yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-23 17:25:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mbedtls-2.16' into baremetal

Browse source
This commit is contained in:
Hanno Becker 2019-05-17 10:06:02 +01:00
parent 724a695534 9fb12bd1a2
commit fce6f836ba
27 changed files with 639 additions and 375 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
CMakeLists.txt
View file

@ -87,8 +87,14 @@ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
# to the corresponding path in the source directory. # to the corresponding path in the source directory.
function(link_to_source base_name) function(link_to_source base_name)
# Get OS dependent path to use in `execute_process` # Get OS dependent path to use in `execute_process`
file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link) if (CMAKE_HOST_WIN32)
file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target) #mklink is an internal command of cmd.exe it can only work with \
string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
else()
set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
endif()
if (NOT EXISTS ${link}) if (NOT EXISTS ${link})
if (CMAKE_HOST_UNIX) if (CMAKE_HOST_UNIX)

6
ChangeLog
View file

@ -32,6 +32,12 @@ Bugfix
GCM and CCM were not affected. Fixed by Jack Lloyd. GCM and CCM were not affected. Fixed by Jack Lloyd.
* Fix incorrect default port number in ssl_mail_client example's usage. * Fix incorrect default port number in ssl_mail_client example's usage.
Found and fixed by irwir. #2337 Found and fixed by irwir. #2337
* Add missing parentheses around parameters in the definition of the
public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation
in case operators binding less strongly than subtraction were used
for the parameter.
* Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
sni entry parameter. Reported by inestlerode in #560.
Changes Changes
* Return from various debugging routines immediately if the * Return from various debugging routines immediately if the

7
include/mbedtls/asn1write.h
View file

@ -33,11 +33,12 @@
#include "asn1.h" #include "asn1.h"
#define MBEDTLS_ASN1_CHK_ADD(g, f) \ #define MBEDTLS_ASN1_CHK_ADD(g, f) \
do { \ do \
if( ( ret = f ) < 0 ) \ { \
if( ( ret = (f) ) < 0 ) \
return( ret ); \ return( ret ); \
else \ else \
g += ret; \ (g) += ret; \
} while( 0 ) } while( 0 )
#ifdef __cplusplus #ifdef __cplusplus

7
include/mbedtls/bignum.h
View file

@ -46,7 +46,12 @@
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */ #define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */
#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */ #define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */
#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 ) #define MBEDTLS_MPI_CHK(f) \
do \
{ \
if( ( ret = (f) ) != 0 ) \
goto cleanup; \
} while( 0 )
/* /*
* Maximum size MPIs are allowed to grow to in number of limbs. * Maximum size MPIs are allowed to grow to in number of limbs.

2
include/mbedtls/padlock.h
View file

@ -59,7 +59,7 @@
#define MBEDTLS_PADLOCK_PHE 0x0C00 #define MBEDTLS_PADLOCK_PHE 0x0C00
#define MBEDTLS_PADLOCK_PMM 0x3000 #define MBEDTLS_PADLOCK_PMM 0x3000
#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15)) #define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {

2
include/mbedtls/x509_crt.h
View file

@ -98,7 +98,7 @@ mbedtls_x509_crt;
* Build flag from an algorithm/curve identifier (pk, md, ecp) * Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it. * Since 0 is always XXX_NONE, ignore it.
*/ */
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) ) #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
/** /**
* Security profile for certificate verification. * Security profile for certificate verification.

96
library/aes.c
View file

@ -395,9 +395,9 @@ static uint32_t RCON[10];
/* /*
* Tables generation code * Tables generation code
*/ */
#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 ) #define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) ) #define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 ) #define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
static int aes_init_done = 0; static int aes_init_done = 0;
@ -815,51 +815,53 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \ do \
X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \ { \
AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \ (X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \ AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
AES_FT3( ( Y3 >> 24 ) & 0xFF ); \ AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
\ AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \ \
AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \ (X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \ AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
AES_FT3( ( Y0 >> 24 ) & 0xFF ); \ AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
\ AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \ \
AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \ (X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \ AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
AES_FT3( ( Y1 >> 24 ) & 0xFF ); \ AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
\ AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \ \
AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \ (X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \ AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
AES_FT3( ( Y2 >> 24 ) & 0xFF ); \ AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
} AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
} while( 0 )
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \ do \
X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \ { \
AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \ (X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \ AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
AES_RT3( ( Y1 >> 24 ) & 0xFF ); \ AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
\ AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \ \
AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \ (X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \ AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
AES_RT3( ( Y2 >> 24 ) & 0xFF ); \ AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
\ AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \ \
AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \ (X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \ AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
AES_RT3( ( Y3 >> 24 ) & 0xFF ); \ AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
\ AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \ \
AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \ (X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \ AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
AES_RT3( ( Y0 >> 24 ) & 0xFF ); \ AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
} AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
} while( 0 )
/* /*
* AES-ECB block encryption * AES-ECB block encryption

16
library/ccm.c
View file

@ -134,11 +134,17 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
* This avoids allocating one more 16 bytes buffer while allowing src == dst. * This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/ */
#define CTR_CRYPT( dst, src, len ) \ #define CTR_CRYPT( dst, src, len ) \
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 ) \ do \
return( ret ); \ { \
\ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
for( i = 0; i < len; i++ ) \ 16, b, &olen ) ) != 0 ) \
dst[i] = src[i] ^ b[i]; { \
return( ret ); \
} \
\
for( i = 0; i < (len); i++ ) \
(dst)[i] = (src)[i] ^ b[i]; \
} while( 0 )
/* /*
* Authenticated encryption or decryption * Authenticated encryption or decryption

10
library/chacha20.c
View file

@ -60,14 +60,14 @@
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
#define BYTES_TO_U32_LE( data, offset ) \ #define BYTES_TO_U32_LE( data, offset ) \
( (uint32_t) data[offset] \ ( (uint32_t) (data)[offset] \
| (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
| (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
| (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
) )
#define ROTL32( value, amount ) \ #define ROTL32( value, amount ) \
( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) ) ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
#define CHACHA20_CTR_INDEX ( 12U ) #define CHACHA20_CTR_INDEX ( 12U )

77
library/des.c
View file

@ -257,50 +257,57 @@ static const uint32_t RHs[16] =
/* /*
* Initial Permutation macro * Initial Permutation macro
*/ */
#define DES_IP(X,Y) \ #define DES_IP(X,Y) \
{ \ do \
T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ { \
T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \
X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \
} (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \
} while( 0 )
/* /*
* Final Permutation macro * Final Permutation macro
*/ */
#define DES_FP(X,Y) \ #define DES_FP(X,Y) \
{ \ do \
X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ { \
T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \
Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T; \
T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF; \
T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
} T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
} while( 0 )
/* /*
* DES round macro * DES round macro
*/ */
#define DES_ROUND(X,Y) \ #define DES_ROUND(X,Y) \
{ \ do \
T = *SK++ ^ X; \ { \
Y ^= SB8[ (T ) & 0x3F ] ^ \ T = *SK++ ^ (X); \
SB6[ (T >> 8) & 0x3F ] ^ \ (Y) ^= SB8[ (T ) & 0x3F ] ^ \
SB4[ (T >> 16) & 0x3F ] ^ \ SB6[ (T >> 8) & 0x3F ] ^ \
SB2[ (T >> 24) & 0x3F ]; \ SB4[ (T >> 16) & 0x3F ] ^ \
\ SB2[ (T >> 24) & 0x3F ]; \
T = *SK++ ^ ((X << 28) | (X >> 4)); \ \
Y ^= SB7[ (T ) & 0x3F ] ^ \ T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \
SB5[ (T >> 8) & 0x3F ] ^ \ (Y) ^= SB7[ (T ) & 0x3F ] ^ \
SB3[ (T >> 16) & 0x3F ] ^ \ SB5[ (T >> 8) & 0x3F ] ^ \
SB1[ (T >> 24) & 0x3F ]; \ SB3[ (T >> 16) & 0x3F ] ^ \
} SB1[ (T >> 24) & 0x3F ]; \
} while( 0 )
#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } #define SWAP(a,b) \
do \
{ \
uint32_t t = (a); (a) = (b); (b) = t; t = 0; \
} while( 0 )
void mbedtls_des_init( mbedtls_des_context *ctx ) void mbedtls_des_init( mbedtls_des_context *ctx )
{ {

20
library/ecp.c
View file

@ -1046,25 +1046,29 @@ cleanup:
#define INC_MUL_COUNT #define INC_MUL_COUNT
#endif #endif
#define MOD_MUL( N ) do { MBEDTLS_MPI_CHK( ecp_modp( &N, grp ) ); INC_MUL_COUNT } \ #define MOD_MUL( N ) \
while( 0 ) do \
{ \
MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \
INC_MUL_COUNT \
} while( 0 )
/* /*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
* N->s < 0 is a very fast test, which fails only if N is 0 * N->s < 0 is a very fast test, which fails only if N is 0
*/ */
#define MOD_SUB( N ) \ #define MOD_SUB( N ) \
while( N.s < 0 && mbedtls_mpi_cmp_int( &N, 0 ) != 0 ) \ while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &N, &N, &grp->P ) ) MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
/* /*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int. * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
* We known P, N and the result are positive, so sub_abs is correct, and * We known P, N and the result are positive, so sub_abs is correct, and
* a bit faster. * a bit faster.
*/ */
#define MOD_ADD( N ) \ #define MOD_ADD( N ) \
while( mbedtls_mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \ while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &N, &N, &grp->P ) ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
#if defined(ECP_SHORTWEIERSTRASS) #if defined(ECP_SHORTWEIERSTRASS)
/* /*

60
library/ecp_curves.c
View file

@ -51,11 +51,11 @@
*/ */
#if defined(MBEDTLS_HAVE_INT32) #if defined(MBEDTLS_HAVE_INT32)
#define BYTES_TO_T_UINT_4( a, b, c, d ) \ #define BYTES_TO_T_UINT_4( a, b, c, d ) \
( (mbedtls_mpi_uint) a << 0 ) | \ ( (mbedtls_mpi_uint) (a) << 0 ) | \
( (mbedtls_mpi_uint) b << 8 ) | \ ( (mbedtls_mpi_uint) (b) << 8 ) | \
( (mbedtls_mpi_uint) c << 16 ) | \ ( (mbedtls_mpi_uint) (c) << 16 ) | \
( (mbedtls_mpi_uint) d << 24 ) ( (mbedtls_mpi_uint) (d) << 24 )
#define BYTES_TO_T_UINT_2( a, b ) \ #define BYTES_TO_T_UINT_2( a, b ) \
BYTES_TO_T_UINT_4( a, b, 0, 0 ) BYTES_TO_T_UINT_4( a, b, 0, 0 )
@ -67,14 +67,14 @@
#else /* 64-bits */ #else /* 64-bits */
#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
( (mbedtls_mpi_uint) a << 0 ) | \ ( (mbedtls_mpi_uint) (a) << 0 ) | \
( (mbedtls_mpi_uint) b << 8 ) | \ ( (mbedtls_mpi_uint) (b) << 8 ) | \
( (mbedtls_mpi_uint) c << 16 ) | \ ( (mbedtls_mpi_uint) (c) << 16 ) | \
( (mbedtls_mpi_uint) d << 24 ) | \ ( (mbedtls_mpi_uint) (d) << 24 ) | \
( (mbedtls_mpi_uint) e << 32 ) | \ ( (mbedtls_mpi_uint) (e) << 32 ) | \
( (mbedtls_mpi_uint) f << 40 ) | \ ( (mbedtls_mpi_uint) (f) << 40 ) | \
( (mbedtls_mpi_uint) g << 48 ) | \ ( (mbedtls_mpi_uint) (g) << 48 ) | \
( (mbedtls_mpi_uint) h << 56 ) ( (mbedtls_mpi_uint) (h) << 56 )
#define BYTES_TO_T_UINT_4( a, b, c, d ) \ #define BYTES_TO_T_UINT_4( a, b, c, d ) \
BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 ) BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
@ -890,7 +890,7 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
} }
#define WIDTH 8 / sizeof( mbedtls_mpi_uint ) #define WIDTH 8 / sizeof( mbedtls_mpi_uint )
#define A( i ) N->p + i * WIDTH #define A( i ) N->p + (i) * WIDTH
#define ADD( i ) add64( p, A( i ), &c ) #define ADD( i ) add64( p, A( i ), &c )
#define NEXT p += WIDTH; carry64( p, &c ) #define NEXT p += WIDTH; carry64( p, &c )
#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0 #define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
@ -955,7 +955,8 @@ cleanup:
#else /* 64-bit */ #else /* 64-bit */
#define MAX32 N->n * 2 #define MAX32 N->n * 2
#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] ) #define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
(uint32_t)( N->p[(j)/2] )
#define STORE32 \ #define STORE32 \
if( i % 2 ) { \ if( i % 2 ) { \
N->p[i/2] &= 0x00000000FFFFFFFF; \ N->p[i/2] &= 0x00000000FFFFFFFF; \
@ -989,20 +990,21 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
* Helpers for the main 'loop' * Helpers for the main 'loop'
* (see fix_negative for the motivation of C) * (see fix_negative for the motivation of C)
*/ */
#define INIT( b ) \ #define INIT( b ) \
int ret; \ int ret; \
signed char c = 0, cc; \ signed char c = 0, cc; \
uint32_t cur; \ uint32_t cur; \
size_t i = 0, bits = b; \ size_t i = 0, bits = (b); \
mbedtls_mpi C; \ mbedtls_mpi C; \
mbedtls_mpi_uint Cp[ b / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \ mbedtls_mpi_uint Cp[ (b) / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \
\ \
C.s = 1; \ C.s = 1; \
C.n = b / 8 / sizeof( mbedtls_mpi_uint) + 1; \ C.n = (b) / 8 / sizeof( mbedtls_mpi_uint) + 1; \
C.p = Cp; \ C.p = Cp; \
memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \ memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \
\ \
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, b * 2 / 8 / sizeof( mbedtls_mpi_uint ) ) ); \ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, (b) * 2 / 8 / \
sizeof( mbedtls_mpi_uint ) ) ); \
LOAD32; LOAD32;
#define NEXT \ #define NEXT \

2
library/havege.c
View file

@ -54,7 +54,7 @@
* ------------------------------------------------------------------------ * ------------------------------------------------------------------------
*/ */
#define SWAP(X,Y) { int *T = X; X = Y; Y = T; } #define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;

30
library/md4.c
View file

@ -137,15 +137,21 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
GET_UINT32_LE( X[14], data, 56 ); GET_UINT32_LE( X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 ); GET_UINT32_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
A = ctx->state[0]; A = ctx->state[0];
B = ctx->state[1]; B = ctx->state[1];
C = ctx->state[2]; C = ctx->state[2];
D = ctx->state[3]; D = ctx->state[3];
#define F(x, y, z) ((x & y) | ((~x) & z)) #define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); } #define P(a,b,c,d,x,s) \
do \
{ \
(a) += F((b),(c),(d)) + (x); \
(a) = S((a),(s)); \
} while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 1], 7 ); P( D, A, B, C, X[ 1], 7 );
@ -167,8 +173,13 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
#undef P #undef P
#undef F #undef F
#define F(x,y,z) ((x & y) | (x & z) | (y & z)) #define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); } #define P(a,b,c,d,x,s) \
do \
{ \
(a) += F((b),(c),(d)) + (x) + 0x5A827999; \
(a) = S((a),(s)); \
} while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 4], 5 ); P( D, A, B, C, X[ 4], 5 );
@ -190,8 +201,13 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
#undef P #undef P
#undef F #undef F
#define F(x,y,z) (x ^ y ^ z) #define F(x,y,z) ((x) ^ (y) ^ (z))
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); } #define P(a,b,c,d,x,s) \
do \
{ \
(a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \
(a) = S((a),(s)); \
} while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 8], 9 ); P( D, A, B, C, X[ 8], 9 );

21
library/md5.c
View file

@ -136,19 +136,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
GET_UINT32_LE( X[14], data, 56 ); GET_UINT32_LE( X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 ); GET_UINT32_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) #define S(x,n) \
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
#define P(a,b,c,d,k,s,t) \ #define P(a,b,c,d,k,s,t) \
{ \ do \
a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \ { \
} (a) += F((b),(c),(d)) + X[(k)] + (t); \
(a) = S((a),(s)) + (b); \
} while( 0 )
A = ctx->state[0]; A = ctx->state[0];
B = ctx->state[1]; B = ctx->state[1];
C = ctx->state[2]; C = ctx->state[2];
D = ctx->state[3]; D = ctx->state[3];
#define F(x,y,z) (z ^ (x & (y ^ z))) #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
P( A, B, C, D, 0, 7, 0xD76AA478 ); P( A, B, C, D, 0, 7, 0xD76AA478 );
P( D, A, B, C, 1, 12, 0xE8C7B756 ); P( D, A, B, C, 1, 12, 0xE8C7B756 );
@ -169,7 +172,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
#undef F #undef F
#define F(x,y,z) (y ^ (z & (x ^ y))) #define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
P( A, B, C, D, 1, 5, 0xF61E2562 ); P( A, B, C, D, 1, 5, 0xF61E2562 );
P( D, A, B, C, 6, 9, 0xC040B340 ); P( D, A, B, C, 6, 9, 0xC040B340 );
@ -190,7 +193,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
#undef F #undef F
#define F(x,y,z) (x ^ y ^ z) #define F(x,y,z) ((x) ^ (y) ^ (z))
P( A, B, C, D, 5, 4, 0xFFFA3942 ); P( A, B, C, D, 5, 4, 0xFFFA3942 );
P( D, A, B, C, 8, 11, 0x8771F681 ); P( D, A, B, C, 8, 11, 0x8771F681 );
@ -211,7 +214,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
#undef F #undef F
#define F(x,y,z) (y ^ (x | ~z)) #define F(x,y,z) ((y) ^ ((x) | ~(z)))
P( A, B, C, D, 0, 6, 0xF4292244 ); P( A, B, C, D, 0, 6, 0xF4292244 );
P( D, A, B, C, 7, 10, 0x432AFF97 ); P( D, A, B, C, 7, 10, 0x432AFF97 );

53
library/oid.c
View file

@ -54,22 +54,24 @@
* Macro to generate an internal function for oid_XXX_from_asn1() (used by * Macro to generate an internal function for oid_XXX_from_asn1() (used by
* the other functions) * the other functions)
*/ */
#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \ #define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
static const TYPE_T * oid_ ## NAME ## _from_asn1( const mbedtls_asn1_buf *oid ) \ static const TYPE_T * oid_ ## NAME ## _from_asn1( \
{ \ const mbedtls_asn1_buf *oid ) \
const TYPE_T *p = LIST; \ { \
const mbedtls_oid_descriptor_t *cur = (const mbedtls_oid_descriptor_t *) p; \ const TYPE_T *p = (LIST); \
if( p == NULL || oid == NULL ) return( NULL ); \ const mbedtls_oid_descriptor_t *cur = \
while( cur->asn1 != NULL ) { \ (const mbedtls_oid_descriptor_t *) p; \
if( cur->asn1_len == oid->len && \ if( p == NULL || oid == NULL ) return( NULL ); \
memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \ while( cur->asn1 != NULL ) { \
return( p ); \ if( cur->asn1_len == oid->len && \
} \ memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
p++; \ return( p ); \
cur = (const mbedtls_oid_descriptor_t *) p; \ } \
} \ p++; \
return( NULL ); \ cur = (const mbedtls_oid_descriptor_t *) p; \
} } \
return( NULL ); \
}
/* /*
* Macro to generate a function for retrieving a single attribute from the * Macro to generate a function for retrieving a single attribute from the
@ -103,12 +105,13 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )
*/ */
#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
ATTR2_TYPE, ATTR2) \ ATTR2_TYPE, ATTR2) \
int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 ) \ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
ATTR2_TYPE * ATTR2 ) \
{ \ { \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \ if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
*ATTR1 = data->ATTR1; \ *(ATTR1) = data->ATTR1; \
*ATTR2 = data->ATTR2; \ *(ATTR2) = data->ATTR2; \
return( 0 ); \ return( 0 ); \
} }
@ -119,16 +122,16 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2
#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \ int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
{ \ { \
const TYPE_T *cur = LIST; \ const TYPE_T *cur = (LIST); \
while( cur->descriptor.asn1 != NULL ) { \ while( cur->descriptor.asn1 != NULL ) { \
if( cur->ATTR1 == ATTR1 ) { \ if( cur->ATTR1 == (ATTR1) ) { \
*oid = cur->descriptor.asn1; \ *oid = cur->descriptor.asn1; \
*olen = cur->descriptor.asn1_len; \ *olen = cur->descriptor.asn1_len; \
return( 0 ); \ return( 0 ); \
} \ } \
cur++; \ cur++; \
} \ } \
return( MBEDTLS_ERR_OID_NOT_FOUND ); \ return( MBEDTLS_ERR_OID_NOT_FOUND ); \
} }
/* /*
@ -140,9 +143,9 @@ int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \ int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
size_t *olen ) \ size_t *olen ) \
{ \ { \
const TYPE_T *cur = LIST; \ const TYPE_T *cur = (LIST); \
while( cur->descriptor.asn1 != NULL ) { \ while( cur->descriptor.asn1 != NULL ) { \
if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) { \ if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
*oid = cur->descriptor.asn1; \ *oid = cur->descriptor.asn1; \
*olen = cur->descriptor.asn1_len; \ *olen = cur->descriptor.asn1_len; \
return( 0 ); \ return( 0 ); \

8
library/poly1305.c
View file

@ -58,10 +58,10 @@
#define POLY1305_BLOCK_SIZE_BYTES ( 16U ) #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
#define BYTES_TO_U32_LE( data, offset ) \ #define BYTES_TO_U32_LE( data, offset ) \
( (uint32_t) data[offset] \ ( (uint32_t) (data)[offset] \
| (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
| (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
| (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \ | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
) )
/* /*

33
library/ripemd160.c
View file

@ -147,22 +147,29 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
D = Dp = ctx->state[3]; D = Dp = ctx->state[3];
E = Ep = ctx->state[4]; E = Ep = ctx->state[4];
#define F1( x, y, z ) ( x ^ y ^ z ) #define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
#define F2( x, y, z ) ( ( x & y ) | ( ~x & z ) ) #define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
#define F3( x, y, z ) ( ( x | ~y ) ^ z ) #define F3( x, y, z ) ( ( (x) | ~(y) ) ^ (z) )
#define F4( x, y, z ) ( ( x & z ) | ( y & ~z ) ) #define F4( x, y, z ) ( ( (x) & (z) ) | ( (y) & ~(z) ) )
#define F5( x, y, z ) ( x ^ ( y | ~z ) ) #define F5( x, y, z ) ( (x) ^ ( (y) | ~(z) ) )
#define S( x, n ) ( ( x << n ) | ( x >> (32 - n) ) ) #define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
#define P( a, b, c, d, e, r, s, f, k ) \ #define P( a, b, c, d, e, r, s, f, k ) \
a += f( b, c, d ) + X[r] + k; \ do \
a = S( a, s ) + e; \ { \
c = S( c, 10 ); (a) += f( (b), (c), (d) ) + X[r] + (k); \
(a) = S( (a), (s) ) + (e); \
(c) = S( (c), 10 ); \
} while( 0 )
#define P2( a, b, c, d, e, r, s, rp, sp ) \ #define P2( a, b, c, d, e, r, s, rp, sp ) \
P( a, b, c, d, e, r, s, F, K ); \ do \
P( a ## p, b ## p, c ## p, d ## p, e ## p, rp, sp, Fp, Kp ); { \
P( (a), (b), (c), (d), (e), (r), (s), F, K ); \
P( a ## p, b ## p, c ## p, d ## p, e ## p, \
(rp), (sp), Fp, Kp ); \
} while( 0 )
#define F F1 #define F F1
#define K 0x00000000 #define K 0x00000000

32
library/sha1.c
View file

@ -152,19 +152,21 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
GET_UINT32_BE( W[14], data, 56 ); GET_UINT32_BE( W[14], data, 56 );
GET_UINT32_BE( W[15], data, 60 ); GET_UINT32_BE( W[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
#define R(t) \ #define R(t) \
( \ ( \
temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ temp = W[( (t) - 3 ) & 0x0F] ^ W[( (t) - 8 ) & 0x0F] ^ \
W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ W[( (t) - 14 ) & 0x0F] ^ W[ (t) & 0x0F], \
( W[t & 0x0F] = S(temp,1) ) \ ( W[(t) & 0x0F] = S(temp,1) ) \
) )
#define P(a,b,c,d,e,x) \ #define P(a,b,c,d,e,x) \
{ \ do \
e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ { \
} (e) += S((a),5) + F((b),(c),(d)) + K + (x); \
(b) = S((b),30); \
} while( 0 )
A = ctx->state[0]; A = ctx->state[0];
B = ctx->state[1]; B = ctx->state[1];
@ -172,7 +174,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
D = ctx->state[3]; D = ctx->state[3];
E = ctx->state[4]; E = ctx->state[4];
#define F(x,y,z) (z ^ (x & (y ^ z))) #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define K 0x5A827999 #define K 0x5A827999
P( A, B, C, D, E, W[0] ); P( A, B, C, D, E, W[0] );
@ -199,7 +201,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#undef K #undef K
#undef F #undef F
#define F(x,y,z) (x ^ y ^ z) #define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0x6ED9EBA1 #define K 0x6ED9EBA1
P( A, B, C, D, E, R(20) ); P( A, B, C, D, E, R(20) );
@ -226,7 +228,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#undef K #undef K
#undef F #undef F
#define F(x,y,z) ((x & y) | (z & (x | y))) #define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define K 0x8F1BBCDC #define K 0x8F1BBCDC
P( A, B, C, D, E, R(40) ); P( A, B, C, D, E, R(40) );
@ -253,7 +255,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#undef K #undef K
#undef F #undef F
#define F(x,y,z) (x ^ y ^ z) #define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0xCA62C1D6 #define K 0xCA62C1D6
P( A, B, C, D, E, R(60) ); P( A, B, C, D, E, R(60) );

29
library/sha256.c
View file

@ -172,8 +172,8 @@ static const uint32_t K[] =
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
}; };
#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) #define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) #define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
@ -181,21 +181,22 @@ static const uint32_t K[] =
#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
#define F0(x,y,z) ((x & y) | (z & (x | y))) #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define F1(x,y,z) (z ^ (x & (y ^ z))) #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define R(t) \ #define R(t) \
( \ ( \
W[t] = S1(W[t - 2]) + W[t - 7] + \ W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \
S0(W[t - 15]) + W[t - 16] \ S0(W[(t) - 15]) + W[(t) - 16] \
) )
#define P(a,b,c,d,e,f,g,h,x,K) \ #define P(a,b,c,d,e,f,g,h,x,K) \
{ \ do \
temp1 = h + S3(e) + F1(e,f,g) + K + x; \ { \
temp2 = S2(a) + F0(a,b,c); \ temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
d += temp1; h = temp1 + temp2; \ temp2 = S2(a) + F0((a),(b),(c)); \
} (d) += temp1; (h) = temp1 + temp2; \
} while( 0 )
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )

21
library/sha512.c
View file

@ -224,8 +224,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
SHA512_VALIDATE_RET( ctx != NULL ); SHA512_VALIDATE_RET( ctx != NULL );
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
#define SHR(x,n) (x >> n) #define SHR(x,n) ((x) >> (n))
#define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) #define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) #define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
@ -233,15 +233,16 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) #define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) #define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
#define F0(x,y,z) ((x & y) | (z & (x | y))) #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define F1(x,y,z) (z ^ (x & (y ^ z))) #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define P(a,b,c,d,e,f,g,h,x,K) \ #define P(a,b,c,d,e,f,g,h,x,K) \
{ \ do \
temp1 = h + S3(e) + F1(e,f,g) + K + x; \ { \
temp2 = S2(a) + F0(a,b,c); \ temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
d += temp1; h = temp1 + temp2; \ temp2 = S2(a) + F0((a),(b),(c)); \
} (d) += temp1; (h) = temp1 + temp2; \
} while( 0 )
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
{ {

11
library/x509.c
View file

@ -67,8 +67,15 @@
#include <time.h> #include <time.h>
#endif #endif
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); } #define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); } #define CHECK_RANGE(min, max, val) \
do \
{ \
if( ( val ) < ( min ) || ( val ) > ( max ) ) \
{ \
return( ret ); \
} \
} while( 0 )
/* /*
* CertificateSerialNumber ::= INTEGER * CertificateSerialNumber ::= INTEGER

4
library/x509_crt.c
View file

@ -1439,7 +1439,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
} }
#define CERT_TYPE(type,name) \ #define CERT_TYPE(type,name) \
if( ns_cert_type & type ) \ if( ns_cert_type & (type) ) \
PRINT_ITEM( name ); PRINT_ITEM( name );
static int x509_info_cert_type( char **buf, size_t *size, static int x509_info_cert_type( char **buf, size_t *size,
@ -1466,7 +1466,7 @@ static int x509_info_cert_type( char **buf, size_t *size,
} }
#define KEY_USAGE(code,name) \ #define KEY_USAGE(code,name) \
if( key_usage & code ) \ if( key_usage & (code) ) \
PRINT_ITEM( name ); PRINT_ITEM( name );
static int x509_info_key_usage( char **buf, size_t *size, static int x509_info_key_usage( char **buf, size_t *size,

55
programs/ssl/ssl_server2.c
View file

@ -263,8 +263,14 @@ int main( void )
#endif /* MBEDTLS_SSL_CACHE_C */ #endif /* MBEDTLS_SSL_CACHE_C */
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
#if defined(MBEDTLS_X509_CRL_PARSE_C)
#define SNI_CRL ",crl"
#else
#define SNI_CRL ""
#endif
#define USAGE_SNI \ #define USAGE_SNI \
" sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \ " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \
" default: disabled\n" " default: disabled\n"
#else #else
#define USAGE_SNI "" #define USAGE_SNI ""
@ -600,11 +606,14 @@ static int get_auth_mode( const char *s )
* Used by sni_parse and psk_parse to handle coma-separated lists * Used by sni_parse and psk_parse to handle coma-separated lists
*/ */
#define GET_ITEM( dst ) \ #define GET_ITEM( dst ) \
dst = p; \ do \
while( *p != ',' ) \ { \
if( ++p > end ) \ (dst) = p; \
goto error; \ while( *p != ',' ) \
*p++ = '\0'; if( ++p > end ) \
goto error; \
*p++ = '\0'; \
} while( 0 )
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
typedef struct _sni_entry sni_entry; typedef struct _sni_entry sni_entry;
@ -633,10 +642,10 @@ void sni_free( sni_entry *head )
mbedtls_x509_crt_free( cur->ca ); mbedtls_x509_crt_free( cur->ca );
mbedtls_free( cur->ca ); mbedtls_free( cur->ca );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free( cur->crl ); mbedtls_x509_crl_free( cur->crl );
mbedtls_free( cur->crl ); mbedtls_free( cur->crl );
#endif
next = cur->next; next = cur->next;
mbedtls_free( cur ); mbedtls_free( cur );
cur = next; cur = next;
@ -655,7 +664,10 @@ sni_entry *sni_parse( char *sni_string )
sni_entry *cur = NULL, *new = NULL; sni_entry *cur = NULL, *new = NULL;
char *p = sni_string; char *p = sni_string;
char *end = p; char *end = p;
char *crt_file, *key_file, *ca_file, *crl_file, *auth_str; char *crt_file, *key_file, *ca_file, *auth_str;
#if defined(MBEDTLS_X509_CRL_PARSE_C)
char *crl_file;
#endif
while( *end != '\0' ) while( *end != '\0' )
++end; ++end;
@ -673,7 +685,9 @@ sni_entry *sni_parse( char *sni_string )
GET_ITEM( crt_file ); GET_ITEM( crt_file );
GET_ITEM( key_file ); GET_ITEM( key_file );
GET_ITEM( ca_file ); GET_ITEM( ca_file );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
GET_ITEM( crl_file ); GET_ITEM( crl_file );
#endif
GET_ITEM( auth_str ); GET_ITEM( auth_str );
if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL || if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@ -698,6 +712,7 @@ sni_entry *sni_parse( char *sni_string )
goto error; goto error;
} }
#if defined(MBEDTLS_X509_CRL_PARSE_C)
if( strcmp( crl_file, "-" ) != 0 ) if( strcmp( crl_file, "-" ) != 0 )
{ {
if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL ) if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@ -708,6 +723,7 @@ sni_entry *sni_parse( char *sni_string )
if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 ) if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
goto error; goto error;
} }
#endif
if( strcmp( auth_str, "-" ) != 0 ) if( strcmp( auth_str, "-" ) != 0 )
{ {
@ -761,15 +777,18 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define HEX2NUM( c ) \ #define HEX2NUM( c ) \
if( c >= '0' && c <= '9' ) \ do \
c -= '0'; \ { \
else if( c >= 'a' && c <= 'f' ) \ if( (c) >= '0' && (c) <= '9' ) \
c -= 'a' - 10; \ (c) -= '0'; \
else if( c >= 'A' && c <= 'F' ) \ else if( (c) >= 'a' && (c) <= 'f' ) \
c -= 'A' - 10; \ (c) -= 'a' - 10; \
else \ else if( (c) >= 'A' && (c) <= 'F' ) \
return( -1 ); (c) -= 'A' - 10; \
else \
return( -1 ); \
} while( 0 )
/* /*
* Convert a hex string to bytes. * Convert a hex string to bytes.

2
programs/test/benchmark.c
View file

@ -163,7 +163,7 @@ do { \
#define MEMORY_MEASURE_PRINT( title_len ) \ #define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " ); \ for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \ max_used -= prv_used; \
max_blocks -= prv_blocks; \ max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \

368
scripts/abi_check.py
View file

@ -9,10 +9,10 @@ Purpose
This script is a small wrapper around the abi-compliance-checker and This script is a small wrapper around the abi-compliance-checker and
abi-dumper tools, applying them to compare the ABI and API of the library abi-dumper tools, applying them to compare the ABI and API of the library
files from two different Git revisions within an Mbed TLS repository. files from two different Git revisions within an Mbed TLS repository.
The results of the comparison are formatted as HTML and stored at The results of the comparison are either formatted as HTML and stored at
a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, a configurable location, or are given as a brief list of problems.
and 2 if there is an error while running the script. Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error
Note: must be run from Mbed TLS root. while running the script. Note: must be run from Mbed TLS root.
""" """
import os import os
@ -23,30 +23,37 @@ import subprocess
import argparse import argparse
import logging import logging
import tempfile import tempfile
import fnmatch
from types import SimpleNamespace
import xml.etree.ElementTree as ET
class AbiChecker(object): class AbiChecker(object):
"""API and ABI checker.""" """API and ABI checker."""
def __init__(self, report_dir, old_rev, new_rev, keep_all_reports): def __init__(self, old_version, new_version, configuration):
"""Instantiate the API/ABI checker. """Instantiate the API/ABI checker.
report_dir: directory for output files old_version: RepoVersion containing details to compare against
old_rev: reference git revision to compare against new_version: RepoVersion containing details to check
new_rev: git revision to check configuration.report_dir: directory for output files
keep_all_reports: if false, delete old reports configuration.keep_all_reports: if false, delete old reports
configuration.brief: if true, output shorter report to stdout
configuration.skip_file: path to file containing symbols and types to skip
""" """
self.repo_path = "." self.repo_path = "."
self.log = None self.log = None
self.setup_logger() self.verbose = configuration.verbose
self.report_dir = os.path.abspath(report_dir) self._setup_logger()
self.keep_all_reports = keep_all_reports self.report_dir = os.path.abspath(configuration.report_dir)
self.should_keep_report_dir = os.path.isdir(self.report_dir) self.keep_all_reports = configuration.keep_all_reports
self.old_rev = old_rev self.can_remove_report_dir = not (os.path.exists(self.report_dir) or
self.new_rev = new_rev self.keep_all_reports)
self.mbedtls_modules = ["libmbedcrypto", "libmbedtls", "libmbedx509"] self.old_version = old_version
self.old_dumps = {} self.new_version = new_version
self.new_dumps = {} self.skip_file = configuration.skip_file
self.brief = configuration.brief
self.git_command = "git" self.git_command = "git"
self.make_command = "make" self.make_command = "make"
@ -57,9 +64,12 @@ class AbiChecker(object):
if current_dir != root_dir: if current_dir != root_dir:
raise Exception("Must be run from Mbed TLS root") raise Exception("Must be run from Mbed TLS root")
def setup_logger(self): def _setup_logger(self):
self.log = logging.getLogger() self.log = logging.getLogger()
self.log.setLevel(logging.INFO) if self.verbose:
self.log.setLevel(logging.DEBUG)
else:
self.log.setLevel(logging.INFO)
self.log.addHandler(logging.StreamHandler()) self.log.addHandler(logging.StreamHandler())
@staticmethod @staticmethod
@ -68,142 +78,210 @@ class AbiChecker(object):
if not shutil.which(command): if not shutil.which(command):
raise Exception("{} not installed, aborting".format(command)) raise Exception("{} not installed, aborting".format(command))
def get_clean_worktree_for_git_revision(self, git_rev): def _get_clean_worktree_for_git_revision(self, version):
"""Make a separate worktree with git_rev checked out. """Make a separate worktree with version.revision checked out.
Do not modify the current worktree.""" Do not modify the current worktree."""
self.log.info(
"Checking out git worktree for revision {}".format(git_rev)
)
git_worktree_path = tempfile.mkdtemp() git_worktree_path = tempfile.mkdtemp()
worktree_process = subprocess.Popen( if version.repository:
[self.git_command, "worktree", "add", git_worktree_path, git_rev], self.log.debug(
"Checking out git worktree for revision {} from {}".format(
version.revision, version.repository
)
)
fetch_output = subprocess.check_output(
[self.git_command, "fetch",
version.repository, version.revision],
cwd=self.repo_path,
stderr=subprocess.STDOUT
)
self.log.debug(fetch_output.decode("utf-8"))
worktree_rev = "FETCH_HEAD"
else:
self.log.debug("Checking out git worktree for revision {}".format(
version.revision
))
worktree_rev = version.revision
worktree_output = subprocess.check_output(
[self.git_command, "worktree", "add", "--detach",
git_worktree_path, worktree_rev],
cwd=self.repo_path, cwd=self.repo_path,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT stderr=subprocess.STDOUT
) )
worktree_output, _ = worktree_process.communicate() self.log.debug(worktree_output.decode("utf-8"))
self.log.info(worktree_output.decode("utf-8"))
if worktree_process.returncode != 0:
raise Exception("Checking out worktree failed, aborting")
return git_worktree_path return git_worktree_path
def build_shared_libraries(self, git_worktree_path): def _update_git_submodules(self, git_worktree_path, version):
"""If the crypto submodule is present, initialize it.
if version.crypto_revision exists, update it to that revision,
otherwise update it to the default revision"""
update_output = subprocess.check_output(
[self.git_command, "submodule", "update", "--init", '--recursive'],
cwd=git_worktree_path,
stderr=subprocess.STDOUT
)
self.log.debug(update_output.decode("utf-8"))
if not (os.path.exists(os.path.join(git_worktree_path, "crypto"))
and version.crypto_revision):
return
if version.crypto_repository:
fetch_output = subprocess.check_output(
[self.git_command, "fetch", version.crypto_repository,
version.crypto_revision],
cwd=os.path.join(git_worktree_path, "crypto"),
stderr=subprocess.STDOUT
)
self.log.debug(fetch_output.decode("utf-8"))
crypto_rev = "FETCH_HEAD"
else:
crypto_rev = version.crypto_revision
checkout_output = subprocess.check_output(
[self.git_command, "checkout", crypto_rev],
cwd=os.path.join(git_worktree_path, "crypto"),
stderr=subprocess.STDOUT
)
self.log.debug(checkout_output.decode("utf-8"))
def _build_shared_libraries(self, git_worktree_path, version):
"""Build the shared libraries in the specified worktree.""" """Build the shared libraries in the specified worktree."""
my_environment = os.environ.copy() my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og" my_environment["CFLAGS"] = "-g -Og"
my_environment["SHARED"] = "1" my_environment["SHARED"] = "1"
make_process = subprocess.Popen( my_environment["USE_CRYPTO_SUBMODULE"] = "1"
self.make_command, make_output = subprocess.check_output(
[self.make_command, "lib"],
env=my_environment, env=my_environment,
cwd=git_worktree_path, cwd=git_worktree_path,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT stderr=subprocess.STDOUT
) )
make_output, _ = make_process.communicate() self.log.debug(make_output.decode("utf-8"))
self.log.info(make_output.decode("utf-8")) for root, _dirs, files in os.walk(git_worktree_path):
if make_process.returncode != 0: for file in fnmatch.filter(files, "*.so"):
raise Exception("make failed, aborting") version.modules[os.path.splitext(file)[0]] = (
os.path.join(root, file)
)
def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path): def _get_abi_dumps_from_shared_libraries(self, version):
"""Generate the ABI dumps for the specified git revision. """Generate the ABI dumps for the specified git revision.
It must be checked out in git_worktree_path and the shared libraries The shared libraries must have been built and the module paths
must have been built.""" present in version.modules."""
abi_dumps = {} for mbed_module, module_path in version.modules.items():
for mbed_module in self.mbedtls_modules:
output_path = os.path.join( output_path = os.path.join(
self.report_dir, "{}-{}.dump".format(mbed_module, git_ref) self.report_dir, "{}-{}-{}.dump".format(
mbed_module, version.revision, version.version
)
) )
abi_dump_command = [ abi_dump_command = [
"abi-dumper", "abi-dumper",
os.path.join( module_path,
git_worktree_path, "library", mbed_module + ".so"),
"-o", output_path, "-o", output_path,
"-lver", git_ref "-lver", version.revision
] ]
abi_dump_process = subprocess.Popen( abi_dump_output = subprocess.check_output(
abi_dump_command, abi_dump_command,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT stderr=subprocess.STDOUT
) )
abi_dump_output, _ = abi_dump_process.communicate() self.log.debug(abi_dump_output.decode("utf-8"))
self.log.info(abi_dump_output.decode("utf-8")) version.abi_dumps[mbed_module] = output_path
if abi_dump_process.returncode != 0:
raise Exception("abi-dumper failed, aborting")
abi_dumps[mbed_module] = output_path
return abi_dumps
def cleanup_worktree(self, git_worktree_path): def _cleanup_worktree(self, git_worktree_path):
"""Remove the specified git worktree.""" """Remove the specified git worktree."""
shutil.rmtree(git_worktree_path) shutil.rmtree(git_worktree_path)
worktree_process = subprocess.Popen( worktree_output = subprocess.check_output(
[self.git_command, "worktree", "prune"], [self.git_command, "worktree", "prune"],
cwd=self.repo_path, cwd=self.repo_path,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT stderr=subprocess.STDOUT
) )
worktree_output, _ = worktree_process.communicate() self.log.debug(worktree_output.decode("utf-8"))
self.log.info(worktree_output.decode("utf-8"))
if worktree_process.returncode != 0:
raise Exception("Worktree cleanup failed, aborting")
def get_abi_dump_for_ref(self, git_rev): def _get_abi_dump_for_ref(self, version):
"""Generate the ABI dumps for the specified git revision.""" """Generate the ABI dumps for the specified git revision."""
git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) git_worktree_path = self._get_clean_worktree_for_git_revision(version)
self.build_shared_libraries(git_worktree_path) self._update_git_submodules(git_worktree_path, version)
abi_dumps = self.get_abi_dumps_from_shared_libraries( self._build_shared_libraries(git_worktree_path, version)
git_rev, git_worktree_path self._get_abi_dumps_from_shared_libraries(version)
) self._cleanup_worktree(git_worktree_path)
self.cleanup_worktree(git_worktree_path)
return abi_dumps def _remove_children_with_tag(self, parent, tag):
children = parent.getchildren()
for child in children:
if child.tag == tag:
parent.remove(child)
else:
self._remove_children_with_tag(child, tag)
def _remove_extra_detail_from_report(self, report_root):
for tag in ['test_info', 'test_results', 'problem_summary',
'added_symbols', 'removed_symbols', 'affected']:
self._remove_children_with_tag(report_root, tag)
for report in report_root:
for problems in report.getchildren()[:]:
if not problems.getchildren():
report.remove(problems)
def get_abi_compatibility_report(self): def get_abi_compatibility_report(self):
"""Generate a report of the differences between the reference ABI """Generate a report of the differences between the reference ABI
and the new ABI. ABI dumps from self.old_rev and self.new_rev must and the new ABI. ABI dumps from self.old_version and self.new_version
be available.""" must be available."""
compatibility_report = "" compatibility_report = ""
compliance_return_code = 0 compliance_return_code = 0
for mbed_module in self.mbedtls_modules: shared_modules = list(set(self.old_version.modules.keys()) &
set(self.new_version.modules.keys()))
for mbed_module in shared_modules:
output_path = os.path.join( output_path = os.path.join(
self.report_dir, "{}-{}-{}.html".format( self.report_dir, "{}-{}-{}.html".format(
mbed_module, self.old_rev, self.new_rev mbed_module, self.old_version.revision,
self.new_version.revision
) )
) )
abi_compliance_command = [ abi_compliance_command = [
"abi-compliance-checker", "abi-compliance-checker",
"-l", mbed_module, "-l", mbed_module,
"-old", self.old_dumps[mbed_module], "-old", self.old_version.abi_dumps[mbed_module],
"-new", self.new_dumps[mbed_module], "-new", self.new_version.abi_dumps[mbed_module],
"-strict", "-strict",
"-report-path", output_path "-report-path", output_path,
] ]
abi_compliance_process = subprocess.Popen( if self.skip_file:
abi_compliance_command, abi_compliance_command += ["-skip-symbols", self.skip_file,
stdout=subprocess.PIPE, "-skip-types", self.skip_file]
stderr=subprocess.STDOUT if self.brief:
) abi_compliance_command += ["-report-format", "xml",
abi_compliance_output, _ = abi_compliance_process.communicate() "-stdout"]
self.log.info(abi_compliance_output.decode("utf-8")) try:
if abi_compliance_process.returncode == 0: subprocess.check_output(
abi_compliance_command,
stderr=subprocess.STDOUT
)
except subprocess.CalledProcessError as err:
if err.returncode == 1:
compliance_return_code = 1
if self.brief:
self.log.info(
"Compatibility issues found for {}".format(mbed_module)
)
report_root = ET.fromstring(err.output.decode("utf-8"))
self._remove_extra_detail_from_report(report_root)
self.log.info(ET.tostring(report_root).decode("utf-8"))
else:
self.can_remove_report_dir = False
compatibility_report += (
"Compatibility issues found for {}, "
"for details see {}\n".format(mbed_module, output_path)
)
else:
raise err
else:
compatibility_report += ( compatibility_report += (
"No compatibility issues for {}\n".format(mbed_module) "No compatibility issues for {}\n".format(mbed_module)
) )
if not self.keep_all_reports: if not (self.keep_all_reports or self.brief):
os.remove(output_path) os.remove(output_path)
elif abi_compliance_process.returncode == 1: os.remove(self.old_version.abi_dumps[mbed_module])
compliance_return_code = 1 os.remove(self.new_version.abi_dumps[mbed_module])
self.should_keep_report_dir = True if self.can_remove_report_dir:
compatibility_report += (
"Compatibility issues found for {}, "
"for details see {}\n".format(mbed_module, output_path)
)
else:
raise Exception(
"abi-compliance-checker failed with a return code of {},"
" aborting".format(abi_compliance_process.returncode)
)
os.remove(self.old_dumps[mbed_module])
os.remove(self.new_dumps[mbed_module])
if not self.should_keep_report_dir and not self.keep_all_reports:
os.rmdir(self.report_dir) os.rmdir(self.report_dir)
self.log.info(compatibility_report) self.log.info(compatibility_report)
return compliance_return_code return compliance_return_code
@ -213,8 +291,8 @@ class AbiChecker(object):
between self.old_rev and self.new_rev.""" between self.old_rev and self.new_rev."""
self.check_repo_path() self.check_repo_path()
self.check_abi_tools_are_installed() self.check_abi_tools_are_installed()
self.old_dumps = self.get_abi_dump_for_ref(self.old_rev) self._get_abi_dump_for_ref(self.old_version)
self.new_dumps = self.get_abi_dump_for_ref(self.new_rev) self._get_abi_dump_for_ref(self.new_version)
return self.get_abi_compatibility_report() return self.get_abi_compatibility_report()
@ -226,12 +304,17 @@ def run_main():
abi-compliance-checker and abi-dumper tools, applying them abi-compliance-checker and abi-dumper tools, applying them
to compare the ABI and API of the library files from two to compare the ABI and API of the library files from two
different Git revisions within an Mbed TLS repository. different Git revisions within an Mbed TLS repository.
The results of the comparison are formatted as HTML and stored The results of the comparison are either formatted as HTML and
at a configurable location. Returns 0 on success, 1 on ABI/API stored at a configurable location, or are given as a brief list
non-compliance, and 2 if there is an error while running the of problems. Returns 0 on success, 1 on ABI/API non-compliance,
script. Note: must be run from Mbed TLS root.""" and 2 if there is an error while running the script.
Note: must be run from Mbed TLS root."""
) )
) )
parser.add_argument(
"-v", "--verbose", action="store_true",
help="set verbosity level",
)
parser.add_argument( parser.add_argument(
"-r", "--report-dir", type=str, default="reports", "-r", "--report-dir", type=str, default="reports",
help="directory where reports are stored, default is reports", help="directory where reports are stored, default is reports",
@ -241,18 +324,73 @@ def run_main():
help="keep all reports, even if there are no compatibility issues", help="keep all reports, even if there are no compatibility issues",
) )
parser.add_argument( parser.add_argument(
"-o", "--old-rev", type=str, help="revision for old version", "-o", "--old-rev", type=str, help="revision for old version.",
required=True required=True,
)
parser.add_argument(
"-or", "--old-repo", type=str, help="repository for old version."
)
parser.add_argument(
"-oc", "--old-crypto-rev", type=str,
help="revision for old crypto submodule."
)
parser.add_argument(
"-ocr", "--old-crypto-repo", type=str,
help="repository for old crypto submodule."
) )
parser.add_argument( parser.add_argument(
"-n", "--new-rev", type=str, help="revision for new version", "-n", "--new-rev", type=str, help="revision for new version",
required=True required=True,
)
parser.add_argument(
"-nr", "--new-repo", type=str, help="repository for new version."
)
parser.add_argument(
"-nc", "--new-crypto-rev", type=str,
help="revision for new crypto version"
)
parser.add_argument(
"-ncr", "--new-crypto-repo", type=str,
help="repository for new crypto submodule."
)
parser.add_argument(
"-s", "--skip-file", type=str,
help="path to file containing symbols and types to skip"
)
parser.add_argument(
"-b", "--brief", action="store_true",
help="output only the list of issues to stdout, instead of a full report",
) )
abi_args = parser.parse_args() abi_args = parser.parse_args()
abi_check = AbiChecker( if os.path.isfile(abi_args.report_dir):
abi_args.report_dir, abi_args.old_rev, print("Error: {} is not a directory".format(abi_args.report_dir))
abi_args.new_rev, abi_args.keep_all_reports parser.exit()
old_version = SimpleNamespace(
version="old",
repository=abi_args.old_repo,
revision=abi_args.old_rev,
crypto_repository=abi_args.old_crypto_repo,
crypto_revision=abi_args.old_crypto_rev,
abi_dumps={},
modules={}
) )
new_version = SimpleNamespace(
version="new",
repository=abi_args.new_repo,
revision=abi_args.new_rev,
crypto_repository=abi_args.new_crypto_repo,
crypto_revision=abi_args.new_crypto_rev,
abi_dumps={},
modules={}
)
configuration = SimpleNamespace(
verbose=abi_args.verbose,
report_dir=abi_args.report_dir,
keep_all_reports=abi_args.keep_all_reports,
brief=abi_args.brief,
skip_file=abi_args.skip_file
)
abi_check = AbiChecker(old_version, new_version, configuration)
return_code = abi_check.check_for_abi_changes() return_code = abi_check.check_for_abi_changes()
sys.exit(return_code) sys.exit(return_code)
except Exception: # pylint: disable=broad-except except Exception: # pylint: disable=broad-except

32
tests/scripts/list-identifiers.sh
View file

@ -1,4 +1,10 @@
#!/bin/sh #!/bin/bash
#
# Create a file named identifiers containing identifiers from internal header
# files or all header files, based on --internal flag.
# Outputs the line count of the file to stdout.
#
# Usage: list-identifiers.sh [ -i | --internal ]
set -eu set -eu
@ -7,7 +13,29 @@ if [ -d include/mbedtls ]; then :; else
exit 1 exit 1
fi fi
HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' ) INTERNAL=""
until [ -z "${1-}" ]
do
case "$1" in
-i|--internal)
INTERNAL="1"
;;
*)
# print error
echo "Unknown argument: '$1'"
exit 1
;;
esac
shift
done
if [ $INTERNAL ]
then
HEADERS=$( ls include/mbedtls/*_internal.h | egrep -v 'compat-1\.3\.h|bn_mul' )
else
HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
fi
rm -f identifiers rm -f identifiers