Merge remote-tracking branch 'origin/pr/566' into baremetal

This commit is contained in:
Simon Butcher 2019-05-09 16:59:02 +01:00
commit 999ac174cc
36 changed files with 502 additions and 1107 deletions

View file

@ -1,425 +0,0 @@
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
# Add files or directories to the blacklist. They should be base names, not
# paths.
# Add files or directories matching the regex patterns to the blacklist. The
# regex matches against base names, not paths.
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
# Use multiple processes to speed up Pylint.
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
# Pickle collected data for later comparisons.
# Specify a configuration file.
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
# Only show warnings with the listed confidence levels. Leave empty to show
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio).You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
# Tells whether to display a full report or only the messages
# Activate the evaluation score.
# Maximum number of nested blocks for function / method body
# Ignore comments when computing similarities.
# Ignore docstrings when computing similarities.
# Ignore imports when computing similarities.
# Minimum lines number of a similarity.
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
# Maximum number of lines in a module
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
# Allow the body of an if to be on the same line as the test if there is no
# else.
# Naming hint for argument names
# Regular expression matching correct argument names
# Naming hint for attribute names
# Regular expression matching correct attribute names
# Bad variable names which should always be refused, separated by a comma
# Naming hint for class attribute names
# Regular expression matching correct class attribute names
# Naming hint for class names
# Regular expression matching correct class names
# Naming hint for constant names
# Regular expression matching correct constant names
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
# Naming hint for function names
# Regular expression matching correct function names
# Good variable names which should always be accepted, separated by a comma
# Include a hint for the correct naming format with invalid-name
# Naming hint for inline iteration names
# Regular expression matching correct inline iteration names
# Naming hint for method names
# Regular expression matching correct method names
# Naming hint for module names
# Regular expression matching correct module names
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
# Regular expression which should only match function or class names that do
# not require a docstring.
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
# Naming hint for variable names
# Regular expression matching correct variable names
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
# Tells whether unused global variables should be treated as a violation.
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
# Tells whether we should check for unused import in __init__ files.
# List of qualified module names which can have objects that can redefine
# builtins.
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
# List of comma separated words that should not be checked.
# A path to a file that contains private dictionary; one word per line.
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
# List of note tags to take in consideration, separated by a comma.
# Logging modules to check that the string format arguments are in logging
# function parameter format
# List of method names used to declare (i.e. assign) instance attributes.
# List of member names, which should be excluded from the protected access
# warning.
# List of valid names for the first argument in a class method.
# List of valid names for the first argument in a metaclass class method.
# Maximum number of arguments for function / method
# Maximum number of attributes for a class (see R0902).
# Maximum number of boolean expressions in a if statement
# Maximum number of branch for function / method body
# Maximum number of locals for function / method body
# Maximum number of parents for a class (see R0901).
# Maximum number of public methods for a class (see R0904).
# Maximum number of return / yield for function / method body
# Maximum number of statements in function / method body
# Minimum number of public methods for a class (see R0903).
# Allow wildcard imports from modules that define __all__.
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
# Deprecated modules which should not be used, separated by a comma
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
# Force import order to recognize a module as part of the standard
# compatibility libraries.
# Force import order to recognize a module as part of a third party library.
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"

.pylintrc Normal file
View file

@ -0,0 +1,52 @@
# We're ok with short funtion argument names.
# [invalid-name]
# Allow filter and map.
# [bad-builtin]
# We prefer docstrings, but we don't require them on all functions.
# Require them only on long functions (for some value of long).
# [missing-docstring]
# Allow longer methods than the default.
# [invalid-name]
# Allow module names containing a dash (but no underscore or uppercase letter).
# They are whole programs, not meant to be included by another module.
# [invalid-name]
# Some functions don't need docstrings.
# [missing-docstring]
# We're ok with short local or global variable names.
# [invalid-name]
# Allow more than the default 7 attributes.
# [too-many-instance-attributes]
# Allow longer modules than the default recommended maximum.
# [too-many-lines]
# Don't diplay statistics. Just the facts.
# Allow unused variables if their name starts with an underscore.
# [unused-argument]

View file

@ -31,7 +31,8 @@ after_failure:
- tests/scripts/ - tests/scripts/
env: env:
global: global:
secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" - SEED=1
- secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons: addons:
apt: apt:

View file

@ -2,6 +2,47 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx = mbed TLS 2.x.x branch released xxxx-xx-xx
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
* Fix potential memory leak in X.509 self test. Found and fixed by
Junhwan Park, #2106.
* Reduce stack usage of hkdf tests. Fixes #2195.
* Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
used with negative inputs. Found by Guido Vranken in #2404. Credit to
* Fix bugs in the AEAD test suite which would be exposed by ciphers which
either used both encrypt and decrypt key schedules, or which perform padding.
GCM and CCM were not affected. Fixed by Jack Lloyd.
* Fix incorrect default port number in ssl_mail_client example's usage.
Found and fixed by irwir. #2337
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.1 branch released 2019-03-19
Features Features
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
from the default list (enabled by default). See from the default list (enabled by default). See
@ -37,16 +78,6 @@ Bugfix
extensions in CSRs and CRTs that caused these bitstrings to not be encoded extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610. leading content octet. Fixes #1610.
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
Changes Changes
* Include configuration file in all header files that use configuration, * Include configuration file in all header files that use configuration,
@ -62,12 +93,6 @@ Changes
been disabled for lack of a sufficiently recent version of GnuTLS on the CI. been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
* Ciphersuites based on 3DES now have the lowest priority by default when * Ciphersuites based on 3DES now have the lowest priority by default when
they are enabled. they are enabled.
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.0 branch released 2018-12-21 = mbed TLS 2.16.0 branch released 2018-12-21

View file

@ -35,7 +35,7 @@ In order to run the tests, enter:
make check make check
The tests need Perl to be built and run. If you don't have Perl installed, you can skip building the tests with: The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with:
make no_test make no_test
@ -65,7 +65,7 @@ In order to run the tests, enter:
make test make test
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with: The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with:
cmake -DENABLE_TESTING=Off /path/to/mbedtls_source cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
@ -133,7 +133,7 @@ on the build mode as seen above), it's merely prepended to it.
The build files for Microsoft Visual Studio are generated for Visual Studio 2010. The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the selftest program in `programs/test/` is still available. The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available.
Example programs Example programs
---------------- ----------------
@ -143,7 +143,7 @@ We've included example programs for a lot of different features and uses in [`pr
Tests Tests
----- -----
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:

View file

@ -1,44 +0,0 @@
# Purpose:
# - To test and prove that a new commit in the mbed TLS repository builds
# and integrates with mbed-os properly.
# - To test and prove that the current development head of mbed TLS builds
# and integrates with the current mbed-os master branch.
# The script fetches all the prerequisites and builds the mbed TLS 'tls-client'
# example. This script is triggered by every commit and once each night and the
# exact behaviour depends on how it was triggered:
# - If it is a nightly build then it builds the mbed TLS development head with
# mbed-os master.
# - If it was triggered by the commit, then it builds the example with mbed TLS
# at that commit and mbed-os at the commit pointed by mbed-os.lib in the
# example repository.
- cd ../mbed-os-example-tls/tls-client/ && mbed compile -m K64F -t GCC_ARM -c
# Install gcc-arm
- cd .. && wget ""
- cd .. && tar -xvjf gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2
- ln -s ../gcc-arm-none-eabi-4_9-2015q3/bin/* ../bin/
# Install mbed-cli
- cd ../ && git clone
- cd ../mbed-cli && sudo -H pip install -e .
# Get the sample application
- cd ../ && git clone
# Get mbed-os
- cd ../mbed-os-example-tls/tls-client && mbed deploy
# Update mbed-os to master only if it is a nightly build
- >
if [ -n "${RUN_NIGHTLY_BUILD}" ]; then
cd ../mbed-os-example-tls/tls-client/mbed-os/ && mbed update master;
# Import mbedtls current revision
- ln -s ../../../../../../../mbedtls/ ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/TARGET_IGNORE/mbedtls
- cd ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/ && make
# Install the missing python packages
- cd ../mbed-os-example-tls/tls-client/mbed-os/ && sudo -H pip install -r requirements.txt

View file

@ -24,7 +24,7 @@
*/ */
/** /**
* @mainpage mbed TLS v2.16.0 source code documentation * @mainpage mbed TLS v2.16.1 source code documentation
* *
* This documentation describes the internal structure of mbed TLS. It was * This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in * automatically generated from specially formatted comment blocks in

View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need # identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces. # to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.16.0" PROJECT_NAME = "mbed TLS v2.16.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number. # The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or

View file

@ -482,7 +482,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
* *
* \note After this function is called, domain parameters * \note After this function is called, domain parameters
* for various ECP groups can be loaded through the * for various ECP groups can be loaded through the
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group() * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions. * functions.
*/ */
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );

View file

@ -40,16 +40,16 @@
*/ */
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02100000 #define MBEDTLS_VERSION_NUMBER 0x02100100
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

View file

@ -167,15 +167,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto}) add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3) set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.1 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs}) target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509}) add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0) set_target_properties(mbedx509 PROPERTIES VERSION 2.16.1 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto) target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls}) add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12) set_target_properties(mbedtls PROPERTIES VERSION 2.16.1 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509) target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto install(TARGETS mbedtls mbedx509 mbedcrypto

View file

@ -582,15 +582,20 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
if( radix < 2 || radix > 16 ) if( radix < 2 || radix > 16 )
n = mbedtls_mpi_bitlen( X ); n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
if( radix >= 4 ) n >>= 1; if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present
if( radix >= 16 ) n >>= 1; * `n`. If radix > 4, this might be a strict
/* * overapproximation of the number of
* Round up the buffer length to an even value to ensure that there is * radix-adic digits needed to present `n`. */
* enough room for hexadecimal values that can be represented in an odd if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to
* number of digits. * present `n`. */
n += 3 + ( ( n + 1 ) & 1 ); n += 1; /* Terminating null byte */
n += 1; /* Compensate for the divisions above, which round down `n`
* in case it's not even. */
n += 1; /* Potential '-'-sign. */
n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
* which always uses an even number of hex-digits. */
if( buflen < n ) if( buflen < n )
{ {
@ -602,7 +607,10 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T );
if( X->s == -1 ) if( X->s == -1 )
*p++ = '-'; *p++ = '-';
if( radix == 16 ) if( radix == 16 )
{ {

View file

@ -49,6 +49,16 @@
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif #endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx )
return( ctx-> );
return( ctx->grp_id );
/* /*
* Generate public key (restartable version) * Generate public key (restartable version)
@ -442,8 +452,21 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if( ( ret = mbedtls_ecdh_setup( ctx, key-> ) ) != 0 ) if( ( ret = mbedtls_ecdh_setup( ctx, key-> ) ) != 0 )
return( ret ); return( ret );
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
if( mbedtls_ecdh_grp_id( ctx ) != key-> )
return( ecdh_get_params_internal( ctx, key, side ) ); return( ecdh_get_params_internal( ctx, key, side ) );

View file

@ -1001,8 +1001,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
*/ */
int mbedtls_x509_self_test( int verbose ) int mbedtls_x509_self_test( int verbose )
{ {
int ret = 0;
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
int ret;
uint32_t flags; uint32_t flags;
mbedtls_x509_crt cacert; mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert; mbedtls_x509_crt clicert;
@ -1010,6 +1010,7 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " X.509 certificate load: " ); mbedtls_printf( " X.509 certificate load: " );
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert ); mbedtls_x509_crt_init( &clicert );
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
@ -1019,11 +1020,9 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
return( ret ); goto cleanup;
} }
mbedtls_x509_crt_init( &cacert );
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt, ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
mbedtls_test_ca_crt_len ); mbedtls_test_ca_crt_len );
if( ret != 0 ) if( ret != 0 )
@ -1031,7 +1030,7 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
return( ret ); goto cleanup;
} }
if( verbose != 0 ) if( verbose != 0 )
@ -1043,20 +1042,19 @@ int mbedtls_x509_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
return( ret ); goto cleanup;
} }
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "passed\n\n"); mbedtls_printf( "passed\n\n");
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
return( 0 );
#else #else
((void) verbose); ((void) verbose);
return( 0 );
return( ret );
} }
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */

View file

@ -67,7 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \ random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \ test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \ test/query_compile_time_config$(EXEXT) \
@ -241,10 +241,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP)
echo " CC ssl/mini_client.c" echo " CC ssl/mini_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c $(DEP)
echo " CC test/ssl_cert_test.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/benchmark$(EXEXT): test/benchmark.c $(DEP) test/benchmark$(EXEXT): test/benchmark.c $(DEP)
echo " CC test/benchmark.c" echo " CC test/benchmark.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

View file

@ -99,8 +99,6 @@ In addition to providing options for testing client-side features, the `ssl_clie
* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. * [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module.
* [`test/ssl_cert_test.c`](test/ssl_cert_test.c): demonstrates how to verify X.509 certificates, and (for RSA keys only) how to check that each certificate matches the corresponding private key. This program requires some test data which is not provided.
* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS.
* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). * [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb).

View file

@ -111,8 +111,8 @@ int main( void )
#if defined(MBEDTLS_BASE64_C) #if defined(MBEDTLS_BASE64_C)
#define USAGE_AUTH \ #define USAGE_AUTH \
" authentication=%%d default: 0 (disabled)\n" \ " authentication=%%d default: 0 (disabled)\n" \
" user_name=%%s default: \"user\"\n" \ " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
" user_pwd=%%s default: \"password\"\n" " user_pwd=%%s default: \"" DFL_USER_PWD "\"\n"
#else #else
#define USAGE_AUTH \ #define USAGE_AUTH \
" authentication options disabled. (Require MBEDTLS_BASE64_C)\n" " authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
@ -131,8 +131,8 @@ int main( void )
#define USAGE \ #define USAGE \
"\n usage: ssl_mail_client param=<>...\n" \ "\n usage: ssl_mail_client param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \ " server_name=%%s default: " DFL_SERVER_NAME "\n" \
" server_port=%%d default: 4433\n" \ " server_port=%%d default: " DFL_SERVER_PORT "\n" \
" debug_level=%%d default: 0 (disabled)\n" \ " debug_level=%%d default: 0 (disabled)\n" \
" mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
@ -324,7 +324,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *
mbedtls_printf("\n%s", buf); mbedtls_printf("\n%s", buf);
if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 ) if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
return -1; return -1;
} }
@ -336,7 +336,7 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *
if( ret <= 0 ) if( ret <= 0 )
{ {
mbedtls_printf( "failed\n ! read returned %d\n\n", ret ); mbedtls_printf( "failed\n ! mbedtls_net_recv returned %d\n\n", ret );
return -1; return -1;
} }

View file

@ -21,9 +21,6 @@ if(TEST_CPP)
target_link_libraries(cpp_dummy_build ${libs}) target_link_libraries(cpp_dummy_build ${libs})
endif() endif()
add_executable(ssl_cert_test ssl_cert_test.c)
target_link_libraries(ssl_cert_test ${libs})
add_executable(udp_proxy udp_proxy.c) add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs}) target_link_libraries(udp_proxy ${libs})
@ -34,6 +31,6 @@ add_executable(query_compile_time_config query_compile_time_config.c)
target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c) target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
target_link_libraries(query_compile_time_config ${libs}) target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config install(TARGETS selftest benchmark udp_proxy query_compile_time_config

View file

@ -1,274 +0,0 @@
* SSL certificate functionality tests
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* This file is part of mbed TLS (
#include "mbedtls/config.h"
#include "mbedtls/platform.h"
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
#define mbedtls_exit exit
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
#include "mbedtls/certs.h"
#include "mbedtls/x509_crt.h"
#include <stdio.h>
#include <string.h>
#if !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_X509_CRL_PARSE_C)
int main( void )
mbedtls_printf("MBEDTLS_RSA_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
return( 0 );
const char *client_certificates[MAX_CLIENT_CERTS] =
const char *client_private_keys[MAX_CLIENT_CERTS] =
#include "mbedtls/platform_util.h"
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
mbedtls_printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
int main( void )
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt cacert;
mbedtls_x509_crl crl;
char buf[10240];
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crl_init( &crl );
* 1.1. Load the trusted CA
mbedtls_printf( "\n . Loading the CA root certificate ..." );
fflush( stdout );
* Alternatively, you may load the CA certificates from a .pem or
* .crt file by calling mbedtls_x509_crt_parse_file( &cacert, "myca.crt" ).
ret = mbedtls_x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" );
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
mbedtls_x509_crt_info( buf, 1024, "CRT: ", &cacert );
mbedtls_printf("%s\n", buf );
* 1.2. Load the CRL
mbedtls_printf( " . Loading the CRL ..." );
fflush( stdout );
ret = mbedtls_x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" );
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
mbedtls_x509_crl_info( buf, 1024, "CRL: ", &crl );
mbedtls_printf("%s\n", buf );
for( i = 0; i < MAX_CLIENT_CERTS; i++ )
* 1.3. Load own certificate
char name[512];
uint32_t flags;
mbedtls_x509_crt clicert;
mbedtls_pk_context pk;
mbedtls_x509_crt_init( &clicert );
mbedtls_pk_init( &pk );
mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
mbedtls_printf( " . Loading the client certificate %s...", name );
fflush( stdout );
ret = mbedtls_x509_crt_parse_file( &clicert, name );
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
* 1.4. Verify certificate validity with CA certificate
mbedtls_printf( " . Verify the client certificate with CA certificate..." );
fflush( stdout );
ret = mbedtls_x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL,
if( ret != 0 )
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
* 1.5. Load own private key
mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
mbedtls_printf( " . Loading the client private key %s...", name );
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &pk, name, NULL );
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
* 1.6. Verify certificate validity with private key
mbedtls_printf( " . Verify the client certificate with private key..." );
fflush( stdout );
if( ! mbedtls_pk_can_do( &, MBEDTLS_PK_RSA ) )
mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" );
goto exit;
ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->N, &mbedtls_pk_rsa( )->N);
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for N returned %d\n\n", ret );
goto exit;
ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->E, &mbedtls_pk_rsa( )->E);
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for E returned %d\n\n", ret );
goto exit;
ret = mbedtls_rsa_check_privkey( mbedtls_pk_rsa( pk ) );
if( ret != 0 )
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey returned %d\n\n", ret );
goto exit;
mbedtls_printf( " ok\n" );
mbedtls_x509_crt_free( &clicert );
mbedtls_pk_free( &pk );
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crl_free( &crl );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
return( exit_code );

View file

@ -26,8 +26,16 @@ import tempfile
class AbiChecker(object): class AbiChecker(object):
"""API and ABI checker."""
def __init__(self, report_dir, old_rev, new_rev, keep_all_reports): def __init__(self, report_dir, old_rev, new_rev, keep_all_reports):
"""Instantiate the API/ABI checker.
report_dir: directory for output files
old_rev: reference git revision to compare against
new_rev: git revision to check
keep_all_reports: if false, delete old reports
self.repo_path = "." self.repo_path = "."
self.log = None self.log = None
self.setup_logger() self.setup_logger()
@ -42,7 +50,8 @@ class AbiChecker(object):
self.git_command = "git" self.git_command = "git"
self.make_command = "make" self.make_command = "make"
def check_repo_path(self): @staticmethod
def check_repo_path():
current_dir = os.path.realpath('.') current_dir = os.path.realpath('.')
root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
if current_dir != root_dir: if current_dir != root_dir:
@ -53,12 +62,15 @@ class AbiChecker(object):
self.log.setLevel(logging.INFO) self.log.setLevel(logging.INFO)
self.log.addHandler(logging.StreamHandler()) self.log.addHandler(logging.StreamHandler())
def check_abi_tools_are_installed(self): @staticmethod
def check_abi_tools_are_installed():
for command in ["abi-dumper", "abi-compliance-checker"]: for command in ["abi-dumper", "abi-compliance-checker"]:
if not shutil.which(command): if not shutil.which(command):
raise Exception("{} not installed, aborting".format(command)) raise Exception("{} not installed, aborting".format(command))
def get_clean_worktree_for_git_revision(self, git_rev): def get_clean_worktree_for_git_revision(self, git_rev):
"""Make a separate worktree with git_rev checked out.
Do not modify the current worktree."""
"Checking out git worktree for revision {}".format(git_rev) "Checking out git worktree for revision {}".format(git_rev)
) )
@ -76,6 +88,7 @@ class AbiChecker(object):
return git_worktree_path return git_worktree_path
def build_shared_libraries(self, git_worktree_path): def build_shared_libraries(self, git_worktree_path):
"""Build the shared libraries in the specified worktree."""
my_environment = os.environ.copy() my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og" my_environment["CFLAGS"] = "-g -Og"
my_environment["SHARED"] = "1" my_environment["SHARED"] = "1"
@ -92,6 +105,9 @@ class AbiChecker(object):
raise Exception("make failed, aborting") raise Exception("make failed, aborting")
def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path): def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path):
"""Generate the ABI dumps for the specified git revision.
It must be checked out in git_worktree_path and the shared libraries
must have been built."""
abi_dumps = {} abi_dumps = {}
for mbed_module in self.mbedtls_modules: for mbed_module in self.mbedtls_modules:
output_path = os.path.join( output_path = os.path.join(
@ -117,6 +133,7 @@ class AbiChecker(object):
return abi_dumps return abi_dumps
def cleanup_worktree(self, git_worktree_path): def cleanup_worktree(self, git_worktree_path):
"""Remove the specified git worktree."""
shutil.rmtree(git_worktree_path) shutil.rmtree(git_worktree_path)
worktree_process = subprocess.Popen( worktree_process = subprocess.Popen(
[self.git_command, "worktree", "prune"], [self.git_command, "worktree", "prune"],
@ -130,6 +147,7 @@ class AbiChecker(object):
raise Exception("Worktree cleanup failed, aborting") raise Exception("Worktree cleanup failed, aborting")
def get_abi_dump_for_ref(self, git_rev): def get_abi_dump_for_ref(self, git_rev):
"""Generate the ABI dumps for the specified git revision."""
git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev)
self.build_shared_libraries(git_worktree_path) self.build_shared_libraries(git_worktree_path)
abi_dumps = self.get_abi_dumps_from_shared_libraries( abi_dumps = self.get_abi_dumps_from_shared_libraries(
@ -139,6 +157,9 @@ class AbiChecker(object):
return abi_dumps return abi_dumps
def get_abi_compatibility_report(self): def get_abi_compatibility_report(self):
"""Generate a report of the differences between the reference ABI
and the new ABI. ABI dumps from self.old_rev and self.new_rev must
be available."""
compatibility_report = "" compatibility_report = ""
compliance_return_code = 0 compliance_return_code = 0
for mbed_module in self.mbedtls_modules: for mbed_module in self.mbedtls_modules:
@ -188,6 +209,8 @@ class AbiChecker(object):
return compliance_return_code return compliance_return_code
def check_for_abi_changes(self): def check_for_abi_changes(self):
"""Generate a report of ABI differences
between self.old_rev and self.new_rev."""
self.check_repo_path() self.check_repo_path()
self.check_abi_tools_are_installed() self.check_abi_tools_are_installed()
self.old_dumps = self.get_abi_dump_for_ref(self.old_rev) self.old_dumps = self.get_abi_dump_for_ref(self.old_rev)
@ -232,7 +255,9 @@ def run_main():
) )
return_code = abi_check.check_for_abi_changes() return_code = abi_check.check_for_abi_changes()
sys.exit(return_code) sys.exit(return_code)
except Exception: except Exception: # pylint: disable=broad-except
# Print the backtrace and exit explicitly so as to exit with
# status 2, not 1.
traceback.print_exc() traceback.print_exc()
sys.exit(2) sys.exit(2)

View file

@ -150,7 +150,7 @@ test-int-ca3-badsign.crt: test-int-ca3.crt
all_final += test-int-ca3-badsign.crt all_final += test-int-ca3-badsign.crt
server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
cat server10.crt test-int-ca3-badsign.crt > $@ cat server10.crt test-int-ca3-badsign.crt > $@
all_final += server10-bs_int3-bs.pem all_final += server10_int3-bs.pem
rsa_pkcs1_2048_public.pem: server8.key rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@

View file

@ -590,6 +590,17 @@ component_check_doxygen_warnings () {
#### Build and test many configurations and targets #### Build and test many configurations and targets
################################################################ ################################################################
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
msg "test: main suites make, default config (out-of-box)" # ~10s
make test
msg "selftest: make, default config (out-of-box)" # ~10s
component_test_default_cmake_gcc_asan () { component_test_default_cmake_gcc_asan () {
msg "build: cmake, gcc, ASan" # ~ 1 min 50s msg "build: cmake, gcc, ASan" # ~ 1 min 50s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@ -952,10 +963,16 @@ component_test_m32_o1 () {
# Build again with -O1, to compile in the i386 specific inline assembly # Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
scripts/ full scripts/ full
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)" msg "test: i386, make, gcc -O1 (ASan build)"
make test make test
msg "test, i386, make, gcc-O1"
if_build_succeeded tests/
} }
support_test_m32_o1 () { support_test_m32_o1 () {
support_test_m32_o0 "$@" support_test_m32_o0 "$@"
@ -1198,10 +1215,8 @@ component_test_valgrind () {
msg "test: main suites valgrind (Release)" msg "test: main suites valgrind (Release)"
make memcheck make memcheck
# Optional part(s) # Optional parts (slow; currently broken on OS X because programs don't
# Currently broken, programs don't seem to receive signals # seem to receive signals under valgrind on OS X).
# under valgrind on OS X
if [ "$MEMORY" -gt 0 ]; then if [ "$MEMORY" -gt 0 ]; then
msg "test: --memcheck (Release)" msg "test: --memcheck (Release)"
if_build_succeeded tests/ --memcheck if_build_succeeded tests/ --memcheck
@ -1269,6 +1284,9 @@ component_test_zeroize () {
unset gdb_disable_aslr unset gdb_disable_aslr
} }
support_check_python_files () {
type pylint3 >/dev/null 2>/dev/null
component_check_python_files () { component_check_python_files () {
msg "Lint: Python scripts" msg "Lint: Python scripts"
record_status tests/scripts/ record_status tests/scripts/

View file

@ -19,14 +19,23 @@ import codecs
import sys import sys
class IssueTracker(object): class FileIssueTracker(object):
"""Base class for issue tracking. Issues should inherit from this and """Base class for file-wide issue tracking.
overwrite either issue_with_line if they check the file line by line, or
overwrite check_file_for_issue if they check the file as a whole.""" To implement a checker that processes a file as a whole, inherit from
this class and implement `check_file_for_issue` and define ``heading``.
``files_exemptions``: files whose name ends with a string in this set
will not be checked.
``heading``: human-readable description of the issue
files_exemptions = frozenset()
# heading must be defined in derived classes.
# pylint: disable=no-member
def __init__(self): def __init__(self):
self.heading = ""
self.files_exemptions = []
self.files_with_issues = {} self.files_with_issues = {}
def should_check_file(self, filepath): def should_check_file(self, filepath):
@ -35,23 +44,14 @@ class IssueTracker(object):
return False return False
return True return True
def issue_with_line(self, line):
raise NotImplementedError
def check_file_for_issue(self, filepath): def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f: raise NotImplementedError
for i, line in enumerate(iter(f.readline, b"")):
self.check_file_line(filepath, line, i + 1)
def record_issue(self, filepath, line_number): def record_issue(self, filepath, line_number):
if filepath not in self.files_with_issues.keys(): if filepath not in self.files_with_issues.keys():
self.files_with_issues[filepath] = [] self.files_with_issues[filepath] = []
self.files_with_issues[filepath].append(line_number) self.files_with_issues[filepath].append(line_number)
def check_file_line(self, filepath, line, line_number):
if self.issue_with_line(line):
self.record_issue(filepath, line_number)
def output_file_issues(self, logger): def output_file_issues(self, logger):
if self.files_with_issues.values(): if self.files_with_issues.values():
@ -64,24 +64,44 @@ class IssueTracker(object):"")"")
class LineIssueTracker(FileIssueTracker):
"""Base class for line-by-line issue tracking.
class PermissionIssueTracker(IssueTracker): To implement a checker that processes files line by line, inherit from
this class and implement `line_with_issue`.
def __init__(self): def issue_with_line(self, line, filepath):
super().__init__() raise NotImplementedError
self.heading = "Incorrect permissions:"
def check_file_line(self, filepath, line, line_number):
if self.issue_with_line(line, filepath):
self.record_issue(filepath, line_number)
def check_file_for_issue(self, filepath): def check_file_for_issue(self, filepath):
if not (os.access(filepath, os.X_OK) == with open(filepath, "rb") as f:
filepath.endswith((".sh", ".pl", ".py"))): for i, line in enumerate(iter(f.readline, b"")):
self.check_file_line(filepath, line, i + 1)
class PermissionIssueTracker(FileIssueTracker):
"""Track files with bad permissions.
Files that are not executable scripts must not be executable."""
heading = "Incorrect permissions:"
def check_file_for_issue(self, filepath):
is_executable = os.access(filepath, os.X_OK)
should_be_executable = filepath.endswith((".sh", ".pl", ".py"))
if is_executable != should_be_executable:
self.files_with_issues[filepath] = None self.files_with_issues[filepath] = None
class EndOfFileNewlineIssueTracker(IssueTracker): class EndOfFileNewlineIssueTracker(FileIssueTracker):
"""Track files that end with an incomplete line
(no newline character at the end of the last line)."""
def __init__(self): heading = "Missing newline at end of file:"
self.heading = "Missing newline at end of file:"
def check_file_for_issue(self, filepath): def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f: with open(filepath, "rb") as f:
@ -89,11 +109,11 @@ class EndOfFileNewlineIssueTracker(IssueTracker):
self.files_with_issues[filepath] = None self.files_with_issues[filepath] = None
class Utf8BomIssueTracker(IssueTracker): class Utf8BomIssueTracker(FileIssueTracker):
"""Track files that start with a UTF-8 BOM.
Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM."""
def __init__(self): heading = "UTF-8 BOM present:"
self.heading = "UTF-8 BOM present:"
def check_file_for_issue(self, filepath): def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f: with open(filepath, "rb") as f:
@ -101,79 +121,76 @@ class Utf8BomIssueTracker(IssueTracker):
self.files_with_issues[filepath] = None self.files_with_issues[filepath] = None
class LineEndingIssueTracker(IssueTracker): class LineEndingIssueTracker(LineIssueTracker):
"""Track files with non-Unix line endings (i.e. files with CR)."""
def __init__(self): heading = "Non Unix line endings:"
self.heading = "Non Unix line endings:"
def issue_with_line(self, line): def issue_with_line(self, line, _filepath):
return b"\r" in line return b"\r" in line
class TrailingWhitespaceIssueTracker(IssueTracker): class TrailingWhitespaceIssueTracker(LineIssueTracker):
"""Track lines with trailing whitespace."""
def __init__(self): heading = "Trailing whitespace:"
super().__init__() files_exemptions = frozenset(".md")
self.heading = "Trailing whitespace:"
self.files_exemptions = [".md"]
def issue_with_line(self, line): def issue_with_line(self, line, _filepath):
return line.rstrip(b"\r\n") != line.rstrip() return line.rstrip(b"\r\n") != line.rstrip()
class TabIssueTracker(IssueTracker): class TabIssueTracker(LineIssueTracker):
"""Track lines with tabs."""
def __init__(self): heading = "Tabs present:"
super().__init__() files_exemptions = frozenset([
self.heading = "Tabs present:" "Makefile",
self.files_exemptions = [ "",
"Makefile", "" ])
def issue_with_line(self, line): def issue_with_line(self, line, _filepath):
return b"\t" in line return b"\t" in line
class MergeArtifactIssueTracker(IssueTracker): class MergeArtifactIssueTracker(LineIssueTracker):
"""Track lines with merge artifacts.
These are leftovers from a ``git merge`` that wasn't fully edited."""
def __init__(self): heading = "Merge artifact:"
self.heading = "Merge artifact:"
def issue_with_line(self, filepath, line): def issue_with_line(self, line, _filepath):
# Detect leftover git conflict markers. # Detect leftover git conflict markers.
if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
return True return True
if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
return True return True
if line.rstrip(b'\r\n') == b'=======' and \ if line.rstrip(b'\r\n') == b'=======' and \
not filepath.endswith('.md'): not _filepath.endswith('.md'):
return True return True
return False return False
def check_file_line(self, filepath, line, line_number): class TodoIssueTracker(LineIssueTracker):
if self.issue_with_line(filepath, line): """Track lines containing ``TODO``."""
self.record_issue(filepath, line_number)
class TodoIssueTracker(IssueTracker): heading = "TODO present:"
files_exemptions = frozenset([
def __init__(self):
self.heading = "TODO present:"
self.files_exemptions = [
os.path.basename(__file__), os.path.basename(__file__),
"benchmark.c", "benchmark.c",
"", "",
] ])
def issue_with_line(self, line): def issue_with_line(self, line, _filepath):
return b"todo" in line.lower() return b"todo" in line.lower()
class IntegrityChecker(object): class IntegrityChecker(object):
"""Sanity-check files under the current directory."""
def __init__(self, log_file): def __init__(self, log_file):
"""Instantiate the sanity checker.
Check files under the current directory.
Write a report of issues to log_file."""
self.check_repo_path() self.check_repo_path()
self.logger = None self.logger = None
self.setup_logger(log_file) self.setup_logger(log_file)
@ -197,7 +214,8 @@ class IntegrityChecker(object):
TodoIssueTracker(), TodoIssueTracker(),
] ]
def check_repo_path(self): @staticmethod
def check_repo_path():
if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
raise Exception("Must be run from Mbed TLS root") raise Exception("Must be run from Mbed TLS root")

View file

@ -9,10 +9,4 @@
# Run 'pylint' on Python files for programming errors and helps enforcing # Run 'pylint' on Python files for programming errors and helps enforcing
# PEP8 coding standards. # PEP8 coding standards.
if `hash pylint > /dev/null 2>&1`; then pylint3 -j 2 scripts/*.py tests/scripts/*.py
pylint -j 2 tests/scripts/ --rcfile .pylint
pylint -j 2 tests/scripts/ --rcfile .pylint
pylint -j 2 tests/scripts/ --rcfile .pylint
echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files."

View file

@ -238,7 +238,7 @@ class FileWrapper(io.FileIO, object):
if hasattr(parent, '__next__'): if hasattr(parent, '__next__'):
line = parent.__next__() # Python 3 line = parent.__next__() # Python 3
else: else:
line = # Python 2 line = # Python 2 # pylint: disable=no-member
if line is not None: if line is not None:
self._line_no += 1 self._line_no += 1
# Convert byte array to string with correct encoding and # Convert byte array to string with correct encoding and

View file

@ -37,7 +37,8 @@
import re import re
import os import os
import binascii import binascii
from mbed_host_tests import BaseHostTest, event_callback
from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error
class TestDataParserError(Exception): class TestDataParserError(Exception):

View file

@ -22,7 +22,7 @@
Unit tests for Unit tests for
""" """
# pylint: disable=wrong-import-order
try: try:
# Python 2 # Python 2
from StringIO import StringIO from StringIO import StringIO
@ -36,6 +36,7 @@ try:
except ImportError: except ImportError:
# Python 3 # Python 3
from unittest.mock import patch from unittest.mock import patch
# pylint: enable=wrong-import-order
from generate_test_code import gen_dependencies, gen_dependencies_one_line from generate_test_code import gen_dependencies, gen_dependencies_one_line
from generate_test_code import gen_function_wrapper, gen_dispatch from generate_test_code import gen_function_wrapper, gen_dispatch
from generate_test_code import parse_until_pattern, GeneratorInputError from generate_test_code import parse_until_pattern, GeneratorInputError
@ -336,6 +337,7 @@ class StringIOWrapper(StringIO, object):
:param length: :param length:
:return: :return:
""" """
# pylint: disable=unused-argument
line = super(StringIOWrapper, self).readline() line = super(StringIOWrapper, self).readline()
if line is not None: if line is not None:
self.line_no += 1 self.line_no += 1

View file

@ -976,6 +976,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
/* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */ /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
memset( output, 0xFF, sizeof( output ) ); memset( output, 0xFF, sizeof( output ) );
outlen = 0; outlen = 0;
@ -984,8 +987,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
my_tag, tag->len ); my_tag, tag->len );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
TEST_ASSERT( outlen == clear->len ); TEST_ASSERT( outlen == cipher->len );
TEST_ASSERT( memcmp( output, cipher->x, clear->len ) == 0 ); TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 ); TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 );
/* make sure we didn't overwrite */ /* make sure we didn't overwrite */

View file

@ -79,3 +79,19 @@ ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8A
ECDH exchange legacy context ECDH exchange legacy context
ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1 ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
ECDH calc_secret: theirs first, SECP256R1 (RFC 5903)
ECDH get_params with mismatched groups: our BP256R1, their SECP256R1
ECDH get_params with mismatched groups: their SECP256R1, our BP256R1

View file

@ -1,5 +1,41 @@
#include "mbedtls/ecdh.h" #include "mbedtls/ecdh.h"
static int load_public_key( int grp_id, data_t *point,
mbedtls_ecp_keypair *ecp )
int ok = 0;
TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
point->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
&ecp->Q ) == 0 );
ok = 1;
return( ok );
static int load_private_key( int grp_id, data_t *private_key,
mbedtls_ecp_keypair *ecp,
rnd_pseudo_info *rnd_info )
int ok = 0;
TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_binary( &ecp->d,
private_key->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
/* Calculate the public key from the private key. */
TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
&rnd_pseudo_rand, rnd_info ) == 0 );
ok = 1;
return( ok );
@ -464,3 +500,107 @@ exit:
mbedtls_ecdh_free( &cli ); mbedtls_ecdh_free( &cli );
} }
/* END_CASE */ /* END_CASE */
void ecdh_exchange_calc_secret( int grp_id,
data_t *our_private_key,
data_t *their_point,
int ours_first,
data_t *expected )
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
size_t shared_secret_length = 0;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( grp_id, their_point, &their_key ) )
goto exit;
/* Import the keys to the ECDH calculation. */
if( ours_first )
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
/* Perform the ECDH calculation. */
TEST_ASSERT( mbedtls_ecdh_calc_secret(
shared_secret, sizeof( shared_secret ),
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( shared_secret_length == expected->len );
TEST_ASSERT( memcmp( expected->x, shared_secret,
shared_secret_length ) == 0 );
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
/* END_CASE */
void ecdh_exchange_get_params_fail( int our_grp_id,
data_t *our_private_key,
int their_grp_id,
data_t *their_point,
int ours_first,
int expected_ret )
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( their_grp_id, their_point, &their_key ) )
goto exit;
if( ours_first )
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
expected_ret );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
expected_ret );
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
/* END_CASE */

View file

@ -14,12 +14,16 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
{ {
int ret; int ret;
size_t ikm_len, salt_len, info_len, okm_len; size_t ikm_len, salt_len, info_len, okm_len;
unsigned char ikm[1024] = { '\0' }; unsigned char ikm[128] = { '\0' };
unsigned char salt[1024] = { '\0' }; unsigned char salt[128] = { '\0' };
unsigned char info[1024] = { '\0' }; unsigned char info[128] = { '\0' };
unsigned char expected_okm[1024] = { '\0' }; unsigned char expected_okm[128] = { '\0' };
unsigned char okm[1024] = { '\0' }; unsigned char okm[128] = { '\0' };
unsigned char okm_string[1000] = { '\0' }; /*
* okm_hex is the string representation of okm,
* so its size is twice the size of okm, and an extra null-termination.
unsigned char okm_hex[257] = { '\0' };
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
@ -34,8 +38,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
// Run hexify on it so that it looks nicer if the assertion fails // Run hexify on it so that it looks nicer if the assertion fails
hexify( okm_string, okm, okm_len ); hexify( okm_hex, okm, okm_len );
TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) ); TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
} }
/* END_CASE */ /* END_CASE */

View file

@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0
Base test mpi_read_write_string #3 (Negative decimal) Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:16:"-23":16:"-23":100:0:0 mpi_read_write_string:16:"-23":16:"-23":100:0:0
Base test mpi_read_write_string #4 (Buffer just fits)
Test mpi_read_write_string #1 (Invalid character) Test mpi_read_write_string #1 (Invalid character)
mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0 mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0

View file

@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X );
memset( str, '!', sizeof( str ) );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 ) if( result_read == 0 )
{ {
@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
if( result_write == 0 ) if( result_write == 0 )
{ {
TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
TEST_ASSERT( str[len] == '!' );
} }
} }

View file

@ -1,8 +1,8 @@
Check compiletime library version Check compiletime library version
check_compiletime_version:"2.16.0" check_compiletime_version:"2.16.1"
Check runtime library version Check runtime library version
check_runtime_version:"2.16.0" check_runtime_version:"2.16.1"
check_feature:"MBEDTLS_VERSION_C":0 check_feature:"MBEDTLS_VERSION_C":0

View file

@ -183,11 +183,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection EndProjectSection
EndProject EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{3FE0C0E1-D9BA-6A26-380C-F293E543B914}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}"
ProjectSection(ProjectDependencies) = postProject ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@ -552,14 +547,6 @@ Global
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32 {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64 {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64 {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.ActiveCfg = Debug|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.Build.0 = Debug|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.ActiveCfg = Debug|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.Build.0 = Debug|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.ActiveCfg = Release|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.Build.0 = Release|Win32
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.ActiveCfg = Release|x64
{3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.Build.0 = Release|x64
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64

View file

@ -1,174 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<ProjectConfiguration Include="Debug|x64">
<ProjectConfiguration Include="Release|Win32">
<ProjectConfiguration Include="Release|x64">
<ClCompile Include="..\..\programs\test\ssl_cert_test.c" />
<ProjectReference Include="mbedTLS.vcxproj">
<PropertyGroup Label="Globals">
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">