mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-08-08 13:51:10 +00:00
Merge branch 'development' into beta-release-restricted
* development: Document the three libraries in Readme Document how to build shared libs with CMake Disable some tests with valgrind Clarify that there are two SSL I/O buffers Fix RSA mutex fix Fix last edit Small edit Small edit Small edit Small edit Very small edit Fix possible mutex lock/unlock mismatch Sync yotta and general readme again Ship license files with the yotta module Edited
This commit is contained in:
commit
c927bbe9b6
|
@ -26,6 +26,9 @@ Bugfix
|
|||
* Fix error when loading libmbedtls.so.
|
||||
* Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
|
||||
be always used (found by dcb314) (#235)
|
||||
* Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
|
||||
result trying to unlock an unlocked mutex on invalid input (found by
|
||||
Fredrik Axelsson) (#257)
|
||||
|
||||
Changes
|
||||
* The PEM parser now accepts a trailing space at end of lines (#226).
|
||||
|
|
39
README.rst
39
README.rst
|
@ -28,6 +28,8 @@ Please note that the yotta option is slightly different from the other build sys
|
|||
- a more minimalistic configuration file is used by default
|
||||
- depending on the yotta target, features of mbed OS will be used in examples and tests
|
||||
|
||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using `dlopen()`, you'll need to load `libmbedcrypto` first, then `libmbedx509`, before you can load `libmbedtls`.
|
||||
|
||||
Yotta
|
||||
-----
|
||||
|
||||
|
@ -77,7 +79,7 @@ You'll still be able to run a much smaller set of tests with::
|
|||
|
||||
In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
|
||||
|
||||
Setting the variable SHARED in your environment will build a shared library in addition to the static library. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
|
||||
Setting the variable SHARED in your environment will build shared libraries in addition to the static libraries. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
|
||||
|
||||
Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://tls.mbed.org/kb>`_ for articles on your platform or issue.
|
||||
|
||||
|
@ -89,13 +91,24 @@ CMake
|
|||
In order to build the source using CMake, just enter at the command line::
|
||||
|
||||
cmake .
|
||||
|
||||
make
|
||||
|
||||
In order to run the tests, enter::
|
||||
|
||||
make test
|
||||
|
||||
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with::
|
||||
|
||||
cmake -DENABLE_TESTING=Off .
|
||||
|
||||
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with::
|
||||
|
||||
programs/test/selftest
|
||||
|
||||
To configure CMake for building shared libraries, use::
|
||||
|
||||
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
||||
|
||||
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
|
||||
|
||||
- Release.
|
||||
|
@ -121,23 +134,19 @@ There are many different build modes available within the CMake buildsystem. Mos
|
|||
This activates the compiler warnings that depend on optimization and treats
|
||||
all warnings as errors.
|
||||
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line:
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line::
|
||||
|
||||
cmake -D CMAKE_BUILD_TYPE:String="Debug" .
|
||||
cmake -D CMAKE_BUILD_TYPE=Debug .
|
||||
|
||||
To list other available CMake options, use::
|
||||
|
||||
cmake -LH
|
||||
|
||||
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
|
||||
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
|
||||
|
||||
In order to run the tests, enter::
|
||||
|
||||
make test
|
||||
|
||||
If you disabled the test suites, but kept the progams enabled, you can still run a much smaller set of tests with::
|
||||
|
||||
programs/test/selftest
|
||||
|
||||
Microsoft Visual Studio
|
||||
-----------------------
|
||||
|
||||
|
@ -170,18 +179,18 @@ We provide some non-standard configurations focused on specific use cases in the
|
|||
Contributing
|
||||
============
|
||||
|
||||
We gratefully accept bugs and contributions from the community. There are some requirements we need to fulfil in order to be able to integrate contributions:
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
- Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
|
||||
|
||||
- For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will mail to you in case you submit a contribution or pull request that we deem this necessary for.
|
||||
- For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
|
||||
|
||||
Process
|
||||
-------
|
||||
#. `Check for open issues <https://github.com/ARMmbed/mbedtls/issues>`_ or
|
||||
`start a discussion <https://tls.mbed.org/discussions>`_ around a feature
|
||||
idea or a bug.
|
||||
#. Fork the `mbed TLS repository on Github <https://github.com/ARMmbed/mbedtls>`_
|
||||
#. Fork the `mbed TLS repository on GitHub <https://github.com/ARMmbed/mbedtls>`_
|
||||
to start making your changes. As a general rule, you should use the
|
||||
"development" branch as a basis.
|
||||
#. Write a test which shows that the bug was fixed or that the feature works
|
||||
|
|
|
@ -2398,7 +2398,7 @@
|
|||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
||||
/* SSL options */
|
||||
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
|
||||
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
|
||||
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
|
||||
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||
|
|
|
@ -219,7 +219,9 @@
|
|||
#endif
|
||||
|
||||
/*
|
||||
* Size of the input / output buffer.
|
||||
* Maxium fragment length in bytes,
|
||||
* determines the size of each of the two internal I/O buffers.
|
||||
*
|
||||
* Note: the RFC defines the default size of SSL / TLS messages. If you
|
||||
* change the value here, other clients / servers may not be able to
|
||||
* communicate with you anymore. Only change this value if you control
|
||||
|
|
|
@ -273,27 +273,27 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
|
||||
{
|
||||
mbedtls_mpi_free( &T );
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
olen = ctx->len;
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
|
||||
|
||||
cleanup:
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_unlock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
|
@ -310,16 +310,11 @@ cleanup:
|
|||
* DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
|
||||
* Berlin Heidelberg, 1996. p. 104-113.
|
||||
*/
|
||||
static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, mbedtls_mpi *Vi, mbedtls_mpi *Vf,
|
||||
static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
int ret, count = 0;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
if( ctx->Vf.p != NULL )
|
||||
{
|
||||
/* We already have blinding values, just update them by squaring */
|
||||
|
@ -328,7 +323,7 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, mbedtls_mpi *Vi, mbed
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
|
||||
|
||||
goto done;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Unblinding value: Vf = random number, invertible mod N */
|
||||
|
@ -344,19 +339,8 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, mbedtls_mpi *Vi, mbed
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
|
||||
|
||||
done:
|
||||
if( Vi != &ctx->Vi )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Vi, &ctx->Vi ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Vf, &ctx->Vf ) );
|
||||
}
|
||||
|
||||
cleanup:
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_unlock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -372,31 +356,19 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
size_t olen;
|
||||
mbedtls_mpi T, T1, T2;
|
||||
mbedtls_mpi *Vi, *Vf;
|
||||
|
||||
/*
|
||||
* When using the Chinese Remainder Theorem, we use blinding values.
|
||||
* Without threading, we just read them directly from the context,
|
||||
* otherwise we make a local copy in order to reduce locking contention.
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mpi Vi_copy, Vf_copy;
|
||||
|
||||
mbedtls_mpi_init( &Vi_copy ); mbedtls_mpi_init( &Vf_copy );
|
||||
Vi = &Vi_copy;
|
||||
Vf = &Vf_copy;
|
||||
#else
|
||||
Vi = &ctx->Vi;
|
||||
Vf = &ctx->Vf;
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
|
||||
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
|
||||
{
|
||||
mbedtls_mpi_free( &T );
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( f_rng != NULL )
|
||||
|
@ -405,16 +377,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* Blinding
|
||||
* T = T * Vi mod N
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, Vi ) );
|
||||
MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_NO_CRT)
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||
#else
|
||||
|
@ -447,7 +414,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* Unblind
|
||||
* T = T * Vf mod N
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, Vf ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
|
@ -456,10 +423,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
|
||||
cleanup:
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_unlock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
mbedtls_mpi_free( &Vi_copy ); mbedtls_mpi_free( &Vf_copy );
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
|
||||
|
||||
if( ret != 0 )
|
||||
|
|
|
@ -3233,6 +3233,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
|
|||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
needs_more_time 6
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, openssl server" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
|
||||
"$O_SRV -dtls1 -mtu 2048" \
|
||||
|
@ -3241,6 +3242,7 @@ run_test "DTLS proxy: 3d, openssl server" \
|
|||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
needs_more_time 8
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
|
||||
"$O_SRV -dtls1 -mtu 768" \
|
||||
|
@ -3249,6 +3251,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation" \
|
|||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
needs_more_time 8
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
|
||||
"$O_SRV -dtls1 -mtu 768" \
|
||||
|
@ -3258,6 +3261,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
|
|||
|
||||
requires_gnutls
|
||||
needs_more_time 6
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, gnutls server" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$G_SRV -u --mtu 2048 -a" \
|
||||
|
@ -3268,6 +3272,7 @@ run_test "DTLS proxy: 3d, gnutls server" \
|
|||
|
||||
requires_gnutls
|
||||
needs_more_time 8
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$G_SRV -u --mtu 512" \
|
||||
|
@ -3278,6 +3283,7 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
|
|||
|
||||
requires_gnutls
|
||||
needs_more_time 8
|
||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
|
||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||
"$G_SRV -u --mtu 512" \
|
||||
|
|
|
@ -234,7 +234,7 @@ mbedtls_rsa_pkcs1_encrypt:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c
|
|||
|
||||
RSA PKCS1 Decrypt #2 (Data too small)
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
RSA PKCS1 Encrypt #3 (Invalid padding mode)
|
||||
mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
|
@ -337,13 +337,13 @@ RSA Private (Correct)
|
|||
mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
|
||||
|
||||
RSA Private (Data larger than N)
|
||||
mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
RSA Public (Correct)
|
||||
mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
|
||||
|
||||
RSA Public (Data larger than N)
|
||||
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
RSA Generate Key
|
||||
mbedtls_rsa_gen_key:128:3:0
|
||||
|
|
|
@ -37,6 +37,9 @@ cp -r data/example-* $TMP/test
|
|||
cp data/module.json $TMP
|
||||
cp data/README.md $TMP
|
||||
|
||||
cp ../LICENSE $TMP
|
||||
if [ -f ../apache-2.0.txt ]; then cp ../apache-2.0.txt $TMP; fi
|
||||
|
||||
mkdir -p $DEST
|
||||
rsync -cr --delete --exclude build --exclude yotta_\* $TMP/ $DEST/
|
||||
rm -rf $TMP
|
||||
|
|
|
@ -2,29 +2,31 @@
|
|||
|
||||
mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
|
||||
|
||||
The Beta release of mbed TLS integrates the mbed TLS library into mbed OS, mbed SDK and yotta. This is a preview release intended for evaluation only and is **not recommended for deployment**. This implementation currently implements no secure source of random numbers, weakening it's security.
|
||||
The Beta release of mbed TLS integrates the mbed TLS library into mbed OS, mbed SDK and yotta. This is a preview release intended for evaluation only and is **not recommended for deployment**. It currently implements no secure source of random numbers, weakening its security.
|
||||
|
||||
## Sample programs
|
||||
|
||||
This release includes the following examples:
|
||||
|
||||
1. [**TLS client:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-tls-client) found in `test/example-tls-client`, downloads a test file from an HTTPS server and looks for a specific string in that file.
|
||||
1. [**TLS client:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-tls-client) found in `test/example-tls-client`. Downloads a test file from an HTTPS server and looks for a specific string in that file.
|
||||
|
||||
2. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) found in `test/example-selftest`, tests different basic functions in the mbed TLS library.
|
||||
2. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) found in `test/example-selftest`. Tests different basic functions in the mbed TLS library.
|
||||
|
||||
3. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) found in `test/example-benchmark`, measures the time taken to perform basic cryptographic functions used in the library.
|
||||
3. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) found in `test/example-benchmark`. Measures the time taken to perform basic cryptographic functions used in the library.
|
||||
|
||||
These examples are integrated as yotta tests so that they are built automatically when you build mbed TLS. You'll find other examples in the various `test/example-*` directories alongside these examples.
|
||||
These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. You'll find more examples in the various `test/example-*` directories.
|
||||
|
||||
## Running TLS
|
||||
## Running mbed TLS
|
||||
|
||||
Please follow the instructions in the [TLS client sample](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-tls-client) directory, to build and run the example. These include a list of prerequisites and an explanation of building mbed TLS with yotta.
|
||||
To build and run the example, please follow the instructions in the [TLS client example](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-tls-client) directory. These include a list of prerequisites and an explanation of building mbed TLS with yotta.
|
||||
|
||||
## Configuring mbed TLS features
|
||||
|
||||
mbed TLS makes it easy to disable any feature during compilation that isn't required for a particular project. The default configuration enables all modern and widely-used features which should meet the needs of new projects and disables all features that are older or less common, to minimise the code footprint. The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h), present in the `mbedtls` directory of the yotta module.
|
||||
mbed TLS makes it easy to disable any feature during compilation that isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
|
||||
|
||||
Should you need to adjust those flags, you can provide your own configuration file with suitable `#define` and `#undef` statements, to be included between the default definitions and the sanity checks. This file should be in your application's include directory and can be named freely; you just need to let mbed TLS know the name of the file, by using yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). This name should go in your `config.json`, under mbedtls, as the key `user-config-file`, for example:
|
||||
The list of available compilation flags is presented in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h), present in the `mbedtls` directory of the yotta module.
|
||||
|
||||
If you need to adjust those flags, you can provide your own configuration file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's `include` directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`. For example:
|
||||
|
||||
{
|
||||
"mbedtls": {
|
||||
|
@ -32,21 +34,21 @@ Should you need to adjust those flags, you can provide your own configuration fi
|
|||
}
|
||||
}
|
||||
|
||||
Please note you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name.
|
||||
Please note: you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name.
|
||||
|
||||
## Contributing
|
||||
|
||||
We gratefully accept bugs and contributions from the community. There are some requirements we need to fulfil in order to be able to integrate contributions:
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
* Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
|
||||
|
||||
* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will mail to you in case you submit a contribution or pull request that we deem this necessary for.
|
||||
* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
|
||||
|
||||
To contribute, please:
|
||||
|
||||
* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
|
||||
* Fork the [mbed TLS repository on Github](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
* Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
|
||||
* Write a test that shows that the bug was fixed or that the feature works as expected.
|
||||
|
||||
|
|
|
@ -4,14 +4,14 @@ This application performs authenticated encryption and authenticated decryption
|
|||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example the following requirements are necessary:
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (e.g. screen, pySerial, cu).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
@ -36,9 +36,15 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 115200 baud, 8N1, no flow control. **Warning:** for this example, the baud rate is not the default 9600, it is 115200.
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
7. Press the reset button on the board.
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
|
@ -59,4 +65,4 @@ To build and run this example the following requirements are necessary:
|
|||
{{end}}
|
||||
```
|
||||
|
||||
The actual output for the ciphertext line will vary on each run due to the use of a random nonce in the encryption process.
|
||||
The actual output for the ciphertext line will vary on each run because of the use of a random nonce in the encryption process.
|
||||
|
|
|
@ -4,14 +4,14 @@ This application benchmarks the various cryptographic primitives offered by mbed
|
|||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example the following requirements are necessary:
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (e.g. screen, pySerial, cu).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
@ -36,9 +36,15 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-benchmark.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 115200 baud, 8N1, no flow control. **Warning:** for this example, the baud rate is not the default 9600, it is 115200.
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
7. Press the reset button on the board.
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
|
|
|
@ -4,14 +4,14 @@ This application performs hashing of a buffer with SHA-256 using various APIs. I
|
|||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example the following requirements are necessary:
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (e.g. screen, pySerial, cu).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
@ -36,9 +36,15 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-hashing.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 115200 baud, 8N1, no flow control. **Warning:** for this example, the baud rate is not the default 9600, it is 115200.
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
7. Press the reset button on the board.
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
# mbed TLS Selftest Example
|
||||
|
||||
This application runs the various selftest function of individual mbed TLS components. It serves as a basic sanity check to verify operation of mbed TLS on your platform. In the future, a wider portion of the mbed TLS test suite will become part of this example application.
|
||||
This application runs the various selftest functions of individual mbed TLS components. It serves as a basic sanity check to verify operation of mbed TLS on your platform. In the future, a wider portion of the mbed TLS test suite will become part of this example application.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example the following requirements are necessary:
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (e.g. screen, pySerial, cu).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
@ -36,9 +36,15 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-selftest.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 115200 baud, 8N1, no flow control. **Warning:** for this example, the baud rate is not the default 9600, it is 115200.
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
7. Press the reset button on the board.
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# HTTPS File Download Example/ TLS Client
|
||||
# HTTPS File Download Example for TLS Client
|
||||
|
||||
This application downloads a file from an HTTPS server (developer.mbed.org) and looks for a specific string in that file.
|
||||
|
||||
|
@ -6,25 +6,25 @@ This example is implemented as a logic class (HelloHTTPS) wrapping a TCP socket
|
|||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example the following requirements are necessary:
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (e.g. screen, pySerial, cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board that has an ethernet port and is supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* An ethernet connection to the internet.
|
||||
* An ethernet cable.
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* An Ethernet connection to the internet.
|
||||
* An Ethernet cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Connect the FRDM-K64F to the internet using the ethernet cable.
|
||||
1. Connect the FRDM-K64F to the internet using the Ethernet cable.
|
||||
|
||||
2. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
2. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
|
||||
3. Navigate to the mbedtls directory supplied with your release and open a terminal.
|
||||
|
||||
|
@ -42,9 +42,15 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
6. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-tls-client.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 115200 baud, 8N1, no flow control. **Warning:** for this example, the baud rate is not the default 9600, it is 115200.
|
||||
7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
8. Press the reset button on the board.
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
8. Press the Reset button on the board.
|
||||
|
||||
9. The output in the terminal window should look similar to this:
|
||||
|
||||
|
@ -105,9 +111,9 @@ To build and run this example the following requirements are necessary:
|
|||
|
||||
## Debugging the TLS connection
|
||||
|
||||
If you are experiencing problems with this example, you should first rule out network issues by making sure the [simple HTTP file downloader example](https://github.com/ARMmbed/mbed-example-network-private/tree/maste r/test/helloworld-tcpclient) for the TCP module works as expected. If not, please follow the debug instructions for this example.
|
||||
If you are experiencing problems with this example, you should first rule out network issues by making sure the [simple HTTP file downloader example](https://github.com/ARMmbed/mbed-example-network-private/tree/master/test/helloworld-tcpclient) for the TCP module works as expected. If not, please follow the debug instructions for the HTTP file example before proceeding with the instructions below.
|
||||
|
||||
To print out more debug information about the TLS connection, edit the file `source/main.cpp` and change the definition of `DEBUG_LEVEL` near the top of the file from 0 to a positive number:
|
||||
To print out more debug information about the TLS connection, edit the file `source/main.cpp` and change the definition of `DEBUG_LEVEL` (near the top of the file) from 0 to a positive number:
|
||||
|
||||
* Level 1 only prints non-zero return codes from SSL functions and information about the full certificate chain being verified.
|
||||
|
||||
|
@ -125,4 +131,6 @@ If the TLS connection is failing with an error similar to:
|
|||
Failed to fetch /media/uploads/mbed_official/hello.txt from developer.mbed.org:443
|
||||
```
|
||||
|
||||
it probably means you need to update the contents of the `SSL_CA_PEM` constant (this can happen if you modify `HTTPS_SERVER_NAME`, or when `developer.mbed.org` switches to a new CA when updating its certificate). Another reason for this error may be a proxy providing a different certificate. Proxys can be used in some network configurations or for performing man-in-the-middle attacks. If you choose to ignore this error and proceed with the connection anyway, you can change the definition of `UNSAFE` near the top of the file from 0 to 1. **Warning:** this removes all security against a possible attacker, therefore use at your own risk, or for debugging only!
|
||||
it probably means you need to update the contents of the `SSL_CA_PEM` constant (this can happen if you modify `HTTPS_SERVER_NAME`, or when `developer.mbed.org` switches to a new CA when updating its certificate).
|
||||
|
||||
Another reason for this error may be a proxy providing a different certificate. Proxies can be used in some network configurations or for performing man-in-the-middle attacks. If you choose to ignore this error and proceed with the connection anyway, you can change the definition of `UNSAFE` near the top of the file from 0 to 1. **Warning:** this removes all security against a possible active attacker, therefore use at your own risk, or for debugging only!
|
||||
|
|
Loading…
Reference in a new issue