*_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
|
||||
esac
|
||||
|
||||
case " $RUN_COMPONENTS " in
|
||||
|
@ -528,9 +537,12 @@ pre_check_tools () {
|
|||
*_armcc*)
|
||||
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
|
||||
ARMC5_AR="$ARMC5_BIN_DIR/armar"
|
||||
ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
|
||||
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
|
||||
ARMC6_AR="$ARMC6_BIN_DIR/armar"
|
||||
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";;
|
||||
ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
|
||||
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
|
||||
"$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
|
||||
esac
|
||||
|
||||
msg "info: output_env.sh"
|
||||
|
@ -620,7 +632,7 @@ component_test_default_out_of_box () {
|
|||
make test
|
||||
|
||||
msg "selftest: make, default config (out-of-box)" # ~10s
|
||||
programs/test/selftest
|
||||
if_build_succeeded programs/test/selftest
|
||||
}
|
||||
|
||||
component_test_default_cmake_gcc_asan () {
|
||||
|
@ -631,6 +643,9 @@ component_test_default_cmake_gcc_asan () {
|
|||
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||
make test
|
||||
|
||||
msg "test: selftest (ASan build)" # ~ 10s
|
||||
if_build_succeeded programs/test/selftest
|
||||
|
||||
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
|
||||
|
@ -647,6 +662,9 @@ component_test_full_cmake_gcc_asan () {
|
|||
msg "test: main suites (inc. selftests) (full config, ASan build)"
|
||||
make test
|
||||
|
||||
msg "test: selftest (ASan build)" # ~ 10s
|
||||
if_build_succeeded programs/test/selftest
|
||||
|
||||
msg "test: ssl-opt.sh (full config, ASan build)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
|
||||
|
@ -1008,24 +1026,33 @@ component_test_hardcoded_hash_cmake_clang() {
|
|||
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
|
||||
}
|
||||
|
||||
component_build_deprecated () {
|
||||
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
|
||||
scripts/config.pl full
|
||||
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
|
||||
# Build with -O -Wextra to catch a maximum of issues.
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
|
||||
make PTHREAD=1 CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
|
||||
msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
|
||||
# No cleanup, just tweak the configuration and rebuild
|
||||
make clean
|
||||
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
|
||||
component_test_default_no_deprecated () {
|
||||
# Test that removing the deprecated features from the default
|
||||
# configuration leaves something consistent.
|
||||
msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
|
||||
scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
|
||||
# Build with -O -Wextra to catch a maximum of issues.
|
||||
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
|
||||
make PTHREAD=1 CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
||||
|
||||
msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_full_deprecated_warning () {
|
||||
# Test that there is nothing deprecated in the full configuration.
|
||||
# A deprecated feature would trigger a warning (made fatal) from
|
||||
# MBEDTLS_DEPRECATED_WARNING.
|
||||
msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s
|
||||
scripts/config.pl full
|
||||
scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED
|
||||
scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
|
||||
# There are currently no tests for any deprecated feature.
|
||||
# If some are added, 'make test' would trigger warnings here.
|
||||
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
|
||||
make PTHREAD=1 CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
|
||||
msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_depends_curves () {
|
||||
msg "test/build: curves.pl (gcc)" # ~ 4 min
|
||||
|
@ -1076,6 +1103,7 @@ component_test_check_params_without_platform () {
|
|||
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
|
@ -1105,6 +1133,7 @@ component_test_no_platform () {
|
|||
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.pl unset MBEDTLS_FS_IO
|
||||
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
|
||||
|
@ -1119,6 +1148,7 @@ component_build_no_std_function () {
|
|||
scripts/config.pl full
|
||||
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
make CC=gcc PTHREAD=1 CFLAGS='-Werror -Wall -Wextra -Os'
|
||||
}
|
||||
|
||||
|
@ -1266,6 +1296,7 @@ component_test_null_entropy () {
|
|||
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
scripts/config.pl set MBEDTLS_ENTROPY_C
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
scripts/config.pl unset MBEDTLS_HAVEGE_C
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
|
||||
|
@ -1379,7 +1410,7 @@ test_build_opt () {
|
|||
info=$1 cc=$2; shift 2
|
||||
for opt in "$@"; do
|
||||
msg "build/test: $cc $opt, $info" # ~ 30s
|
||||
make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror"
|
||||
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
|
||||
# We're confident enough in compilers to not run _all_ the tests,
|
||||
# but at least run the unit tests. In particular, runs with
|
||||
# optimizations use inline assembly whereas runs with -O0
|
||||
|
@ -1553,45 +1584,63 @@ component_test_no_x509_verify_callback () {
|
|||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc () {
|
||||
msg "build: arm-none-eabi-gcc, make" # ~ 10s
|
||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
||||
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib
|
||||
|
||||
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1"
|
||||
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
|
||||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc_arm5vte () {
|
||||
msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
|
||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
# Build for a target platform that's close to what Debian uses
|
||||
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
||||
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
|
||||
# It would be better to build with arm-linux-gnueabi-gcc but
|
||||
# we don't have that on our CI at this time.
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
||||
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
||||
|
||||
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
|
||||
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
|
||||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc_m0plus () {
|
||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
|
||||
|
||||
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os"
|
||||
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
|
||||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc_no_udbl_division () {
|
||||
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
||||
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib
|
||||
echo "Checking that software 64-bit division is not required"
|
||||
if_build_succeeded not grep __aeabi_uldiv library/*.o
|
||||
}
|
||||
|
||||
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
|
||||
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
|
||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
|
||||
scripts/config.pl baremetal
|
||||
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
make TINYCRYPT_BUILD=0 CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
|
||||
make TINYCRYPT_BUILD=0 CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
|
||||
echo "Checking that software 64-bit multiplication is not required"
|
||||
if_build_succeeded not grep __aeabi_lmul library/*.o
|
||||
}
|
||||
|
||||
component_build_armcc () {
|
||||
msg "build: ARM Compiler 5, make"
|
||||
msg "build: ARM Compiler 5"
|
||||
scripts/config.pl baremetal
|
||||
|
||||
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
|
||||
|
||||
msg "size: ARM Compiler 5"
|
||||
"$ARMC5_FROMELF" -z library/*.o
|
||||
|
||||
make clean
|
||||
|
||||
# ARM Compiler 6 - Target ARMv7-A
|
||||
|
@ -1716,6 +1765,12 @@ component_test_hardware_entropy () {
|
|||
if_build_succeeded tests/ssl-opt.sh --filter "^Default, DTLS$"
|
||||
}
|
||||
|
||||
component_build_ssl_hw_record_accel() {
|
||||
msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled"
|
||||
scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
make CFLAGS='-Werror -O1'
|
||||
}
|
||||
|
||||
component_test_allow_sha1 () {
|
||||
msg "build: allow SHA1 in certificates by default"
|
||||
scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||
|
@ -1836,9 +1891,6 @@ component_test_zeroize () {
|
|||
unset gdb_disable_aslr
|
||||
}
|
||||
|
||||
support_check_python_files () {
|
||||
type pylint3 >/dev/null 2>/dev/null
|
||||
}
|
||||
component_check_python_files () {
|
||||
msg "Lint: Python scripts"
|
||||
record_status tests/scripts/check-python-files.sh
|
||||
|
|
|
@ -17,7 +17,7 @@ import codecs
|
|||
import sys
|
||||
|
||||
|
||||
class FileIssueTracker(object):
|
||||
class FileIssueTracker:
|
||||
"""Base class for file-wide issue tracking.
|
||||
|
||||
To implement a checker that processes a file as a whole, inherit from
|
||||
|
@ -37,20 +37,31 @@ class FileIssueTracker(object):
|
|||
self.files_with_issues = {}
|
||||
|
||||
def should_check_file(self, filepath):
|
||||
"""Whether the given file name should be checked.
|
||||
|
||||
Files whose name ends with a string listed in ``self.files_exemptions``
|
||||
will not be checked.
|
||||
"""
|
||||
for files_exemption in self.files_exemptions:
|
||||
if filepath.endswith(files_exemption):
|
||||
return False
|
||||
return True
|
||||
|
||||
def check_file_for_issue(self, filepath):
|
||||
"""Check the specified file for the issue that this class is for.
|
||||
|
||||
Subclasses must implement this method.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
def record_issue(self, filepath, line_number):
|
||||
"""Record that an issue was found at the specified location."""
|
||||
if filepath not in self.files_with_issues.keys():
|
||||
self.files_with_issues[filepath] = []
|
||||
self.files_with_issues[filepath].append(line_number)
|
||||
|
||||
def output_file_issues(self, logger):
|
||||
"""Log all the locations where the issue was found."""
|
||||
if self.files_with_issues.values():
|
||||
logger.info(self.heading)
|
||||
for filename, lines in sorted(self.files_with_issues.items()):
|
||||
|
@ -70,6 +81,10 @@ class LineIssueTracker(FileIssueTracker):
|
|||
"""
|
||||
|
||||
def issue_with_line(self, line, filepath):
|
||||
"""Check the specified line for the issue that this class is for.
|
||||
|
||||
Subclasses must implement this method.
|
||||
"""
|
||||
raise NotImplementedError
|
||||
|
||||
def check_file_line(self, filepath, line, line_number):
|
||||
|
@ -77,10 +92,20 @@ class LineIssueTracker(FileIssueTracker):
|
|||
self.record_issue(filepath, line_number)
|
||||
|
||||
def check_file_for_issue(self, filepath):
|
||||
"""Check the lines of the specified file.
|
||||
|
||||
Subclasses must implement the ``issue_with_line`` method.
|
||||
"""
|
||||
with open(filepath, "rb") as f:
|
||||
for i, line in enumerate(iter(f.readline, b"")):
|
||||
self.check_file_line(filepath, line, i + 1)
|
||||
|
||||
|
||||
def is_windows_file(filepath):
|
||||
_root, ext = os.path.splitext(filepath)
|
||||
return ext in ('.bat', '.dsp', '.sln', '.vcxproj')
|
||||
|
||||
|
||||
class PermissionIssueTracker(FileIssueTracker):
|
||||
"""Track files with bad permissions.
|
||||
|
||||
|
@ -113,26 +138,43 @@ class Utf8BomIssueTracker(FileIssueTracker):
|
|||
|
||||
heading = "UTF-8 BOM present:"
|
||||
|
||||
files_exemptions = frozenset([".vcxproj", ".sln"])
|
||||
|
||||
def check_file_for_issue(self, filepath):
|
||||
with open(filepath, "rb") as f:
|
||||
if f.read().startswith(codecs.BOM_UTF8):
|
||||
self.files_with_issues[filepath] = None
|
||||
|
||||
|
||||
class LineEndingIssueTracker(LineIssueTracker):
|
||||
class UnixLineEndingIssueTracker(LineIssueTracker):
|
||||
"""Track files with non-Unix line endings (i.e. files with CR)."""
|
||||
|
||||
heading = "Non Unix line endings:"
|
||||
heading = "Non-Unix line endings:"
|
||||
|
||||
def should_check_file(self, filepath):
|
||||
return not is_windows_file(filepath)
|
||||
|
||||
def issue_with_line(self, line, _filepath):
|
||||
return b"\r" in line
|
||||
|
||||
|
||||
class WindowsLineEndingIssueTracker(LineIssueTracker):
|
||||
"""Track files with non-Windows line endings (i.e. CR or LF not in CRLF)."""
|
||||
|
||||
heading = "Non-Windows line endings:"
|
||||
|
||||
def should_check_file(self, filepath):
|
||||
return is_windows_file(filepath)
|
||||
|
||||
def issue_with_line(self, line, _filepath):
|
||||
return not line.endswith(b"\r\n") or b"\r" in line[:-2]
|
||||
|
||||
|
||||
class TrailingWhitespaceIssueTracker(LineIssueTracker):
|
||||
"""Track lines with trailing whitespace."""
|
||||
|
||||
heading = "Trailing whitespace:"
|
||||
files_exemptions = frozenset(".md")
|
||||
files_exemptions = frozenset([".dsp", ".md"])
|
||||
|
||||
def issue_with_line(self, line, _filepath):
|
||||
return line.rstrip(b"\r\n") != line.rstrip()
|
||||
|
@ -143,8 +185,9 @@ class TabIssueTracker(LineIssueTracker):
|
|||
|
||||
heading = "Tabs present:"
|
||||
files_exemptions = frozenset([
|
||||
"Makefile",
|
||||
"generate_visualc_files.pl",
|
||||
".sln",
|
||||
"/Makefile",
|
||||
"/generate_visualc_files.pl",
|
||||
])
|
||||
|
||||
def issue_with_line(self, line, _filepath):
|
||||
|
@ -169,7 +212,7 @@ class MergeArtifactIssueTracker(LineIssueTracker):
|
|||
return False
|
||||
|
||||
|
||||
class IntegrityChecker(object):
|
||||
class IntegrityChecker:
|
||||
"""Sanity-check files under the current directory."""
|
||||
|
||||
def __init__(self, log_file):
|
||||
|
@ -179,9 +222,22 @@ class IntegrityChecker(object):
|
|||
self.check_repo_path()
|
||||
self.logger = None
|
||||
self.setup_logger(log_file)
|
||||
self.files_to_check = (
|
||||
".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
|
||||
"Makefile", "CMakeLists.txt", "ChangeLog"
|
||||
self.extensions_to_check = (
|
||||
".bat",
|
||||
".c",
|
||||
".data",
|
||||
".dsp",
|
||||
".function",
|
||||
".h",
|
||||
".md",
|
||||
".pl",
|
||||
".py",
|
||||
".sh",
|
||||
".sln",
|
||||
".vcxproj",
|
||||
"/CMakeLists.txt",
|
||||
"/ChangeLog",
|
||||
"/Makefile",
|
||||
)
|
||||
self.excluded_directories = ['.git', 'mbed-os', 'tinycrypt']
|
||||
self.excluded_paths = list(map(os.path.normpath, [
|
||||
|
@ -192,7 +248,8 @@ class IntegrityChecker(object):
|
|||
PermissionIssueTracker(),
|
||||
EndOfFileNewlineIssueTracker(),
|
||||
Utf8BomIssueTracker(),
|
||||
LineEndingIssueTracker(),
|
||||
UnixLineEndingIssueTracker(),
|
||||
WindowsLineEndingIssueTracker(),
|
||||
TrailingWhitespaceIssueTracker(),
|
||||
TabIssueTracker(),
|
||||
MergeArtifactIssueTracker(),
|
||||
|
@ -225,7 +282,7 @@ class IntegrityChecker(object):
|
|||
dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d))
|
||||
for filename in sorted(files):
|
||||
filepath = os.path.join(root, filename)
|
||||
if not filepath.endswith(self.files_to_check):
|
||||
if not filepath.endswith(self.extensions_to_check):
|
||||
continue
|
||||
for issue_to_check in self.issues_to_check:
|
||||
if issue_to_check.should_check_file(filepath):
|
||||
|
|
|
@ -9,4 +9,10 @@
|
|||
# Run 'pylint' on Python files for programming errors and helps enforcing
|
||||
# PEP8 coding standards.
|
||||
|
||||
pylint3 -j 2 scripts/*.py tests/scripts/*.py
|
||||
if type python3 >/dev/null 2>/dev/null; then
|
||||
PYTHON=python3
|
||||
else
|
||||
PYTHON=python
|
||||
fi
|
||||
|
||||
$PYTHON -m pylint -j 2 scripts/*.py tests/scripts/*.py
|
||||
|
|
|
@ -208,7 +208,7 @@ class GeneratorInputError(Exception):
|
|||
pass
|
||||
|
||||
|
||||
class FileWrapper(io.FileIO, object):
|
||||
class FileWrapper(io.FileIO):
|
||||
"""
|
||||
This class extends built-in io.FileIO class with attribute line_no,
|
||||
that indicates line number for the line that is read.
|
||||
|
@ -402,8 +402,7 @@ def parse_dependencies(inp_str):
|
|||
:param inp_str: Input string with macros delimited by ':'.
|
||||
:return: list of dependencies
|
||||
"""
|
||||
dependencies = [dep for dep in map(validate_dependency,
|
||||
inp_str.split(':'))]
|
||||
dependencies = list(map(validate_dependency, inp_str.split(':')))
|
||||
return dependencies
|
||||
|
||||
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
# Greentea host test script for Mbed TLS on-target test suite testing.
|
||||
#
|
||||
# Copyright (C) 2018, Arm Limited, All Rights Reserved
|
||||
|
@ -46,7 +48,7 @@ class TestDataParserError(Exception):
|
|||
pass
|
||||
|
||||
|
||||
class TestDataParser(object):
|
||||
class TestDataParser:
|
||||
"""
|
||||
Parses test name, dependencies, test function name and test parameters
|
||||
from the data file.
|
||||
|
@ -260,7 +262,7 @@ class MbedTlsTest(BaseHostTest):
|
|||
data_bytes += bytearray(dependencies)
|
||||
data_bytes += bytearray([function_id, len(parameters)])
|
||||
for typ, param in parameters:
|
||||
if typ == 'int' or typ == 'exp':
|
||||
if typ in ('int', 'exp'):
|
||||
i = int(param, 0)
|
||||
data_bytes += b'I' if typ == 'int' else b'E'
|
||||
self.align_32bit(data_bytes)
|
||||
|
|
|
@ -294,7 +294,7 @@ class GenDispatch(TestCase):
|
|||
self.assertEqual(code, expected)
|
||||
|
||||
|
||||
class StringIOWrapper(StringIO, object):
|
||||
class StringIOWrapper(StringIO):
|
||||
"""
|
||||
file like class to mock file object in tests.
|
||||
"""
|
||||
|
@ -1127,9 +1127,8 @@ Diffie-Hellman selftest
|
|||
dhm_selftest:
|
||||
"""
|
||||
stream = StringIOWrapper('test_suite_ut.function', data)
|
||||
tests = [(name, test_function, dependencies, args)
|
||||
for name, test_function, dependencies, args in
|
||||
parse_test_data(stream)]
|
||||
# List of (name, function_name, dependencies, args)
|
||||
tests = list(parse_test_data(stream))
|
||||
test1, test2, test3, test4 = tests
|
||||
self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
|
||||
self.assertEqual(test1[1], 'dhm_do_dhm')
|
||||
|
@ -1170,9 +1169,8 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
|
|||
|
||||
"""
|
||||
stream = StringIOWrapper('test_suite_ut.function', data)
|
||||
tests = [(name, function_name, dependencies, args)
|
||||
for name, function_name, dependencies, args in
|
||||
parse_test_data(stream)]
|
||||
# List of (name, function_name, dependencies, args)
|
||||
tests = list(parse_test_data(stream))
|
||||
test1, test2 = tests
|
||||
self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
|
||||
self.assertEqual(test1[1], 'dhm_do_dhm')
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
set confirm off
|
||||
|
||||
file ./programs/test/zeroize
|
||||
break zeroize.c:100
|
||||
break zeroize.c:102
|
||||
|
||||
set args ./programs/test/zeroize.c
|
||||
run
|
||||
|
|
|
@ -1162,18 +1162,6 @@ run_test "Default (compression enabled)" \
|
|||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_ZLIB_SUPPORT
|
||||
run_test "Default (compression enabled)" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-s "Allocating compression buffer" \
|
||||
-c "Allocating compression buffer" \
|
||||
-s "Record expansion is unknown (compression)" \
|
||||
-c "Record expansion is unknown (compression)" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test current time in ServerHello
|
||||
requires_config_enabled MBEDTLS_HAVE_TIME
|
||||
run_test "ServerHello contains gmt_unix_time" \
|
||||
|
@ -2498,7 +2486,7 @@ run_test "Encrypt then MAC: empty application data record" \
|
|||
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||
-c "0 bytes written in 1 fragments"
|
||||
|
||||
run_test "Default, no Encrypt then MAC: empty application data record" \
|
||||
run_test "Encrypt then MAC: disabled, empty application data record" \
|
||||
"$P_SRV auth_mode=none debug_level=4 etm=0" \
|
||||
"$P_CLI auth_mode=none etm=0 request_size=0" \
|
||||
0 \
|
||||
|
@ -2513,7 +2501,7 @@ run_test "Encrypt then MAC, DTLS: empty application data record" \
|
|||
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||
-c "0 bytes written in 1 fragments"
|
||||
|
||||
run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
|
||||
run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
|
||||
"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
|
||||
"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
|
||||
0 \
|
||||
|
@ -2717,7 +2705,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
||||
run_test "Session resume using tickets, DTLS: basic" \
|
||||
"$P_SRV debug_level=3 dtls=1 tickets=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "client hello, adding session ticket extension" \
|
||||
-s "found session ticket extension" \
|
||||
|
@ -2733,7 +2721,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
||||
run_test "Session resume using tickets, DTLS: cache disabled" \
|
||||
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "client hello, adding session ticket extension" \
|
||||
-s "found session ticket extension" \
|
||||
|
@ -2749,7 +2737,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
||||
run_test "Session resume using tickets, DTLS: timeout" \
|
||||
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
|
||||
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \
|
||||
0 \
|
||||
-c "client hello, adding session ticket extension" \
|
||||
-s "found session ticket extension" \
|
||||
|
@ -2935,7 +2923,7 @@ requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: tickets enabled on client" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "client hello, adding session ticket extension" \
|
||||
-s "found session ticket extension" \
|
||||
|
@ -2952,7 +2940,7 @@ requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: tickets enabled on server" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-C "client hello, adding session ticket extension" \
|
||||
-S "found session ticket extension" \
|
||||
|
@ -2968,7 +2956,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: cache_max=0" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-S "session successfully restored from cache" \
|
||||
-S "session successfully restored from ticket" \
|
||||
|
@ -2979,7 +2967,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: cache_max=1" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-s "session successfully restored from cache" \
|
||||
-S "session successfully restored from ticket" \
|
||||
|
@ -2990,7 +2978,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: timeout > delay" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \
|
||||
0 \
|
||||
-s "session successfully restored from cache" \
|
||||
-S "session successfully restored from ticket" \
|
||||
|
@ -3001,7 +2989,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: timeout < delay" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
|
||||
0 \
|
||||
-S "session successfully restored from cache" \
|
||||
-S "session successfully restored from ticket" \
|
||||
|
@ -3012,7 +3000,7 @@ requires_config_disabled MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
|||
requires_config_disabled MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
run_test "Session resume using cache, DTLS: no timeout" \
|
||||
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
|
||||
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
|
||||
0 \
|
||||
-s "session successfully restored from cache" \
|
||||
-S "session successfully restored from ticket" \
|
||||
|
@ -4659,19 +4647,19 @@ run_test "Event-driven I/O, DTLS: ticket + client auth" \
|
|||
|
||||
run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
|
||||
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
|
||||
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
|
||||
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "Read from server: .* bytes read"
|
||||
|
||||
run_test "Event-driven I/O, DTLS: ticket + resume" \
|
||||
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
|
||||
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
|
||||
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "Read from server: .* bytes read"
|
||||
|
||||
run_test "Event-driven I/O, DTLS: session-id resume" \
|
||||
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
|
||||
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
|
||||
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "Read from server: .* bytes read"
|
||||
|
||||
|
@ -4683,7 +4671,7 @@ run_test "Event-driven I/O, DTLS: session-id resume" \
|
|||
run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
|
||||
-p "$P_PXY pack=50" \
|
||||
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
|
||||
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
|
||||
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
|
||||
0 \
|
||||
-c "Read from server: .* bytes read"
|
||||
|
||||
|
@ -7103,8 +7091,8 @@ run_test "DTLS cookie: enabled, nbio" \
|
|||
not_with_valgrind # spurious resend
|
||||
requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
|
||||
run_test "DTLS client reconnect from same port: reference" \
|
||||
"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
|
||||
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
|
||||
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
|
||||
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \
|
||||
0 \
|
||||
-C "resend" \
|
||||
-S "The operation timed out" \
|
||||
|
@ -7113,8 +7101,8 @@ run_test "DTLS client reconnect from same port: reference" \
|
|||
not_with_valgrind # spurious resend
|
||||
requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
|
||||
run_test "DTLS client reconnect from same port: reconnect" \
|
||||
"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
|
||||
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
|
||||
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
|
||||
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \
|
||||
0 \
|
||||
-C "resend" \
|
||||
-S "The operation timed out" \
|
||||
|
@ -7146,6 +7134,14 @@ run_test "DTLS client reconnect from same port: no cookies" \
|
|||
-s "The operation timed out" \
|
||||
-S "Client initiated reconnection from same port"
|
||||
|
||||
run_test "DTLS client reconnect from same port: attacker-injected" \
|
||||
-p "$P_PXY inject_clihlo=1" \
|
||||
"$P_SRV dtls=1 exchanges=2 debug_level=1" \
|
||||
"$P_CLI dtls=1 exchanges=2" \
|
||||
0 \
|
||||
-s "possible client reconnect from the same port" \
|
||||
-S "Client initiated reconnection from same port"
|
||||
|
||||
# Tests for various cases of client authentication with DTLS
|
||||
# (focused on handshake flows and message parsing)
|
||||
|
||||
|
@ -7750,7 +7746,7 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
|||
ca_file=data_files/test-ca2.crt \
|
||||
hs_timeout=10000-60000 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
mtu=1450 reconnect=1 reco_delay=1" \
|
||||
mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1" \
|
||||
0 \
|
||||
-S "autoreduction" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
|
@ -8246,8 +8242,8 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
|||
not_with_valgrind # spurious resend due to timeout
|
||||
run_test "DTLS proxy: reference" \
|
||||
-p "$P_PXY" \
|
||||
"$P_SRV dtls=1 debug_level=2" \
|
||||
"$P_CLI dtls=1 debug_level=2" \
|
||||
"$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \
|
||||
"$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \
|
||||
0 \
|
||||
-C "replayed record" \
|
||||
-S "replayed record" \
|
||||
|
@ -8264,8 +8260,8 @@ run_test "DTLS proxy: reference" \
|
|||
not_with_valgrind # spurious resend due to timeout
|
||||
run_test "DTLS proxy: duplicate every packet" \
|
||||
-p "$P_PXY duplicate=1" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=1" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
|
||||
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=1 hs_timeout=10000-20000" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
|
||||
0 \
|
||||
-c "replayed record" \
|
||||
-s "replayed record" \
|
||||
|
@ -8617,7 +8613,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \
|
|||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 debug_level=3" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
|
||||
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
-s "a session has been resumed" \
|
||||
|
@ -8634,7 +8630,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
|
|||
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
|
||||
psk=abc123 debug_level=3 nbio=2" \
|
||||
"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
|
||||
debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
|
||||
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
|
||||
0 \
|
||||
-s "a session has been resumed" \
|
||||
|
|
|
@ -235,6 +235,40 @@ typedef enum
|
|||
mbedtls_exit( 1 ); \
|
||||
}
|
||||
|
||||
#if defined(__GNUC__)
|
||||
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
|
||||
* an array but not if it's a pointer. */
|
||||
#define IS_ARRAY_NOT_POINTER( arg ) \
|
||||
( ! __builtin_types_compatible_p( __typeof__( arg ), \
|
||||
__typeof__( &( arg )[0] ) ) )
|
||||
#else
|
||||
/* On platforms where we don't know how to implement this check,
|
||||
* omit it. Oh well, a non-portable check is better than nothing. */
|
||||
#define IS_ARRAY_NOT_POINTER( arg ) 1
|
||||
#endif
|
||||
|
||||
/* A compile-time constant with the value 0. If `const_expr` is not a
|
||||
* compile-time constant with a nonzero value, cause a compile-time error. */
|
||||
#define STATIC_ASSERT_EXPR( const_expr ) \
|
||||
( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
|
||||
/* Return the scalar value `value` (possibly promoted). This is a compile-time
|
||||
* constant if `value` is. `condition` must be a compile-time constant.
|
||||
* If `condition` is false, arrange to cause a compile-time error. */
|
||||
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
|
||||
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
|
||||
|
||||
#define ARRAY_LENGTH_UNSAFE( array ) \
|
||||
( sizeof( array ) / sizeof( *( array ) ) )
|
||||
/** Return the number of elements of a static or stack array.
|
||||
*
|
||||
* \param array A value of array (not pointer) type.
|
||||
*
|
||||
* \return The number of elements of the array.
|
||||
*/
|
||||
#define ARRAY_LENGTH( array ) \
|
||||
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
|
||||
ARRAY_LENGTH_UNSAFE( array ) ) )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
|
@ -385,15 +385,16 @@ int execute_tests( int argc , const char ** argv )
|
|||
const char *default_filename = "DATA_FILE";
|
||||
const char *test_filename = NULL;
|
||||
const char **test_files = NULL;
|
||||
int testfile_count = 0;
|
||||
size_t testfile_count = 0;
|
||||
int option_verbose = 0;
|
||||
int function_id = 0;
|
||||
size_t function_id = 0;
|
||||
|
||||
/* Other Local variables */
|
||||
int arg_index = 1;
|
||||
const char *next_arg;
|
||||
int testfile_index, ret, i, cnt;
|
||||
int total_errors = 0, total_tests = 0, total_skipped = 0;
|
||||
size_t testfile_index, i, cnt;
|
||||
int ret;
|
||||
unsigned total_errors = 0, total_tests = 0, total_skipped = 0;
|
||||
FILE *file;
|
||||
char buf[5000];
|
||||
char *params[50];
|
||||
|
@ -477,8 +478,9 @@ int execute_tests( int argc , const char ** argv )
|
|||
testfile_index < testfile_count;
|
||||
testfile_index++ )
|
||||
{
|
||||
int unmet_dep_count = 0;
|
||||
char *unmet_dependencies[20];
|
||||
size_t unmet_dep_count = 0;
|
||||
int unmet_dependencies[20];
|
||||
int missing_unmet_dependencies = 0;
|
||||
|
||||
test_filename = test_files[ testfile_index ];
|
||||
|
||||
|
@ -499,6 +501,7 @@ int execute_tests( int argc , const char ** argv )
|
|||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
unmet_dep_count = 0;
|
||||
missing_unmet_dependencies = 0;
|
||||
|
||||
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
|
||||
break;
|
||||
|
@ -524,20 +527,16 @@ int execute_tests( int argc , const char ** argv )
|
|||
int dep_id = strtol( params[i], NULL, 10 );
|
||||
if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED )
|
||||
{
|
||||
if( 0 == option_verbose )
|
||||
if( unmet_dep_count <
|
||||
ARRAY_LENGTH( unmet_dependencies ) )
|
||||
{
|
||||
/* Only one count is needed if not verbose */
|
||||
unmet_dependencies[unmet_dep_count] = dep_id;
|
||||
unmet_dep_count++;
|
||||
break;
|
||||
}
|
||||
|
||||
unmet_dependencies[ unmet_dep_count ] = strdup( params[i] );
|
||||
if( unmet_dependencies[ unmet_dep_count ] == NULL )
|
||||
else
|
||||
{
|
||||
mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
missing_unmet_dependencies = 1;
|
||||
}
|
||||
unmet_dep_count++;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -568,7 +567,7 @@ int execute_tests( int argc , const char ** argv )
|
|||
}
|
||||
#endif /* __unix__ || __APPLE__ __MACH__ */
|
||||
|
||||
function_id = strtol( params[0], NULL, 10 );
|
||||
function_id = strtoul( params[0], NULL, 10 );
|
||||
if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS )
|
||||
{
|
||||
ret = convert_params( cnt - 1, params + 1, int_params );
|
||||
|
@ -603,15 +602,17 @@ int execute_tests( int argc , const char ** argv )
|
|||
mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
|
||||
for( i = 0; i < unmet_dep_count; i++ )
|
||||
{
|
||||
mbedtls_fprintf( stdout, "%s ",
|
||||
mbedtls_fprintf( stdout, "%d ",
|
||||
unmet_dependencies[i] );
|
||||
free( unmet_dependencies[i] );
|
||||
}
|
||||
if( missing_unmet_dependencies )
|
||||
mbedtls_fprintf( stdout, "..." );
|
||||
}
|
||||
mbedtls_fprintf( stdout, "\n" );
|
||||
fflush( stdout );
|
||||
|
||||
unmet_dep_count = 0;
|
||||
missing_unmet_dependencies = 0;
|
||||
}
|
||||
else if( ret == DISPATCH_TEST_SUCCESS )
|
||||
{
|
||||
|
@ -650,10 +651,6 @@ int execute_tests( int argc , const char ** argv )
|
|||
total_errors++;
|
||||
}
|
||||
fclose( file );
|
||||
|
||||
/* In case we encounter early end of file */
|
||||
for( i = 0; i < unmet_dep_count; i++ )
|
||||
free( unmet_dependencies[i] );
|
||||
}
|
||||
|
||||
mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
|
||||
|
@ -662,7 +659,7 @@ int execute_tests( int argc , const char ** argv )
|
|||
else
|
||||
mbedtls_fprintf( stdout, "FAILED" );
|
||||
|
||||
mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
|
||||
mbedtls_fprintf( stdout, " (%u / %u tests (%u skipped))\n",
|
||||
total_tests - total_errors, total_tests, total_skipped );
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
||||
|
|
|
@ -19,6 +19,12 @@
|
|||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
||||
#if !defined(_POSIX_C_SOURCE)
|
||||
#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include <mbedtls/config.h>
|
||||
#else
|
||||
|
@ -174,7 +180,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params)
|
|||
* DISPATCH_TEST_FN_NOT_FOUND if not found
|
||||
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
|
||||
*/
|
||||
int dispatch_test( int func_idx, void ** params )
|
||||
int dispatch_test( size_t func_idx, void ** params )
|
||||
{
|
||||
int ret = DISPATCH_TEST_SUCCESS;
|
||||
TestWrapper_t fp = NULL;
|
||||
|
@ -205,7 +211,7 @@ int dispatch_test( int func_idx, void ** params )
|
|||
* DISPATCH_TEST_FN_NOT_FOUND if not found
|
||||
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
|
||||
*/
|
||||
int check_test( int func_idx )
|
||||
int check_test( size_t func_idx )
|
||||
{
|
||||
int ret = DISPATCH_TEST_SUCCESS;
|
||||
TestWrapper_t fp = NULL;
|
||||
|
|
|
@ -78,7 +78,7 @@ void mbedtls_asn1_write_ia5_string( char * str, data_t * asn1,
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ASN1PARSE_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
|
||||
void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
|
||||
int result )
|
||||
{
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "string.h"
|
||||
|
||||
/*
|
||||
|
|
|
@ -1100,33 +1100,84 @@ Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
|
||||
|
||||
Key ASN1 (Incorrect first tag)
|
||||
pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
Key ASN1 (No data)
|
||||
pk_parse_key:"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (First tag not Sequence)
|
||||
pk_parse_key:"020100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, incorrect version tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"300100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, version tag missing)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"3000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, invalid version)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"3003020101":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"300402010000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, values present, length mismatch)
|
||||
Key ASN1 (RSAPrivateKey, correct format+values, minimal modulus size (128 bit))
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0
|
||||
|
||||
Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
|
||||
Key ASN1 (RSAPrivateKey, correct format, modulus too small (127 bit))
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct format, modulus even)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct format, d == 0)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct format, d == p == q == 0)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, trailing garbage)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, n wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, e wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, d wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, p wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, q wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, dp wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, dq wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct values, qp wrong tag)
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (ECPrivateKey, empty parameters)
|
||||
depends_on:MBEDTLS_ECP_C
|
||||
pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
|
|
@ -149,23 +149,14 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
void pk_parse_key( data_t * buf, char * result_str, int result )
|
||||
/* BEGIN_CASE */
|
||||
void pk_parse_key( data_t * buf, int result )
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char output[2000];
|
||||
((void) result_str);
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
memset( output, 0, 2000 );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == ( result ) );
|
||||
if( ( result ) == 0 )
|
||||
{
|
||||
TEST_ASSERT( 1 );
|
||||
}
|
||||
TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free( &pk );
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
Check compiletime library version
|
||||
check_compiletime_version:"2.16.4"
|
||||
check_compiletime_version:"2.16.6"
|
||||
|
||||
Check runtime library version
|
||||
check_runtime_version:"2.16.4"
|
||||
check_runtime_version:"2.16.6"
|
||||
|
||||
Check for MBEDTLS_VERSION_C
|
||||
check_feature:"MBEDTLS_VERSION_C":0
|
||||
|
|
|
@ -1380,6 +1380,14 @@ X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter')
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 Certificate ASN1 (pathlen is INT_MAX-1)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0
|
||||
|
||||
X509 CRT ASN1 (TBS, Subject missing)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
<PlatformToolset>Windows7.1SDK</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
|
|
Loading…
Reference in a new issue