yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-22 15:12:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #265 from ARMmbed/iotssl-460-bugfixes

Browse source 
Iotssl 460 bugfixes
This commit is contained in:
Simon Butcher 2015-09-02 23:36:36 +01:00
parent 1662c4a338 824ba72442
commit ed51594337
25 changed files with 131 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CMakeLists.txt
View file

@ -29,6 +29,9 @@ if(CMAKE_COMPILER_IS_GNUCC)
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif() endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
endif()
set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@ -39,7 +42,7 @@ if(CMAKE_COMPILER_IS_GNUCC)
endif(CMAKE_COMPILER_IS_GNUCC) endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")

7
ChangeLog
View file

@ -29,6 +29,13 @@ Bugfix
* Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
result trying to unlock an unlocked mutex on invalid input (found by result trying to unlock an unlocked mutex on invalid input (found by
Fredrik Axelsson) (#257) Fredrik Axelsson) (#257)
* Fix -Wshadow warnings (found by hnrkp) (#240)
* Fix memory corruption on client with overlong PSK identity, around
SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
Aleksandrs Saveljevs) (#238)
* Fix unused function warning when using MBEDTLS_MDx_ALT or
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
Changes Changes
* The PEM parser now accepts a trailing space at end of lines (#226). * The PEM parser now accepts a trailing space at end of lines (#226).

6
library/entropy_poll.c
View file

@ -140,7 +140,7 @@ int mbedtls_platform_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen ) unsigned char *output, size_t len, size_t *olen )
{ {
FILE *file; FILE *file;
size_t ret; size_t read_len;
((void) data); ((void) data);
#if defined(HAVE_GETRANDOM) #if defined(HAVE_GETRANDOM)
@ -165,8 +165,8 @@ int mbedtls_platform_entropy_poll( void *data,
if( file == NULL ) if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
ret = fread( output, 1, len, file ); read_len = fread( output, 1, len, file );
if( ret != len ) if( read_len != len )
{ {
fclose( file ); fclose( file );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );

4
library/md2.c
View file

@ -47,13 +47,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD2_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_MD2_ALT)
static const unsigned char PI_SUBST[256] = static const unsigned char PI_SUBST[256] =
{ {
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,

4
library/md4.c
View file

@ -47,13 +47,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD4_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_MD4_ALT)
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */

4
library/md5.c
View file

@ -46,13 +46,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD5_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_MD5_ALT)
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */

4
library/sha1.c
View file

@ -46,13 +46,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA1_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_SHA1_ALT)
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */

4
library/sha256.c
View file

@ -46,13 +46,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA256_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_SHA256_ALT)
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */

4
library/sha512.c
View file

@ -52,13 +52,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA512_ALT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) { static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#if !defined(MBEDTLS_SHA512_ALT)
/* /*
* 64-bit integer manipulation macros (big endian) * 64-bit integer manipulation macros (big endian)
*/ */

22
library/ssl_cli.c
View file

@ -1748,6 +1748,12 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
unsigned char *p = ssl->handshake->premaster + pms_offset; unsigned char *p = ssl->handshake->premaster + pms_offset;
if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
/* /*
* Generate (part of) the pre-master as * Generate (part of) the pre-master as
* struct { * struct {
@ -2522,6 +2528,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
i = 4; i = 4;
n = ssl->conf->psk_identity_len; n = ssl->conf->psk_identity_len;
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
"SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n ); ssl->out_msg[i++] = (unsigned char)( n );
@ -2550,6 +2564,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
* ClientDiffieHellmanPublic public (DHM send G^X mod P) * ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/ */
n = ssl->handshake->dhm_ctx.len; n = ssl->handshake->dhm_ctx.len;
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
" or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n ); ssl->out_msg[i++] = (unsigned char)( n );

11
library/ssl_tls.c
View file

@ -694,8 +694,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
else else
{ {
int ret;
/* Initialize HMAC contexts */ /* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
@ -1455,7 +1453,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
/* /*
* Generate IV * Generate IV
*/ */
int ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
ssl->transform_out->ivlen ); ssl->transform_out->ivlen );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -5462,6 +5460,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
if( psk_len > MBEDTLS_PSK_MAX_LEN ) if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Identity len will be encoded on two bytes */
if( ( psk_identity_len >> 16 ) != 0 ||
psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( conf->psk != NULL || conf->psk_identity != NULL ) if( conf->psk != NULL || conf->psk_identity != NULL )
{ {
mbedtls_free( conf->psk ); mbedtls_free( conf->psk );

2
programs/pkey/dh_client.c
View file

@ -75,7 +75,7 @@ int main( void )
unsigned char *p, *end; unsigned char *p, *end;
unsigned char buf[2048]; unsigned char buf[2048];
unsigned char hash[20]; unsigned char hash[32];
const char *pers = "dh_client"; const char *pers = "dh_client";
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;

2
programs/pkey/dh_server.c
View file

@ -74,7 +74,7 @@ int main( void )
mbedtls_net_context listen_fd, client_fd; mbedtls_net_context listen_fd, client_fd;
unsigned char buf[2048]; unsigned char buf[2048];
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf2[2]; unsigned char buf2[2];
const char *pers = "dh_server"; const char *pers = "dh_server";

3
programs/pkey/pk_decrypt.c
View file

@ -151,8 +151,11 @@ exit:
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf ); mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif #endif
#if defined(_WIN32) #if defined(_WIN32)

3
programs/pkey/pk_encrypt.c
View file

@ -151,8 +151,11 @@ exit:
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf ); mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif #endif
#if defined(_WIN32) #if defined(_WIN32)

7
programs/pkey/pk_sign.c
View file

@ -64,7 +64,7 @@ int main( int argc, char *argv[] )
mbedtls_pk_context pk; mbedtls_pk_context pk;
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512]; char filename[512];
const char *pers = "mbedtls_pk_sign"; const char *pers = "mbedtls_pk_sign";
@ -129,7 +129,7 @@ int main( int argc, char *argv[] )
} }
/* /*
* Write the signature into <filename>-sig.txt * Write the signature into <filename>.sig
*/ */
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
@ -156,8 +156,11 @@ exit:
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf ); mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif #endif
#if defined(_WIN32) #if defined(_WIN32)

13
programs/pkey/pk_verify.c
View file

@ -59,7 +59,7 @@ int main( int argc, char *argv[] )
int ret = 1; int ret = 1;
size_t i; size_t i;
mbedtls_pk_context pk; mbedtls_pk_context pk;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512]; char filename[512];
@ -86,7 +86,7 @@ int main( int argc, char *argv[] )
} }
/* /*
* Extract the signature from the text file * Extract the signature from the file
*/ */
ret = 1; ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
@ -103,8 +103,8 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
/* /*
* Compute the SHA-256 hash of the input file and compare * Compute the SHA-256 hash of the input file and
* it with the hash decrypted from the signature. * verify the signature
*/ */
mbedtls_printf( "\n . Verifying the SHA-256 signature" ); mbedtls_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout ); fflush( stdout );
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" ); mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0; ret = 0;
@ -132,8 +132,11 @@ exit:
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf ); mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif #endif
#if defined(_WIN32) #if defined(_WIN32)

2
programs/pkey/rsa_genkey.c
View file

@ -46,7 +46,7 @@
#include <string.h> #include <string.h>
#endif #endif
#define KEY_SIZE 1024 #define KEY_SIZE 2048
#define EXPONENT 65537 #define EXPONENT 65537
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \

12
programs/pkey/rsa_sign.c
View file

@ -32,6 +32,7 @@
#include <stdio.h> #include <stdio.h>
#define mbedtls_fprintf fprintf #define mbedtls_fprintf fprintf
#define mbedtls_printf printf #define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif #endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -58,8 +59,9 @@ int main( int argc, char *argv[] )
int ret; int ret;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1; ret = 1;
@ -135,11 +137,11 @@ int main( int argc, char *argv[] )
} }
/* /*
* Write the signature into <filename>-sig.txt * Write the signature into <filename>.sig
*/ */
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 ); mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) if( ( f = fopen( filename, "wb+" ) ) == NULL )
{ {
ret = 1; ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] ); mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
@ -152,7 +154,7 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] ); mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit: exit:

4
programs/pkey/rsa_sign_pss.c
View file

@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
mbedtls_pk_context pk; mbedtls_pk_context pk;
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512]; char filename[512];
const char *pers = "rsa_sign_pss"; const char *pers = "rsa_sign_pss";
@ -140,7 +140,7 @@ int main( int argc, char *argv[] )
} }
/* /*
* Write the signature into <filename>-sig.txt * Write the signature into <filename>.sig
*/ */
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] ); mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );

20
programs/pkey/rsa_verify.c
View file

@ -31,6 +31,7 @@
#else #else
#include <stdio.h> #include <stdio.h>
#define mbedtls_printf printf #define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif #endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -57,8 +58,9 @@ int main( int argc, char *argv[] )
int ret, c; int ret, c;
size_t i; size_t i;
mbedtls_rsa_context rsa; mbedtls_rsa_context rsa;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1; ret = 1;
if( argc != 2 ) if( argc != 2 )
@ -99,17 +101,15 @@ int main( int argc, char *argv[] )
* Extract the RSA signature from the text file * Extract the RSA signature from the text file
*/ */
ret = 1; ret = 1;
i = strlen( argv[1] ); mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
memcpy( argv[1] + i, ".sig", 5 );
if( ( f = fopen( argv[1], "rb" ) ) == NULL ) if( ( f = fopen( filename, "rb" ) ) == NULL )
{ {
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] ); mbedtls_printf( "\n ! Could not open %s\n\n", filename );
goto exit; goto exit;
} }
argv[1][i] = '\0', i = 0; i = 0;
while( fscanf( f, "%02X", &c ) > 0 && while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) ) i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c; buf[i++] = (unsigned char) c;
@ -123,8 +123,8 @@ int main( int argc, char *argv[] )
} }
/* /*
* Compute the SHA-256 hash of the input file and compare * Compute the SHA-256 hash of the input file and
* it with the hash decrypted from the RSA signature. * verify the signature
*/ */
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" ); mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
@ -144,7 +144,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" ); mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0; ret = 0;

10
programs/pkey/rsa_verify_pss.c
View file

@ -63,7 +63,7 @@ int main( int argc, char *argv[] )
int ret = 1; int ret = 1;
size_t i; size_t i;
mbedtls_pk_context pk; mbedtls_pk_context pk;
unsigned char hash[20]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512]; char filename[512];
@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
/* /*
* Extract the RSA signature from the text file * Extract the RSA signature from the file
*/ */
ret = 1; ret = 1;
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] ); mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
@ -117,8 +117,8 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
/* /*
* Compute the SHA-256 hash of the input file and compare * Compute the SHA-256 hash of the input file and
* it with the hash decrypted from the RSA signature. * verify the signature
*/ */
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" ); mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
@ -138,7 +138,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" ); mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0; ret = 0;

2
programs/ssl/ssl_server2.c
View file

@ -1925,7 +1925,7 @@ reset:
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{ {
char vrfy_buf[512]; char vrfy_buf[512];
uint32_t flags = mbedtls_ssl_get_verify_result( &ssl ); flags = mbedtls_ssl_get_verify_result( &ssl );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );

18
programs/test/benchmark.c
View file

@ -108,26 +108,26 @@ int main( void )
#define TIME_AND_TSC( TITLE, CODE ) \ #define TIME_AND_TSC( TITLE, CODE ) \
do { \ do { \
unsigned long i, j, tsc; \ unsigned long ii, jj, tsc; \
\ \
mbedtls_printf( HEADER_FORMAT, TITLE ); \ mbedtls_printf( HEADER_FORMAT, TITLE ); \
fflush( stdout ); \ fflush( stdout ); \
\ \
mbedtls_set_alarm( 1 ); \ mbedtls_set_alarm( 1 ); \
for( i = 1; ! mbedtls_timing_alarmed; i++ ) \ for( ii = 1; ! mbedtls_timing_alarmed; ii++ ) \
{ \ { \
CODE; \ CODE; \
} \ } \
\ \
tsc = mbedtls_timing_hardclock(); \ tsc = mbedtls_timing_hardclock(); \
for( j = 0; j < 1024; j++ ) \ for( jj = 0; jj < 1024; jj++ ) \
{ \ { \
CODE; \ CODE; \
} \ } \
\ \
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \ mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
i * BUFSIZE / 1024, \ ii * BUFSIZE / 1024, \
( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
} while( 0 ) } while( 0 )
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
@ -149,7 +149,7 @@ do { \
#define MEMORY_MEASURE_PRINT( title_len ) \ #define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \ for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \ max_used -= prv_used; \
max_blocks -= prv_blocks; \ max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
@ -162,7 +162,7 @@ do { \
#define TIME_PUBLIC( TITLE, TYPE, CODE ) \ #define TIME_PUBLIC( TITLE, TYPE, CODE ) \
do { \ do { \
unsigned long i; \ unsigned long ii; \
int ret; \ int ret; \
MEMORY_MEASURE_INIT; \ MEMORY_MEASURE_INIT; \
\ \
@ -171,7 +171,7 @@ do { \
mbedtls_set_alarm( 3 ); \ mbedtls_set_alarm( 3 ); \
\ \
ret = 0; \ ret = 0; \
for( i = 1; ! mbedtls_timing_alarmed && ! ret ; i++ ) \ for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ ) \
{ \ { \
CODE; \ CODE; \
} \ } \
@ -182,7 +182,7 @@ do { \
} \ } \
else \ else \
{ \ { \
mbedtls_printf( "%6lu " TYPE "/s", i / 3 ); \ mbedtls_printf( "%6lu " TYPE "/s", ii / 3 ); \
MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \ MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
mbedtls_printf( "\n" ); \ mbedtls_printf( "\n" ); \
} \ } \

2
programs/test/udp_proxy.c
View file

@ -389,7 +389,7 @@ void update_dropped( const packet *p )
while( cur < end ) while( cur < end )
{ {
size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13; len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
id = len % sizeof( dropped ); id = len % sizeof( dropped );
++dropped[id]; ++dropped[id];