Merge pull request #4534 from gilles-peskine-arm/host_test-int32-2.16
Backport 2.16: Fix build error in host_test.function when int32_t is not int
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
new file mode 100644
index 0000000..9576ff3
--- /dev/null
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
diff --git a/ChangeLog.d/aescrypt2.txt b/ChangeLog.d/aescrypt2.txt
new file mode 100644
index 0000000..7ffa49e
--- /dev/null
+++ b/ChangeLog.d/aescrypt2.txt
@@ -0,0 +1,3 @@
+Changes
+ * Remove the AES sample application programs/aes/aescrypt2 which shows
+ bad cryptographic practice. Fix #1906.
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
new file mode 100644
index 0000000..d253f34
--- /dev/null
+++ b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+ when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+ was disabled. Fix the dependency. Fixes #4472.
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
new file mode 100644
index 0000000..e7ea827
--- /dev/null
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+ set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+ minimum size was rounded down to the nearest multiple of 8.
diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt
new file mode 100644
index 0000000..3aa330b
--- /dev/null
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix an incorrect error code when parsing a PKCS#8 private key.
diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt
new file mode 100644
index 0000000..0feeff8
--- /dev/null
+++ b/ChangeLog.d/make-generate-tests-python.txt
@@ -0,0 +1,4 @@
+Changes
+ * When building the test suites with GNU make, invoke python3 or python, not
+ python2. The build still works with either Python 2.7 or 3.5+, but we
+ recommend using a version of Python that is supported upstream.
diff --git a/ChangeLog.d/posix-define.txt b/ChangeLog.d/posix-define.txt
new file mode 100644
index 0000000..98cf2d0
--- /dev/null
+++ b/ChangeLog.d/posix-define.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
+ defined to specific values. If the code is used in a context
+ where these are already defined, this can result in a compilation
+ error. Instead, assume that if they are defined, the values will
+ be adequate to build Mbed TLS.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fff4240..b1d67f7 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -453,7 +453,7 @@
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
* must stay untouched.
*
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
* tables.
*
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index d8246e2..0e4a6bb 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -98,7 +98,7 @@
*
* \param feature The feature to detect
*
- * \return 1 if CPU has support for the feature, 0 otherwise
+ * \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support( int feature );
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a10a434..a83f5e6 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -124,7 +124,7 @@
* Recommended value: 86400 (one day).
*
* \note It is highly recommended to select a cipher that is at
- * least as strong as the the strongest ciphersuite
+ * least as strong as the strongest ciphersuite
* supported. Usually that means a 256-bit key.
*
* \note The lifetime of the keys is twice the lifetime of tickets.
diff --git a/library/ecp.c b/library/ecp.c
index fe41b41..2168981 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2505,7 +2505,7 @@
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
+ return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8;
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 671115f..3874783 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -47,11 +47,15 @@
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L
+#endif
#if defined(__NetBSD__)
+#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#endif
+#endif
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/pkparse.c b/library/pkparse.c
index e410f3a..2622351 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1070,7 +1070,7 @@
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+ return( ret );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 090040e..01df17a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -918,13 +918,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA512_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index bd7f281..073311b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2209,6 +2209,7 @@
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t dhm_actual_bitlen;
/*
* Ephemeral DH parameters:
@@ -2226,10 +2227,11 @@
return( ret );
}
- if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
+ dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+ if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
- ssl->handshake->dhm_ctx.len * 8,
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
+ (unsigned) dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c749a86..a00b439 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6364,8 +6364,6 @@
#if defined(MBEDTLS_SHA512_C)
-typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
-
static void ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
{
@@ -6373,12 +6371,6 @@
const char *sender;
mbedtls_sha512_context sha512;
unsigned char padbuf[48];
- /*
- * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
- * However, to avoid stringop-overflow warning in gcc, we have to cast
- * mbedtls_sha512_finish_ret().
- */
- finish_sha384_t finish_sha384 = (finish_sha384_t)mbedtls_sha512_finish_ret;
mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session )
@@ -6404,8 +6396,19 @@
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
-
- finish_sha384( &sha512, padbuf );
+ /* mbedtls_sha512_finish_ret's output parameter is declared as a
+ * 64-byte buffer, but sice we're using SHA-384, we know that the
+ * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
+ * about it.
+ */
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
+ mbedtls_sha512_finish_ret( &sha512, padbuf );
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic pop
+#endif
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len );
diff --git a/programs/.gitignore b/programs/.gitignore
index 4d78930..d9ca31c 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -2,7 +2,6 @@
*.sln
*.vcxproj
-aes/aescrypt2
aes/crypt_and_hash
hash/generic_sum
hash/hello
diff --git a/programs/Makefile b/programs/Makefile
index d09949b..d5ebfd7 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -47,7 +47,7 @@
LOCAL_LDFLAGS += -lz
endif
-APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
+APPS = aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
@@ -93,10 +93,6 @@
$(DEP):
$(MAKE) -C ../library
-aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
- echo " CC aes/aescrypt2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/README.md b/programs/README.md
index d26349d..e9e9f57 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -5,9 +5,6 @@
## Symmetric cryptography (AES) examples
-* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
- Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
-
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
## Hash (digest) examples
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index f5a0caa..ac70de8 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -1,9 +1,6 @@
-add_executable(aescrypt2 aescrypt2.c)
-target_link_libraries(aescrypt2 mbedtls)
-
add_executable(crypt_and_hash crypt_and_hash.c)
target_link_libraries(crypt_and_hash mbedtls)
-install(TARGETS aescrypt2 crypt_and_hash
+install(TARGETS crypt_and_hash
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
deleted file mode 100644
index 8b44aad..0000000
--- a/programs/aes/aescrypt2.c
+++ /dev/null
@@ -1,495 +0,0 @@
-/*
- * AES-256 file encryption program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- * This file is provided under the Apache License 2.0, or the
- * GNU General Public License v2.0 or later.
- *
- * **********
- * Apache License 2.0:
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * **********
- *
- * **********
- * GNU General Public License v2.0 or later:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * **********
- */
-
-/* Enable definition of fileno() even when compiling with -std=c99. Must be
- * set before config.h, which pulls in glibc's features.h indirectly.
- * Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#include "mbedtls/aes.h"
-#include "mbedtls/md.h"
-#include "mbedtls/platform_util.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_WIN32)
-#include <windows.h>
-#if !defined(_WIN32_WCE)
-#include <io.h>
-#endif
-#else
-#include <sys/types.h>
-#include <unistd.h>
-#endif
-
-#define MODE_ENCRYPT 0
-#define MODE_DECRYPT 1
-
-#define USAGE \
- "\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \
- "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
- "\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
- "\n"
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
-int main( void )
-{
- mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
- "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
- "not defined.\n");
- mbedtls_exit( 0 );
-}
-#else
-
-
-int main( int argc, char *argv[] )
-{
- int ret = 0;
- int exit_code = MBEDTLS_EXIT_FAILURE;
-
- unsigned int i, n;
- int mode, lastn;
- size_t keylen;
- FILE *fkey, *fin = NULL, *fout = NULL;
-
- char *p;
-
- unsigned char IV[16];
- unsigned char tmp[16];
- unsigned char key[512];
- unsigned char digest[32];
- unsigned char buffer[1024];
- unsigned char diff;
-
- mbedtls_aes_context aes_ctx;
- mbedtls_md_context_t sha_ctx;
-
-#if defined(_WIN32_WCE)
- long filesize, offset;
-#elif defined(_WIN32)
- LARGE_INTEGER li_size;
- __int64 filesize, offset;
-#else
- off_t filesize, offset;
-#endif
-
- mbedtls_aes_init( &aes_ctx );
- mbedtls_md_init( &sha_ctx );
-
- ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
- if( ret != 0 )
- {
- mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret );
- goto exit;
- }
-
- /*
- * Parse the command-line arguments.
- */
- if( argc != 5 )
- {
- mbedtls_printf( USAGE );
-
-#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
- goto exit;
- }
-
- mode = atoi( argv[1] );
- memset( IV, 0, sizeof( IV ) );
- memset( key, 0, sizeof( key ) );
- memset( digest, 0, sizeof( digest ) );
- memset( buffer, 0, sizeof( buffer ) );
-
- if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
- {
- mbedtls_fprintf( stderr, "invalide operation mode\n" );
- goto exit;
- }
-
- if( strcmp( argv[2], argv[3] ) == 0 )
- {
- mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
- goto exit;
- }
-
- if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
- goto exit;
- }
-
- if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
- {
- mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
- goto exit;
- }
-
- /*
- * Read the secret key from file or command line
- */
- if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
- {
- keylen = fread( key, 1, sizeof( key ), fkey );
- fclose( fkey );
- }
- else
- {
- if( memcmp( argv[4], "hex:", 4 ) == 0 )
- {
- p = &argv[4][4];
- keylen = 0;
-
- while( sscanf( p, "%02X", &n ) > 0 &&
- keylen < (int) sizeof( key ) )
- {
- key[keylen++] = (unsigned char) n;
- p += 2;
- }
- }
- else
- {
- keylen = strlen( argv[4] );
-
- if( keylen > (int) sizeof( key ) )
- keylen = (int) sizeof( key );
-
- memcpy( key, argv[4], keylen );
- }
- }
-
-#if defined(_WIN32_WCE)
- filesize = fseek( fin, 0L, SEEK_END );
-#else
-#if defined(_WIN32)
- /*
- * Support large files (> 2Gb) on Win32
- */
- li_size.QuadPart = 0;
- li_size.LowPart =
- SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
- li_size.LowPart, &li_size.HighPart, FILE_END );
-
- if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
- {
- mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
- goto exit;
- }
-
- filesize = li_size.QuadPart;
-#else
- if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
- {
- perror( "lseek" );
- goto exit;
- }
-#endif
-#endif
-
- if( fseek( fin, 0, SEEK_SET ) < 0 )
- {
- mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
- goto exit;
- }
-
- if( mode == MODE_ENCRYPT )
- {
- /*
- * Generate the initialization vector as:
- * IV = SHA-256( filesize || filename )[0..15]
- */
- for( i = 0; i < 8; i++ )
- buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
-
- p = argv[2];
-
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, buffer, 8 );
- mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
- mbedtls_md_finish( &sha_ctx, digest );
-
- memcpy( IV, digest, 16 );
-
- /*
- * The last four bits in the IV are actually used
- * to store the file size modulo the AES block size.
- */
- lastn = (int)( filesize & 0x0F );
-
- IV[15] = (unsigned char)
- ( ( IV[15] & 0xF0 ) | lastn );
-
- /*
- * Append the IV at the beginning of the output.
- */
- if( fwrite( IV, 1, 16, fout ) != 16 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- /*
- * Hash the IV and the secret key together 8192 times
- * using the result to setup the AES context and HMAC.
- */
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
-
- for( i = 0; i < 8192; i++ )
- {
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, digest, 32 );
- mbedtls_md_update( &sha_ctx, key, keylen );
- mbedtls_md_finish( &sha_ctx, digest );
- }
-
- mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
- mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
-
- /*
- * Encrypt and write the ciphertext.
- */
- for( offset = 0; offset < filesize; offset += 16 )
- {
- n = ( filesize - offset > 16 ) ? 16 : (int)
- ( filesize - offset );
-
- if( fread( buffer, 1, n, fin ) != (size_t) n )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
- goto exit;
- }
-
- for( i = 0; i < 16; i++ )
- buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
-
- mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
- mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
-
- if( fwrite( buffer, 1, 16, fout ) != 16 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( IV, buffer, 16 );
- }
-
- /*
- * Finally write the HMAC.
- */
- mbedtls_md_hmac_finish( &sha_ctx, digest );
-
- if( fwrite( digest, 1, 32, fout ) != 32 )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
- goto exit;
- }
- }
-
- if( mode == MODE_DECRYPT )
- {
- /*
- * The encrypted file must be structured as follows:
- *
- * 00 .. 15 Initialization Vector
- * 16 .. 31 AES Encrypted Block #1
- * ..
- * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
- * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
- */
- if( filesize < 48 )
- {
- mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
- goto exit;
- }
-
- if( ( filesize & 0x0F ) != 0 )
- {
- mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
- goto exit;
- }
-
- /*
- * Subtract the IV + HMAC length.
- */
- filesize -= ( 16 + 32 );
-
- /*
- * Read the IV and original filesize modulo 16.
- */
- if( fread( buffer, 1, 16, fin ) != 16 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( IV, buffer, 16 );
- lastn = IV[15] & 0x0F;
-
- /*
- * Hash the IV and the secret key together 8192 times
- * using the result to setup the AES context and HMAC.
- */
- memset( digest, 0, 32 );
- memcpy( digest, IV, 16 );
-
- for( i = 0; i < 8192; i++ )
- {
- mbedtls_md_starts( &sha_ctx );
- mbedtls_md_update( &sha_ctx, digest, 32 );
- mbedtls_md_update( &sha_ctx, key, keylen );
- mbedtls_md_finish( &sha_ctx, digest );
- }
-
- mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
- mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
-
- /*
- * Decrypt and write the plaintext.
- */
- for( offset = 0; offset < filesize; offset += 16 )
- {
- if( fread( buffer, 1, 16, fin ) != 16 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
- goto exit;
- }
-
- memcpy( tmp, buffer, 16 );
-
- mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
- mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
-
- for( i = 0; i < 16; i++ )
- buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
-
- memcpy( IV, tmp, 16 );
-
- n = ( lastn > 0 && offset == filesize - 16 )
- ? lastn : 16;
-
- if( fwrite( buffer, 1, n, fout ) != (size_t) n )
- {
- mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
- goto exit;
- }
- }
-
- /*
- * Verify the message authentication code.
- */
- mbedtls_md_hmac_finish( &sha_ctx, digest );
-
- if( fread( buffer, 1, 32, fin ) != 32 )
- {
- mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
- goto exit;
- }
-
- /* Use constant-time buffer comparison */
- diff = 0;
- for( i = 0; i < 32; i++ )
- diff |= digest[i] ^ buffer[i];
-
- if( diff != 0 )
- {
- mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
- "or file corrupted.\n" );
- goto exit;
- }
- }
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- if( fin )
- fclose( fin );
- if( fout )
- fclose( fout );
-
- /* Zeroize all command line arguments to also cover
- the case when the user has missed or reordered some,
- in which case the key might not be in argv[4]. */
- for( i = 0; i < (unsigned int) argc; i++ )
- mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
-
- mbedtls_platform_zeroize( IV, sizeof( IV ) );
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
- mbedtls_platform_zeroize( digest, sizeof( digest ) );
-
- mbedtls_aes_free( &aes_ctx );
- mbedtls_md_free( &sha_ctx );
-
- mbedtls_exit( exit_code );
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 66ead4a..b77994e 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -991,8 +991,8 @@
for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
{
- mbedtls_free( opt.delay_cli + delay_idx );
- mbedtls_free( opt.delay_srv + delay_idx );
+ mbedtls_free( opt.delay_cli[delay_idx] );
+ mbedtls_free( opt.delay_srv[delay_idx] );
}
mbedtls_net_free( &client_fd );
diff --git a/tests/Makefile b/tests/Makefile
index 1555b55..29f2fa1 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -44,8 +44,7 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
-# python2 for POSIX since FreeBSD has only python2 as default.
-PYTHON ?= python2
+PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
# Zlib shared library extensions:
@@ -63,7 +62,7 @@
.SILENT:
-.PHONY: all check test clean
+.PHONY: all c_files check test clean
all: $(BINARIES)
@@ -71,6 +70,7 @@
$(MAKE) -C ../library
C_FILES := $(addsuffix .c,$(APPS))
+c_files: $(C_FILES)
# Wildcard target for test code generation:
# A .c file is generated for each .data file in the suites/ directory. Each .c
diff --git a/tests/compat.sh b/tests/compat.sh
index 8905430..f2598b7 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -932,10 +932,23 @@
fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
+ O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+ # The default prime for `openssl s_server` depends on the version:
+ # * OpenSSL <= 1.0.2a: 512-bit
+ # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit
+ # * OpenSSL >= 1.1.1c: 2048-bit
+ # Mbed TLS wants >=1024, so force that for older versions. Don't force
+ # it for newer versions, which reject a 1024-bit prime. Indifferently
+ # force it or not for intermediate versions.
+ case $($OPENSSL_CMD version) in
+ "OpenSSL 1.0"*)
+ O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem"
+ ;;
+ esac
+
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then
O_SERVER_ARGS="$O_SERVER_ARGS"
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index db4ee3b..3ac237a 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1053,6 +1053,16 @@
all_final += cert_md5.crt
################################################################
+#### Diffie-Hellman parameters
+################################################################
+
+dh.998.pem:
+ $(OPENSSL) dhparam -out $@ -text 998
+
+dh.999.pem:
+ $(OPENSSL) dhparam -out $@ -text 999
+
+################################################################
#### Meta targets
################################################################
diff --git a/tests/data_files/dh.998.pem b/tests/data_files/dh.998.pem
new file mode 100644
index 0000000..96d6cf2
--- /dev/null
+++ b/tests/data_files/dh.998.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (998 bit)
+ prime:
+ 39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
+ b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
+ 6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
+ 48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
+ 9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
+ fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
+ c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
+ 8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
+ de:f8:08:25:db
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
+YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
+EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/data_files/dh.999.pem b/tests/data_files/dh.999.pem
new file mode 100644
index 0000000..6e3ceb3
--- /dev/null
+++ b/tests/data_files/dh.999.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (999 bit)
+ prime:
+ 4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
+ 69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
+ 6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
+ 14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
+ 69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
+ bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
+ 82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
+ 68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
+ f2:e6:c4:94:03
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
+cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
+vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e56c3e..1a4de44 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -691,6 +691,18 @@
record_status tests/scripts/doxygen.sh
}
+component_check_python2 () {
+ # Check that what used to work with Python 2 still works with Python 2.
+ msg "check: python2 compatibility"
+ mkdir -p tests/with_python2 tests/with_python3
+ make -C tests PYTHON=python2 c_files
+ mv tests/test_suite_*.c tests/with_python2/
+ make -C tests PYTHON=python3 c_files
+ mv tests/test_suite_*.c tests/with_python3/
+ diff -r tests/with_python2 tests/with_python3
+ rm -rf tests/with_python2 tests/with_python3
+}
+
################################################################
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f452b37..b74ed55 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,4 +1,7 @@
#!/usr/bin/env python3
+
+# This script should still be compatible with Python 2 in Mbed TLS 2.16.x.
+
# Test suites code generator.
#
# Copyright The Mbed TLS Contributors
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7ec83d2..439e2c3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -952,7 +952,7 @@
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
+O_SRV="$O_SRV -accept $SRV_PORT"
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
@@ -3960,6 +3960,20 @@
0 \
-C "DHM prime too short:"
+run_test "DHM size: server 999, client 999, OK" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 0 \
+ -C "DHM prime too short:"
+
+run_test "DHM size: server 1000, client 1000, OK" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 0 \
+ -C "DHM prime too short:"
+
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -3967,6 +3981,27 @@
1 \
-c "DHM prime too short:"
+run_test "DHM size: server 1000, client 1001, rejected" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1001" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 999, client 1000, rejected" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 998, client 999, rejected" \
+ "$P_SRV dhm_file=data_files/dh.998.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 1 \
+ -c "DHM prime too short:"
+
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj
deleted file mode 100644
index 1d608db..0000000
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|Win32">
- <Configuration>Debug</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Debug|x64">
- <Configuration>Debug</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|Win32">
- <Configuration>Release</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|x64">
- <Configuration>Release</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="..\..\programs\aes\aescrypt2.c" />
- </ItemGroup>
- <ItemGroup>
- <ProjectReference Include="mbedTLS.vcxproj">
- <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
- <LinkLibraryDependencies>true</LinkLibraryDependencies>
- </ProjectReference>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}</ProjectGuid>
- <Keyword>Win32Proj</Keyword>
- <RootNamespace>aescrypt2</RootNamespace>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LinkIncremental>true</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <LinkIncremental>false</LinkIncremental>
- <IntDir>$(Configuration)\$(TargetName)\</IntDir>
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
- </Link>
- <ProjectReference>
- <LinkLibraryDependencies>false</LinkLibraryDependencies>
- </ProjectReference>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
- </ClCompile>
- <Link>
- <SubSystem>Console</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
- </Link>
- </ItemDefinitionGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 61f30bb..57a8d4d 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -3,11 +3,6 @@
# Visual C++ Express 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -259,14 +254,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64
- {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64