Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 5e9d83d..7c31353 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -38,4 +38,4 @@
## Question
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**
diff --git a/.travis.yml b/.travis.yml
index fa01e5a..4d23652 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@
- tests/scripts/check-generated-files.sh
- tests/scripts/check-doxy-blocks.pl
- tests/scripts/check-names.sh
+- tests/scripts/check-files.py
- tests/scripts/doxygen.sh
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
- make
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2018d35..0ade1d4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,8 +8,13 @@
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
+string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
+string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
+string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
+
# the test suites currently have compile errors with MSVC
-if(MSVC)
+if(CMAKE_COMPILER_IS_MSVC)
option(ENABLE_TESTING "Build mbed TLS tests." OFF)
else()
option(ENABLE_TESTING "Build mbed TLS tests." ON)
@@ -56,9 +61,37 @@
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
FORCE)
+# Create a symbolic link from ${base_name} in the binary directory
+# to the corresponding path in the source directory.
+function(link_to_source base_name)
+ # Get OS dependent path to use in `execute_process`
+ file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link)
+ file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target)
+
+ if (NOT EXISTS ${link})
+ if (CMAKE_HOST_UNIX)
+ set(command ln -s ${target} ${link})
+ else()
+ if (IS_DIRECTORY ${target})
+ set(command cmd.exe /c mklink /j ${link} ${target})
+ else()
+ set(command cmd.exe /c mklink /h ${link} ${target})
+ endif()
+ endif()
+
+ execute_process(COMMAND ${command}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
+ endif()
+endfunction(link_to_source)
+
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
-if(CMAKE_COMPILER_IS_GNUCC)
+if(CMAKE_COMPILER_IS_GNU)
# some warnings we want are not available with old GCC versions
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
@@ -77,30 +110,34 @@
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
-endif(CMAKE_COMPILER_IS_GNUCC)
+endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
+ set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
endif(CMAKE_COMPILER_IS_CLANG)
-if(MSVC)
+if(CMAKE_COMPILER_IS_IAR)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts --warnings_are_errors -Ohz")
+endif(CMAKE_COMPILER_IS_IAR)
+
+if(CMAKE_COMPILER_IS_MSVC)
# Strictest warnings, and treat as errors
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
-endif(MSVC)
+endif(CMAKE_COMPILER_IS_MSVC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
- if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
+ if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
- endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
+ endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(LIB_INSTALL_DIR)
@@ -164,3 +201,12 @@
)
endif(UNIX)
endif()
+
+# Make scripts needed for testing available in an out-of-source build.
+if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(scripts)
+ # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
+ # keep things simple with the sed commands in the memcheck target.
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
+ ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+endif()
diff --git a/ChangeLog b/ChangeLog
index 1195451..6cdb840 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,8 +36,65 @@
Eyal Ronen and Adi Shamir.
Bugfix
+ * Fix compilation error on C++, because of a variable named new.
+ Found and fixed by Hirotaka Niisato in #1783.
+ * Fix the inline assembly for the MPI multiply helper function for i386 and
+ i386 with SSE2. Found by László Langó. Fixes #1550
+ * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
+ Philippe Antoine. Fixes #1623.
+ * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
+ return value. Found by @davidwu2000. #839
+ * Fix the key_app_writer example which was writing a leading zero byte which
+ was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257.
+ * Remove unused headers included in x509.c. Found by Chris Hanson and fixed
+ by Brendan Shanks. Part of a fix for #992.
+ * Fix compilation error when MBEDTLS_ARC4_C is disabled and
+ MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+ * Added length checks to some TLS parsing functions. Found and fixed by
+ Philippe Antoine from Catena cyber. #1663.
+ * Fix namespacing in header files. Remove the `mbedtls` namespacing in
+ the `#include` in the header files. Resolves #857
+ * Fix compiler warning of 'use before initialisation' in
+ mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid
+ Drozd. #1098
+ * Fix decryption for zero length messages (which contain all padding) when a
+ CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
+ such a message was wrongly reported as an invalid record and therefore lead
+ to the connection being terminated. Seen most often with OpenSSL using
+ TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
+ contributed by Espressif Systems. Fixes #1632
+ * Fail when receiving a TLS alert message with an invalid length, or invalid
+ zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
+ * Fix ssl_client2 example to send application data with 0-length content
+ when the request_size argument is set to 0 as stated in the documentation.
+ Fixes #1833.
+ * Correct the documentation for `mbedtls_ssl_get_session()`.
+ This API has deep copy of the session, and the peer
+ certificate is not lost. Fixes #926.
+
+Changes
+ * Change the shebang line in Perl scripts to look up perl in the PATH.
+ Contributed by fbrosson in #1533.
+
+= mbed TLS 2.7.4 branch released 2018-06-18
+
+Bugfix
* Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
TrinityTonic. #1359.
+ * Fix for redefinition of _WIN32_WINNT to avoid overriding a definition
+ used by user applications. Found and fixed by Fabio Alessandrelli.
+ * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
+ * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
+ build to fail. Found by zv-io. Fixes #1651.
+ * Fix compilation warnings with IAR toolchain, on 32 bit platform.
+ Reported by rahmanih in #683
+
+Changes
+ * Support TLS testing in out-of-source builds using cmake. Fixes #1193.
+ * Changed CMake defaults for IAR to treat all compiler warnings as errors.
+ * Changed the Clang parameters used in the CMake build files to work for
+ versions later than 3.6. Versions of Clang earlier than this may no longer
+ work. Fixes #1072
= mbed TLS 2.7.3 branch released 2018-04-30
@@ -1709,7 +1766,7 @@
issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
- the same host (Not to be confused with SNI!)
+ the same host (Not to be confused with SNI!)
Changes
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
@@ -1940,7 +1997,7 @@
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
- config.h)
+ config.h)
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module
@@ -1952,7 +2009,7 @@
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
- certificates
+ certificates
* x509parse_crtpath() is now reentrant and uses more portable stat()
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
* Fixed values for 2-key Triple DES in cipher layer
@@ -2110,7 +2167,7 @@
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Handle encryption with private key and decryption with public key as per
- RFC 2313
+ RFC 2313
* Handle empty certificate subject names
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
@@ -2141,7 +2198,7 @@
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
- certificates
+ certificates
* Fixed values for 2-key Triple DES in cipher layer
* ssl_write_certificate_request() can handle empty ca_chain
@@ -2222,16 +2279,16 @@
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
- data and pointers again. Adapted ssl_server to use this functionality.
+ data and pointers again. Adapted ssl_server to use this functionality.
* Added ssl_set_max_version() to allow clients to offer a lower maximum
supported version to a server to help buggy server implementations.
- (Closes ticket #36)
+ (Closes ticket #36)
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
- entropy sources
+ entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
@@ -2364,7 +2421,7 @@
* Corrected parsing of UTCTime dates before 1990 and
after 1950
* Support more exotic OID's when parsing certificates
- (found by Mads Kiilerich)
+ (found by Mads Kiilerich)
* Support more exotic name representations when parsing
certificates (found by Mads Kiilerich)
* Replaced the expired test certificates
@@ -2394,7 +2451,7 @@
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
- + Additional example programs to show usage
+ + Additional example programs to show usage
* Added support for PKCS#11 through the use of the
libpkcs11-helper library
diff --git a/Makefile b/Makefile
index c18b99b..a0fcb2b 100644
--- a/Makefile
+++ b/Makefile
@@ -24,12 +24,12 @@
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -r include/mbedtls $(DESTDIR)/include
-
+
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
-
+
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
@@ -44,7 +44,7 @@
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
-
+
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
diff --git a/README.md b/README.md
index a2c3c6f..ced36e1 100644
--- a/README.md
+++ b/README.md
@@ -211,7 +211,7 @@
### Making a Contribution
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 87662d1..8b39b4d 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.7.3 source code documentation
+ * @mainpage mbed TLS v2.7.4 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 2b6876a..997c0f6 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.7.3"
+PROJECT_NAME = "mbed TLS v2.7.4"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 985a353..1b581a5 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -9,3 +9,8 @@
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endif(INSTALL_MBEDTLS_HEADERS)
+
+# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
+if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(mbedtls)
+endif()
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 354c1cc..b587317 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -49,7 +49,14 @@
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
+
+/*
+ * Disable use of the i386 assembly code below if option -O0, to disable all
+ * compiler optimisations, is passed, detected with __OPTIMIZE__
+ * This is done as the number of registers used in the assembly code doesn't
+ * work with the -O0 option.
+ */
+#if defined(__i386__) && defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \
@@ -142,7 +149,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#else
@@ -154,7 +161,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#endif /* SSE2 */
#endif /* i386 */
@@ -521,7 +528,7 @@
"swi r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
- : "r3", "r4" "r5", "r6", "r7", "r8", \
+ : "r3", "r4", "r5", "r6", "r7", "r8", \
"r9", "r10", "r11", "r12", "r13" \
);
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index d1f4efe..1c453a1 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -43,7 +43,7 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 628c9da..24839a2 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -26,7 +26,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
-#include "mbedtls/cipher.h"
+#include "cipher.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index c7ba174..8aee63f 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2818,7 +2818,7 @@
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
+//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 121575a..e554a0a 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -31,7 +31,7 @@
#include "aes.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 8a6d517..1804069 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -48,7 +48,7 @@
* [6] Digital Signature Standard (DSS), FIPS 186-4.
* <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
*
- * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
+ * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
* Security (TLS), RFC 4492.
* <https://tools.ietf.org/search/rfc4492>
*
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 1e5a507..00ed421 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -106,20 +106,41 @@
* If the buffers overlap, the output buffer must trail at least 8 Bytes
* behind the input buffer.
*
+ * \warning When this function performs a decryption, it outputs the
+ * authentication tag and does not verify that the data is
+ * authentic. You should use this function to perform encryption
+ * only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
+ *
* \param ctx The GCM context to use for encryption or decryption.
- * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
- * #MBEDTLS_GCM_DECRYPT.
- * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
+ * \param mode The operation to perform:
+ * - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
+ * The ciphertext is written to \p output and the
+ * authentication tag is written to \p tag.
+ * - #MBEDTLS_GCM_DECRYPT to perform decryption.
+ * The plaintext is written to \p output and the
+ * authentication tag is written to \p tag.
+ * Note that this mode is not recommended, because it does
+ * not verify the authenticity of the data. For this reason,
+ * you should use mbedtls_gcm_auth_decrypt() instead of
+ * calling this function in decryption mode.
+ * \param length The length of the input data, which is equal to the length
+ * of the output data.
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param add_len The length of the additional data.
- * \param input The buffer holding the input data.
- * \param output The buffer for holding the output data.
+ * \param input The buffer holding the input data. Its size is \b length.
+ * \param output The buffer for holding the output data. It must have room
+ * for \b length bytes.
* \param tag_len The length of the tag to generate.
* \param tag The buffer for holding the tag.
*
- * \return \c 0 on success.
+ * \return \c 0 if the encryption or decryption was performed
+ * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
+ * this does not indicate that the data is authentic.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid.
+ * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific
+ * error code if the encryption or decryption failed.
*/
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
int mode,
@@ -142,18 +163,23 @@
* behind the input buffer.
*
* \param ctx The GCM context.
- * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
+ * \param length The length of the ciphertext to decrypt, which is also
+ * the length of the decrypted plaintext.
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param add_len The length of the additional data.
- * \param tag The buffer holding the tag.
- * \param tag_len The length of the tag.
- * \param input The buffer holding the input data.
- * \param output The buffer for holding the output data.
+ * \param tag The buffer holding the tag to verify.
+ * \param tag_len The length of the tag to verify.
+ * \param input The buffer holding the ciphertext. Its size is \b length.
+ * \param output The buffer for holding the decrypted plaintext. It must
+ * have room for \b length bytes.
*
- * \return 0 if successful and authenticated, or
- * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
+ * \return \c 0 if successful and authenticated.
+ * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid.
+ * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific
+ * error code if the decryption failed.
*/
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length,
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index e0821cf..2608de8 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -27,7 +27,7 @@
#include "md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
/*
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 28ae821..6c13b53 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -1,7 +1,7 @@
/**
* \file net.h
*
- * \brief Deprecated header file that includes mbedtls/net_sockets.h
+ * \brief Deprecated header file that includes net_sockets.h
*
* \deprecated Superseded by mbedtls/net_sockets.h
*/
@@ -25,7 +25,7 @@
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
+#include "net_sockets.h"
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
#endif /* MBEDTLS_DEPRECATED_WARNING */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 2e21f03..7c2835b 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -31,7 +31,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
old mode 100755
new mode 100644
index 7f6da05..c6e4532
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -53,7 +53,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
#endif
/*
@@ -1828,21 +1828,21 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
- * \brief Set or reset the hostname to check against the received
- * server certificate. It sets the ServerName TLS extension,
+ * \brief Set or reset the hostname to check against the received
+ * server certificate. It sets the ServerName TLS extension,
* too, if that extension is enabled. (client-side only)
*
* \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname
-
+ *
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
*
- * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+ * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared
- * when NULL). On allocation failure hostname is cleared.
+ * when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged.
*/
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
@@ -2370,7 +2370,6 @@
* \brief Save session in order to resume it later (client-side only)
* Session data is copied to presented session structure.
*
- * \warning Currently, peer certificate is lost in the operation.
*
* \param ssl SSL context
* \param session session context
@@ -2378,7 +2377,18 @@
* \return 0 if successful,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- * arguments are otherwise invalid
+ * arguments are otherwise invalid.
+ *
+ * \note Only the server certificate is copied, and not the full chain,
+ * so you should not attempt to validate the certificate again
+ * by calling \c mbedtls_x509_crt_verify() on it.
+ * Instead, you should use the results from the verification
+ * in the original handshake by calling \c mbedtls_ssl_get_verify_result()
+ * after loading the session again into a new SSL context
+ * using \c mbedtls_ssl_set_session().
+ *
+ * \note Once the session object is not needed anymore, you should
+ * free it by calling \c mbedtls_ssl_session_free().
*
* \sa mbedtls_ssl_set_session()
*/
@@ -2504,17 +2514,19 @@
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
* or another negative error code.
*
- * \note If this function returns something other than a positive
- * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * \note If this function returns something other than 0, a positive
+ * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop
+ * using the SSL context for reading or writing, and either
+ * free it or call \c mbedtls_ssl_session_reset() on it before
+ * re-using it for a new connection; the current connection
+ * must be closed.
*
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments,
- * until it returns a positive value. When the function returns
- * MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
- * data in the output buffer, however this is not yet sent.
+ * until it returns a value greater that or equal to 0. When
+ * the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be
+ * some partial data in the output buffer, however this is not
+ * yet sent.
*
* \note If the requested length is greater than the maximum
* fragment length (either the built-in limit or the one set
@@ -2523,6 +2535,9 @@
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
* active maximum fragment length.
+ *
+ * \note Attempting to write 0 bytes will result in an empty TLS
+ * application record being sent.
*/
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
@@ -2615,6 +2630,9 @@
* \brief Free referenced items in an SSL session including the
* peer certificate and clear memory
*
+ * \note A session object can be freed even if the SSL context
+ * that was used to retrieve the session is still in use.
+ *
* \param session SSL session
*/
void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 545468a..1d2aabc 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -267,7 +267,7 @@
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
#endif
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 60b431a..2b5a616 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -630,7 +630,13 @@
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
- diff |= A[i] ^ B[i];
+ {
+ /* Read volatile data in order before computing diff.
+ * This avoids IAR compiler warning:
+ * 'the order of volatile accesses is undefined ..' */
+ unsigned char x = A[i], y = B[i];
+ diff |= x ^ y;
+ }
return( diff );
}
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 7690ad6..8364c87 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 7
-#define MBEDTLS_VERSION_PATCH 3
+#define MBEDTLS_VERSION_PATCH 4
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02070300
-#define MBEDTLS_VERSION_STRING "2.7.3"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.3"
+#define MBEDTLS_VERSION_NUMBER 0x02070400
+#define MBEDTLS_VERSION_STRING "2.7.4"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.4"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 4d3575d..a39e2c2 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -141,15 +141,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.3 SOVERSION 2)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.4 SOVERSION 2)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.7.3 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.7.4 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.7.3 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.7.4 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/asn1write.c b/library/asn1write.c
index 69b61b2..c8db8be 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -83,7 +83,9 @@
return( 4 );
}
+#if SIZE_MAX > 0xFFFFFFFF
if( len <= 0xFFFFFFFF )
+#endif
{
if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -96,7 +98,9 @@
return( 5 );
}
+#if SIZE_MAX > 0xFFFFFFFF
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+#endif
}
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
@@ -232,7 +236,6 @@
int ret;
size_t len = 0;
- // TODO negative values and values larger than 128
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
diff --git a/library/cipher.c b/library/cipher.c
index 7369f48..0d84ccf 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -56,10 +56,6 @@
#define mbedtls_free free
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
diff --git a/library/cmac.c b/library/cmac.c
index a4a2106..9a73faa 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -832,6 +832,7 @@
mbedtls_cipher_free( &ctx );
}
+ ret = 0;
goto exit;
cleanup:
@@ -887,6 +888,7 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
+ ret = 0;
exit:
return( ret );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index e8f4086..ec5a400 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -301,7 +301,7 @@
*/
static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
const mbedtls_ecp_group *grp,
- const int pf,
+ const int pf,
const mbedtls_ecp_point *G,
const mbedtls_mpi *x,
const mbedtls_ecp_point *X,
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 1cfc27c..eb555f3 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -522,7 +522,9 @@
heap.alloc_count, heap.free_count );
if( heap.first->next == NULL )
+ {
mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
+ }
else
{
mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 345f102..1e737c8 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -45,11 +45,12 @@
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
-#ifdef _WIN32_WINNT
+#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501)
#undef _WIN32_WINNT
-#endif
/* Enables getaddrinfo() & Co */
#define _WIN32_WINNT 0x0501
+#endif
+
#include <ws2tcpip.h>
#include <winsock2.h>
@@ -271,7 +272,7 @@
static int net_would_block( const mbedtls_net_context *ctx )
{
int err = errno;
-
+
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 440a174..f04f0ab 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -249,8 +249,10 @@
memset( counter, 0, 4 );
counter[3] = 1;
+#if UINT_MAX > 0xFFFFFFFF
if( iteration_count > 0xFFFFFFFF )
return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+#endif
while( key_length )
{
diff --git a/library/pkparse.c b/library/pkparse.c
index 26a8b70..a83bb01 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1268,7 +1268,6 @@
return( ret );
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
#else
- ((void) ret);
((void) pwd);
((void) pwdlen);
#endif /* MBEDTLS_PEM_PARSE_C */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a7aaaff..7e068c7 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -355,7 +355,7 @@
*olen = 6;
}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1250,14 +1250,14 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -1284,7 +1284,7 @@
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2713,7 +2713,7 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index aca4235..db45ca2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -97,6 +97,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+ if( len < 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@@ -107,7 +114,7 @@
}
p = buf + 2;
- while( servername_list_size > 0 )
+ while( servername_list_size > 2 )
{
hostname_len = ( ( p[1] << 8 ) | p[2] );
if( hostname_len + 3 > servername_list_size )
@@ -211,6 +218,12 @@
mbedtls_md_type_t md_cur;
mbedtls_pk_type_t sig_cur;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
sig_alg_list_size % 2 != 0 )
@@ -279,6 +292,12 @@
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( list_size + 2 != len ||
list_size % 2 != 0 )
@@ -338,14 +357,14 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -793,7 +812,7 @@
const mbedtls_ssl_ciphersuite_t *suite_info;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@@ -1662,10 +1681,16 @@
while( ext_len != 0 )
{
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ unsigned int ext_id;
+ unsigned int ext_size;
+ if ( ext_len < 4 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) );
+ ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) );
if( ext_size + 4 > ext_len )
{
@@ -2843,7 +2868,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
unsigned char *p = ssl->out_msg + 4;
- size_t len;
+ size_t len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
unsigned char *dig_signed = p;
size_t dig_signed_len = 0;
@@ -2961,7 +2986,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p;
dig_signed_len = len;
#endif
@@ -3050,7 +3075,7 @@
/*
* 3.1: Choose hash algorithm:
- * A: For TLS 1.2, obey signature-hash-algorithm extension
+ * A: For TLS 1.2, obey signature-hash-algorithm extension
* to choose appropriate hash.
* B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
* (RFC 4492, Sec. 5.4)
@@ -3071,7 +3096,7 @@
sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- /* (... because we choose a cipher suite
+ /* (... because we choose a cipher suite
* only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -3305,6 +3330,10 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
+ if ( p + 2 > end ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
*p++ != ( ( len ) & 0xFF ) )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 44237e0..ca9b8c4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1153,6 +1153,9 @@
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
*p++ = 0;
*p++ = 48;
p += 48;
@@ -1923,27 +1926,27 @@
* and fake check up to 256 bytes of padding
*/
size_t pad_count = 0, real_count = 1;
- size_t padding_idx = ssl->in_msglen - padlen - 1;
+ size_t padding_idx = ssl->in_msglen - padlen;
/*
* Padding is guaranteed to be incorrect if:
- * 1. padlen >= ssl->in_msglen
+ * 1. padlen > ssl->in_msglen
*
- * 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
+ * 2. padding_idx > MBEDTLS_SSL_MAX_CONTENT_LEN +
* ssl->transform_in->maclen
*
* In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads.
*/
- correct &= ( ssl->in_msglen >= padlen + 1 );
- correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
+ correct &= ( padlen <= ssl->in_msglen );
+ correct &= ( padding_idx <= MBEDTLS_SSL_MAX_CONTENT_LEN +
ssl->transform_in->maclen );
padding_idx *= correct;
- for( i = 1; i <= 256; i++ )
+ for( i = 0; i < 256; i++ )
{
- real_count &= ( i <= padlen );
+ real_count &= ( i < padlen );
pad_count += real_count *
( ssl->in_msg[padding_idx + i] == padlen - 1 );
}
@@ -2142,6 +2145,16 @@
if( ssl->in_msglen == 0 )
{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
ssl->nb_zero++;
/*
@@ -4214,6 +4227,16 @@
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
{
+ if( ssl->in_msglen != 2 )
+ {
+ /* Note: Standard allows for more than one 2 byte alert
+ to be packed in a single message, but Mbed TLS doesn't
+ currently support this. */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+ ssl->in_msglen ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
ssl->in_msg[0], ssl->in_msg[1] ) );
@@ -4637,6 +4660,12 @@
while( i < ssl->in_hslen )
{
+ if ( i + 3 > ssl->in_hslen ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
@@ -6104,27 +6133,27 @@
mbedtls_x509_crt *cert,
mbedtls_pk_context *key )
{
- mbedtls_ssl_key_cert *new;
+ mbedtls_ssl_key_cert *new_cert;
- new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
- if( new == NULL )
+ new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+ if( new_cert == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- new->cert = cert;
- new->key = key;
- new->next = NULL;
+ new_cert->cert = cert;
+ new_cert->key = key;
+ new_cert->next = NULL;
/* Update head is the list was null, else add to the end */
if( *head == NULL )
{
- *head = new;
+ *head = new_cert;
}
else
{
mbedtls_ssl_key_cert *cur = *head;
while( cur->next != NULL )
cur = cur->next;
- cur->next = new;
+ cur->next = new_cert;
}
return( 0 );
@@ -7003,41 +7032,6 @@
}
}
- /*
- * TODO
- *
- * The logic should be streamlined here:
- *
- * Instead of
- *
- * - Manually checking whether ssl->in_offt is NULL
- * - Fetching a new record if yes
- * - Setting ssl->in_offt if one finds an application record
- * - Resetting keep_current_message after handling the application data
- *
- * one should
- *
- * - Adapt read_record to set ssl->in_offt automatically
- * when a new application data record is processed.
- * - Always call mbedtls_ssl_read_record here.
- *
- * This way, the logic of ssl_read would be much clearer:
- *
- * (1) Always call record layer and see what kind of record is on
- * and have it ready for consumption (in particular, in_offt
- * properly set for application data records).
- * (2) If it's application data (either freshly fetched
- * or something already being partially processed),
- * serve the read request from it.
- * (3) If it's something different from application data,
- * handle it accordingly, e.g. potentially start a
- * renegotiation.
- *
- * This will also remove the need to manually reset
- * ssl->keep_current_message = 0 below.
- *
- */
-
if( ssl->in_offt == NULL )
{
/* Start timer if not already running */
@@ -7259,8 +7253,16 @@
}
/*
- * Send application data to be encrypted by the SSL layer,
- * taking care of max fragment length and buffer size
+ * Send application data to be encrypted by the SSL layer, taking care of max
+ * fragment length and buffer size.
+ *
+ * According to RFC 5246 Section 6.2.1:
+ *
+ * Zero-length fragments of Application data MAY be sent as they are
+ * potentially useful as a traffic analysis countermeasure.
+ *
+ * Therefore, it is possible that the input message length is 0 and the
+ * corresponding return code is 0 on success.
*/
static int ssl_write_real( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
@@ -7288,6 +7290,12 @@
if( ssl->out_left != 0 )
{
+ /*
+ * The user has previously tried to send the data and
+ * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
+ * written. In this case, we expect the high-level write function
+ * (e.g. mbedtls_ssl_write()) to be called with the same parameters
+ */
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
@@ -7296,6 +7304,11 @@
}
else
{
+ /*
+ * The user is trying to send a message the first time, so we need to
+ * copy the data into the internal buffers and setup the data structure
+ * to keep track of partial writes
+ */
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
memcpy( ssl->out_msg, buf, len );
diff --git a/library/x509.c b/library/x509.c
index 371d6da..264c7fb 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -70,15 +70,6 @@
#include <time.h>
#endif
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif
-#endif
-
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 26a06db..779098d 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -278,34 +278,25 @@
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_init( &pem );
-
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] != '\0' )
- ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
+ if( buf[buflen - 1] == '\0' )
+ {
+ mbedtls_pem_init( &pem );
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN CERTIFICATE REQUEST-----",
"-----END CERTIFICATE REQUEST-----",
buf, NULL, 0, &use_len );
- if( ret == 0 )
- {
- /*
- * Was PEM encoded, parse the result
- */
- if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
- return( ret );
+ if( ret == 0 )
+ /*
+ * Was PEM encoded, parse the result
+ */
+ ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
mbedtls_pem_free( &pem );
- return( 0 );
+ if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- mbedtls_pem_free( &pem );
- return( ret );
- }
- else
#endif /* MBEDTLS_PEM_PARSE_C */
return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
}
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4acf38d..c727f93 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#include "mbedtls/aes.h"
#include "mbedtls/md.h"
@@ -71,7 +74,8 @@
#else
int main( int argc, char *argv[] )
{
- int ret = 1;
+ int ret = 0;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned int i, n;
int mode, lastn;
@@ -429,7 +433,7 @@
}
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
@@ -452,6 +456,6 @@
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 0e272eb..99d30c9 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -30,9 +30,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
defined(MBEDTLS_FS_IO)
@@ -74,6 +77,7 @@
int main( int argc, char *argv[] )
{
int ret = 1, i, n;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
FILE *fkey, *fin = NULL, *fout = NULL;
@@ -526,7 +530,7 @@
}
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
@@ -549,6 +553,6 @@
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index d1e81d4..bbe8d92 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/md.h"
@@ -169,7 +172,8 @@
int main( int argc, char *argv[] )
{
- int ret, i;
+ int ret = 1, i;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -196,7 +200,7 @@
fflush( stdout ); getchar();
#endif
- return( 1 );
+ return( exit_code );
}
/*
@@ -206,12 +210,12 @@
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- return( 1 );
+ return( exit_code );
}
ret = 0;
@@ -224,9 +228,12 @@
for( i = 2; i < argc; i++ )
ret |= generic_print( md_info, argv[i] );
+ if ( ret == 0 )
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_md_free( &md_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 0978408..3dadf48 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t n, buflen;
mbedtls_net_context server_fd;
@@ -115,7 +119,6 @@
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -191,7 +194,6 @@
if( dhm.len < 64 || dhm.len > 512 )
{
- ret = 1;
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
}
@@ -207,7 +209,6 @@
if( ( n = (size_t) ( end - p ) ) != rsa.len )
{
- ret = 1;
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
@@ -286,6 +287,8 @@
buf[16] = '\0';
mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -301,7 +304,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 84a94a1..dbe9153 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -30,9 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
@@ -69,6 +71,7 @@
int main( int argc, char **argv )
{
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi G, P, Q;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -86,7 +89,7 @@
{
usage:
mbedtls_printf( USAGE );
- return( 1 );
+ return( exit_code );
}
for( i = 1; i < argc; i++ )
@@ -164,7 +167,6 @@
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
goto exit;
}
@@ -180,6 +182,8 @@
mbedtls_printf( " ok\n\n" );
fclose( fout );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -191,7 +195,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 4304231..c4e2c39 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t n, buflen;
mbedtls_net_context listen_fd, client_fd;
@@ -121,7 +125,6 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -164,7 +167,6 @@
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n" );
goto exit;
@@ -304,6 +306,8 @@
mbedtls_printf( "\n\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -323,7 +327,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index e7ead9a..5db0408 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_ECDH_C) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
@@ -51,7 +54,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdh_context ctx_cli, ctx_srv;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -218,6 +222,7 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
@@ -231,7 +236,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret != 0 );
+ return( exit_code );
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index b474060..c653df9 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_ECDSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -98,7 +101,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdsa_context ctx_sign, ctx_verify;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -115,7 +119,6 @@
memset( sig, 0, sizeof( sig ) );
memset( message, 0x25, sizeof( message ) );
- ret = 1;
if( argc != 1 )
{
@@ -213,8 +216,6 @@
goto exit;
}
- ret = 0;
-
/*
* Verify signature
*/
@@ -231,6 +232,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#if defined(_WIN32)
@@ -243,7 +246,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index a7f5c90..f01bf5f 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -186,7 +189,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context key;
char buf[1024];
int i;
@@ -214,7 +218,6 @@
if( argc == 0 )
{
usage:
- ret = 1;
mbedtls_printf( USAGE );
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
@@ -222,7 +225,7 @@
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
-#endif
+#endif /* MBEDTLS_ECP_C */
goto exit;
}
@@ -411,9 +414,11 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -436,7 +441,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index f1b548d..027b95f 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
@@ -83,7 +86,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
@@ -105,7 +109,7 @@
{
usage:
mbedtls_printf( USAGE );
- goto exit;
+ goto cleanup;
}
opt.mode = DFL_MODE;
@@ -155,13 +159,13 @@
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! fopen returned NULL\n" );
- goto exit;
+ goto cleanup;
}
if( fgets( buf, sizeof(buf), f ) == NULL )
{
fclose( f );
mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
- goto exit;
+ goto cleanup;
}
fclose( f );
@@ -182,7 +186,7 @@
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
- goto exit;
+ goto cleanup;
}
mbedtls_printf( " ok\n" );
@@ -200,17 +204,17 @@
( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
- goto exit;
+ goto cleanup;
}
- mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
- mbedtls_mpi_write_file( "P: ", &P, 16, NULL );
- mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL );
- mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL );
- mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL );
- mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &D, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &P, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ) );
}
else
#endif
@@ -218,16 +222,16 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
}
else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
- goto exit;
+ goto cleanup;
}
}
else if( opt.mode == MODE_PUBLIC )
@@ -243,7 +247,7 @@
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
- goto exit;
+ goto cleanup;
}
mbedtls_printf( " ok\n" );
@@ -258,10 +262,10 @@
NULL, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
- goto exit;
+ goto cleanup;
}
- mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
- mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
}
else
#endif
@@ -269,26 +273,28 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
}
else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
- goto exit;
+ goto cleanup;
}
}
else
goto usage;
-exit:
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
- mbedtls_strerror( ret, buf, sizeof(buf) );
+ mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
@@ -303,6 +309,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 52b0f8e..13602c2 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
@@ -128,7 +131,7 @@
return( ret );
len = ret;
- c = output_buf + sizeof(output_buf) - len - 1;
+ c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "w" ) ) == NULL )
@@ -189,7 +192,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
@@ -210,7 +214,6 @@
if( argc == 0 )
{
usage:
- ret = 1;
mbedtls_printf( USAGE );
goto exit;
}
@@ -403,9 +406,11 @@
write_private_key( &key, opt.output_file );
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -426,6 +431,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index afe8957..365bdc4 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/bignum.h"
@@ -47,7 +50,8 @@
#else
int main( void )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
@@ -88,15 +92,16 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
mbedtls_printf( "\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
cleanup:
mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
mbedtls_mpi_free( &Z );
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_printf( "\nAn error occurred.\n" );
- ret = 1;
}
#if defined(_WIN32)
@@ -104,6 +109,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 32fbc75..00bd71e 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
@@ -59,7 +62,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret, c;
+ int ret = 1, c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
@@ -71,7 +75,6 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
memset(result, 0, sizeof( result ) );
- ret = 1;
if( argc != 2 )
{
@@ -110,8 +113,6 @@
/*
* Extract the RSA encrypted value from the text file
*/
- ret = 1;
-
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
@@ -143,14 +144,14 @@
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -162,7 +163,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 7ca9d5a..400619c 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -59,7 +62,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
@@ -68,7 +72,6 @@
unsigned char buf[512];
const char *pers = "mbedtls_pk_encrypt";
- ret = 1;
mbedtls_ctr_drbg_init( &ctr_drbg );
if( argc != 3 )
@@ -132,7 +135,6 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -145,12 +147,14 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -162,7 +166,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 55df95e..7ec4675 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -30,9 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -61,6 +63,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -134,14 +137,12 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
- ret = 1;
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit;
@@ -151,13 +152,15 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -169,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( ret ? EXIT_FAILURE : EXIT_SUCCESS );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index d35d17f..3c7709f 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \
@@ -56,6 +59,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
@@ -87,7 +91,6 @@
/*
* Extract the signature from the file
*/
- ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -125,13 +128,13 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -143,7 +146,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 2da3fbf..0a252d2 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -30,11 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_exit exit
+#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
@@ -61,7 +61,9 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int return_val, exit_val, c;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ int c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -73,7 +75,6 @@
((void) argv);
memset(result, 0, sizeof( result ) );
- exit_val = MBEDTLS_EXIT_SUCCESS;
if( argc != 1 )
{
@@ -83,7 +84,7 @@
mbedtls_printf( "\n" );
#endif
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( exit_code );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
@@ -96,14 +97,13 @@
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
- return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) );
- if( return_val != 0 )
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- return_val );
+ ret );
goto exit;
}
@@ -112,40 +112,38 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- if( ( return_val = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- return_val );
+ ret );
fclose( f );
goto exit;
}
fclose( f );
- if( ( return_val = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
+ if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
- if( ( return_val = mbedtls_rsa_complete( &rsa ) ) != 0 )
+ if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -154,7 +152,6 @@
*/
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -169,7 +166,6 @@
if( i != rsa.len )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
@@ -180,14 +176,13 @@
mbedtls_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
- return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
+ ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
buf, result, 1024 );
- if( return_val != 0 )
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -195,6 +190,8 @@
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
@@ -208,6 +205,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_val );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 81c27d8..411657a 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -30,12 +30,12 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -61,7 +61,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int return_val, exit_val;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
@@ -71,8 +72,6 @@
const char *pers = "rsa_encrypt";
mbedtls_mpi N, E;
- exit_val = MBEDTLS_EXIT_SUCCESS;
-
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
@@ -81,7 +80,7 @@
mbedtls_printf( "\n" );
#endif
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( exit_code );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
@@ -92,14 +91,13 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) );
- if( return_val != 0 )
+ ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- return_val );
+ ret );
goto exit;
}
@@ -108,35 +106,30 @@
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- if( ( return_val = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- return_val );
+ ret );
fclose( f );
goto exit;
}
fclose( f );
- if( ( return_val = mbedtls_rsa_import( &rsa, &N, NULL,
- NULL, NULL, &E ) ) != 0 )
+ if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
if( strlen( argv[1] ) > 100 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -149,14 +142,13 @@
mbedtls_printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
- return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PUBLIC,
- strlen( argv[1] ), input, buf );
- if( return_val != 0 )
+ ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+ strlen( argv[1] ), input, buf );
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -165,7 +157,6 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -178,6 +169,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -189,7 +182,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_val );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 9399217..3359e14 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
@@ -61,7 +64,8 @@
#else
int main( void )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -105,14 +109,12 @@
( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
- ret = 1;
goto exit;
}
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
- ret = 1;
goto exit;
}
@@ -129,7 +131,6 @@
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
- ret = 1;
goto exit;
}
@@ -160,6 +161,8 @@
*/
mbedtls_printf( " ok\n\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
if( fpub != NULL )
@@ -180,7 +183,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 89018cb..b16fe5d 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -55,7 +58,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[32];
@@ -69,8 +73,6 @@
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
- ret = 1;
-
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_sign <filename>\n" );
@@ -87,7 +89,6 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -159,7 +160,6 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
goto exit;
}
@@ -172,6 +172,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_rsa_free( &rsa );
@@ -184,7 +186,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 7b6f14d..b0b0f7e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -61,6 +64,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -101,7 +105,6 @@
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
@@ -109,7 +112,6 @@
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
- ret = 1;
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
@@ -145,7 +147,6 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
@@ -161,6 +162,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -171,7 +174,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 1f827aa..6f88345 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -54,7 +57,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret, c;
+ int ret = 1, c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[32];
@@ -62,7 +66,6 @@
char filename[512];
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- ret = 1;
if( argc != 2 )
{
@@ -100,7 +103,6 @@
/*
* Extract the RSA signature from the text file
*/
- ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -146,7 +148,7 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
@@ -157,7 +159,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 31b720f..7c9c68f 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -60,6 +63,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
@@ -91,7 +95,6 @@
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
- ret = 1;
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
@@ -101,7 +104,6 @@
/*
* Extract the RSA signature from the file
*/
- ret = 1;
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -139,7 +141,7 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
@@ -149,7 +151,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 792d381..a1eb386 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
@@ -49,20 +52,21 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int i, k, ret;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -72,7 +76,8 @@
ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
- mbedtls_printf("failed!\n");
+ mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
+ ret );
goto cleanup;
}
@@ -83,7 +88,7 @@
fflush( stdout );
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf( "\n" );
@@ -91,6 +96,6 @@
fclose( f );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index c76f99d..5ade946 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_FS_IO)
@@ -52,7 +55,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int i, k, ret;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[1024];
@@ -62,13 +66,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -116,7 +120,7 @@
fflush( stdout );
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf("\n");
@@ -125,6 +129,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 6c31462..3fb3f01 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_HAVEGE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/havege.h"
@@ -51,20 +54,21 @@
{
FILE *f;
time_t t;
- int i, k, ret = 0;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_havege_state hs;
unsigned char buf[1024];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_havege_init( &hs );
@@ -73,11 +77,10 @@
for( i = 0, k = 768; i < k; i++ )
{
- if( mbedtls_havege_random( &hs, buf, sizeof( buf ) ) != 0 )
+ if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
{
- mbedtls_printf( "Failed to get random from source.\n" );
-
- ret = 1;
+ mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X",
+ -ret );
goto exit;
}
@@ -93,9 +96,11 @@
mbedtls_printf(" \n ");
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_havege_free( &hs );
fclose( f );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index fa70431..bf7c013 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -80,7 +82,8 @@
int main( void )
{
- int ret, len;
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
uint32_t flags;
unsigned char buf[1024];
@@ -281,10 +284,12 @@
mbedtls_ssl_close_notify( &ssl );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
@@ -305,7 +310,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8e2feb1..8151432 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -246,7 +246,11 @@
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
" request_size=%%d default: about 34 (basic request)\n" \
- " (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
+ " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
+ " If 0, in the first exchange only an empty\n" \
+ " application data message is sent followed by\n" \
+ " a second non-empty message before attempting\n" \
+ " to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
@@ -1528,10 +1532,13 @@
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
- for( written = 0, frags = 0; written < len; written += ret, frags++ )
+ written = 0;
+ frags = 0;
+
+ do
{
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
- <= 0 )
+ while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
+ len - written ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
@@ -1540,7 +1547,11 @@
goto exit;
}
}
+
+ frags++;
+ written += ret;
}
+ while( written < len );
}
else /* Not stream, so datagram */
{
@@ -1567,6 +1578,13 @@
buf[written] = '\0';
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ /* Send a non-empty request if request_size == 0 */
+ if ( len == 0 )
+ {
+ opt.request_size = DFL_REQUEST_SIZE;
+ goto send_request;
+ }
+
/*
* 7. Read the HTTP response
*/
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7624896..1c3a806 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
@@ -95,7 +98,8 @@
int main( void )
{
- int ret, len, cnt = 0, pid;
+ int ret = 1, len, cnt = 0, pid;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "ssl_fork_server";
@@ -392,6 +396,8 @@
goto exit;
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
@@ -408,7 +414,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index b49ffb4..04f8910 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -346,7 +348,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0, len;
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
unsigned char buf[1024];
#if defined(MBEDTLS_BASE64_C)
@@ -499,8 +502,8 @@
mbedtls_test_cas_pem_len );
#else
{
- ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
}
#endif
if( ret < 0 )
@@ -529,8 +532,8 @@
mbedtls_test_cli_crt_len );
#else
{
- ret = -1;
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ goto exit;
}
#endif
if( ret != 0 )
@@ -549,8 +552,8 @@
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
- ret = -1;
mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
}
#endif
if( ret != 0 )
@@ -819,6 +822,8 @@
mbedtls_ssl_close_notify( &ssl );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -835,7 +840,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index fd54f17..dcdafbb 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -31,7 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_time time
-#define mbedtls_time_t time_t
+#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index 9cfcd2d..fd3526f 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -80,7 +83,8 @@
int main( void )
{
- int ret, i;
+ int ret = 1, i;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt cacert;
mbedtls_x509_crl crl;
char buf[10240];
@@ -210,7 +214,6 @@
if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) )
{
mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" );
- ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
goto exit;
}
@@ -241,6 +244,8 @@
mbedtls_pk_free( &pk );
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crl_free( &crl );
@@ -250,7 +255,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_X509_CRL_PARSE_C */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 20624d2..1865b0f 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -37,10 +37,12 @@
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_NET_C)
int main( void )
@@ -468,7 +470,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context listen_fd, client_fd, server_fd;
@@ -591,10 +594,12 @@
}
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
@@ -612,7 +617,7 @@
fflush( stdout ); getchar();
#endif
- return( ret != 0 );
+ return( exit_code );
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index ad2c6ac..73a9fb5 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_free free
-#define mbedtls_calloc calloc
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_free free
+#define mbedtls_calloc calloc
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
@@ -178,7 +181,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char *pem_buffer = NULL;
unsigned char der_buffer[4096];
char buf[1024];
@@ -273,6 +277,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
free( pem_buffer );
@@ -281,6 +287,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c893ca8..c57ecca 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -145,7 +147,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
unsigned char buf[1024];
mbedtls_entropy_context entropy;
@@ -180,7 +183,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 2;
goto exit;
}
@@ -252,19 +254,23 @@
if( strlen( opt.ca_path ) )
{
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
verify = 1;
}
else if( strlen( opt.ca_file ) )
{
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
- verify = 1;
- }
+ if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret );
+ goto exit;
+ }
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
- goto exit;
+ verify = 1;
}
mbedtls_printf( " ok (%d skipped)\n", ret );
@@ -332,8 +338,6 @@
cur = cur->next;
}
- ret = 0;
-
/*
* 1.3 Verify the certificate
*/
@@ -470,6 +474,8 @@
else
goto usage;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -485,10 +491,7 @@
fflush( stdout ); getchar();
#endif
- if( ret < 0 )
- ret = 1;
-
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 30df216..a32ac50 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -133,7 +136,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context key;
char buf[1024];
int i;
@@ -156,7 +160,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 1;
goto exit;
}
@@ -317,9 +320,11 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -339,7 +344,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 9cc582d..26ab88a 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
@@ -211,7 +214,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt issuer_crt;
mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
mbedtls_pk_context *issuer_key = &loaded_issuer_key,
@@ -248,7 +252,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 1;
goto exit;
}
@@ -615,7 +618,6 @@
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
- ret = -1;
goto exit;
}
}
@@ -788,6 +790,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &loaded_subject_key );
@@ -801,7 +805,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 210d19e..f831683 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char buf[100000];
mbedtls_x509_crl crl;
int i;
@@ -131,6 +135,8 @@
mbedtls_printf( "%s\n", buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_crl_free( &crl );
@@ -139,7 +145,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 8410a53..0f20c85 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char buf[100000];
mbedtls_x509_csr csr;
int i;
@@ -131,6 +135,8 @@
mbedtls_printf( "%s\n", buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_csr_free( &csr );
@@ -139,7 +145,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/scripts/config.pl b/scripts/config.pl
index 5bf2785..468aeb9 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index ac0fbff..4f0ad31 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# Generate error.c
#
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 2aa695c..1bd82ca 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
use strict;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index e042a44..811c71f 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# Generate main file, individual apps and solution files for MS Visual Studio
# 2010
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
index d1ce4ca..4e3342a 100755
--- a/scripts/massif_max.pl
+++ b/scripts/massif_max.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# Parse a massif.out.xxx file and output peak total memory usage
diff --git a/scripts/rename.pl b/scripts/rename.pl
index c29519e..fb42809 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 16e19a9..9fd4916 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -105,26 +105,11 @@
add_test_suite(x509parse)
add_test_suite(x509write)
-# Make data_files available in an out-of-source build
+# Make scripts and data files needed for testing available in an
+# out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
- # Get OS dependent path to use in `execute_process`
- file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/data_files" link)
- file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/data_files" target)
-
- if (NOT EXISTS ${link})
- if (CMAKE_HOST_UNIX)
- set(command ln -s ${target} ${link})
- else()
- set(command cmd.exe /c mklink /j ${link} ${target})
- endif()
-
- execute_process(COMMAND ${command}
- RESULT_VARIABLE result
- ERROR_VARIABLE output)
-
- if (NOT ${result} EQUAL 0)
- message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
- endif()
- endif()
+ link_to_source(compat.sh)
+ link_to_source(data_files)
+ link_to_source(scripts)
+ link_to_source(ssl-opt.sh)
endif()
-
diff --git a/tests/compat.sh b/tests/compat.sh
index 34e38f1..a2b2d5b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -998,7 +998,7 @@
if [ $EXIT -eq 0 ]; then
RESULT=0
else
- # If the cipher isn't supported...
+ # If the cipher isn't supported...
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
RESULT=1
else
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index ee54a6c..7407f44 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -45,3 +45,4 @@
run_test ./tests/scripts/check-doxy-blocks.pl
run_test ./tests/scripts/check-names.sh
run_test ./tests/scripts/check-generated-files.sh
+run_test ./tests/scripts/check-files.py
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c64c9c0..fed631f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -150,9 +150,19 @@
# remove built files as well as the cmake cache/config
cleanup()
{
+ if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then
+ cd "$MBEDTLS_ROOT_DIR"
+ fi
+
command make clean
- find . -name yotta -prune -o -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+
+ # Remove CMake artefacts
+ find . -name .git -prune -o -name yotta -prune -o \
+ -iname CMakeFiles -exec rm -rf {} \+ -o \
+ \( -iname cmake_install.cmake -o \
+ -iname CTestTestfile.cmake -o \
+ -iname CMakeCache.txt \) -exec rm {} \+
+ # Recover files overwritten by in-tree CMake builds
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
@@ -208,7 +218,7 @@
check_tools()
{
for TOOL in "$@"; do
- if ! `hash "$TOOL" >/dev/null 2>&1`; then
+ if ! `type "$TOOL" >/dev/null 2>&1`; then
err_msg "$TOOL not found!"
exit 1
fi
@@ -326,6 +336,7 @@
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ exit 1
elif [ -z "${1-}" ]; then
echo "SUCCESS :)"
fi
@@ -413,6 +424,10 @@
msg "test: doxygen markup outside doxygen blocks" # < 1s
tests/scripts/check-doxy-blocks.pl
+msg "test: check-files.py" # < 1s
+cleanup
+tests/scripts/check-files.py
+
msg "test/build: declared and exported names" # < 3s
cleanup
tests/scripts/check-names.sh
@@ -518,6 +533,24 @@
msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+# Build with -O -Wextra to catch a maximum of issues.
+make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
+make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+
+msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
+# No cleanup, just tweak the configuration and rebuild
+make clean
+scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
+scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
+# Build with -O -Wextra to catch a maximum of issues.
+make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
+make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+
msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup
record_status tests/scripts/curves.pl
@@ -626,15 +659,30 @@
fi
if uname -a | grep -F x86_64 >/dev/null; then
- msg "build: i386, make, gcc" # ~ 30s
+ # Build once with -O0, to compile out the i386 specific inline assembly
+ msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
cleanup
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32'
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
+ make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
- msg "test: i386, make, gcc"
+ msg "test: i386, make, gcc -O0 (ASan build)"
+ make test
+
+ # Build again with -O1, to compile in the i386 specific inline assembly
+ msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
+ cleanup
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
+ make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
+
+ msg "test: i386, make, gcc -O1 (ASan build)"
make test
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
cleanup
+ cp "$CONFIG_H" "$CONFIG_BAK"
+ scripts/config.pl full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
msg "test: 64-bit ILP32, make, gcc"
@@ -831,8 +879,20 @@
msg "test: cmake 'out-of-source' build"
make test
+# Test an SSL option that requires an auxiliary script in test/scripts/.
+# Also ensure that there are no error messages such as
+# "No such file or directory", which would indicate that some required
+# file is missing (ssl-opt.sh tolerates the absence of some files so
+# may exit with status 0 but emit errors).
+if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
+if [ -s ssl-opt.err ]; then
+ cat ssl-opt.err >&2
+ record_status [ ! -s ssl-opt.err ]
+ rm ssl-opt.err
+fi
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
+unset MBEDTLS_ROOT_DIR
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index b0fd696..4967699 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# Detect comment blocks that are likely meant to be doxygen blocks but aren't.
#
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
new file mode 100755
index 0000000..f560d03
--- /dev/null
+++ b/tests/scripts/check-files.py
@@ -0,0 +1,223 @@
+#!/usr/bin/env python3
+"""
+This file is part of Mbed TLS (https://tls.mbed.org)
+
+Copyright (c) 2018, Arm Limited, All Rights Reserved
+
+Purpose
+
+This script checks the current state of the source code for minor issues,
+including incorrect file permissions, presence of tabs, non-Unix line endings,
+trailing whitespace, presence of UTF-8 BOM, and TODO comments.
+Note: requires python 3, must be run from Mbed TLS root.
+"""
+
+import os
+import argparse
+import logging
+import codecs
+import sys
+
+
+class IssueTracker(object):
+ """Base class for issue tracking. Issues should inherit from this and
+ overwrite either issue_with_line if they check the file line by line, or
+ overwrite check_file_for_issue if they check the file as a whole."""
+
+ def __init__(self):
+ self.heading = ""
+ self.files_exemptions = []
+ self.files_with_issues = {}
+
+ def should_check_file(self, filepath):
+ for files_exemption in self.files_exemptions:
+ if filepath.endswith(files_exemption):
+ return False
+ return True
+
+ def issue_with_line(self, line):
+ raise NotImplementedError
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ for i, line in enumerate(iter(f.readline, b"")):
+ self.check_file_line(filepath, line, i + 1)
+
+ def check_file_line(self, filepath, line, line_number):
+ if self.issue_with_line(line):
+ if filepath not in self.files_with_issues.keys():
+ self.files_with_issues[filepath] = []
+ self.files_with_issues[filepath].append(line_number)
+
+ def output_file_issues(self, logger):
+ if self.files_with_issues.values():
+ logger.info(self.heading)
+ for filename, lines in sorted(self.files_with_issues.items()):
+ if lines:
+ logger.info("{}: {}".format(
+ filename, ", ".join(str(x) for x in lines)
+ ))
+ else:
+ logger.info(filename)
+ logger.info("")
+
+
+class PermissionIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Incorrect permissions:"
+
+ def check_file_for_issue(self, filepath):
+ if not (os.access(filepath, os.X_OK) ==
+ filepath.endswith((".sh", ".pl", ".py"))):
+ self.files_with_issues[filepath] = None
+
+
+class EndOfFileNewlineIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Missing newline at end of file:"
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ if not f.read().endswith(b"\n"):
+ self.files_with_issues[filepath] = None
+
+
+class Utf8BomIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "UTF-8 BOM present:"
+
+ def check_file_for_issue(self, filepath):
+ with open(filepath, "rb") as f:
+ if f.read().startswith(codecs.BOM_UTF8):
+ self.files_with_issues[filepath] = None
+
+
+class LineEndingIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Non Unix line endings:"
+
+ def issue_with_line(self, line):
+ return b"\r" in line
+
+
+class TrailingWhitespaceIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Trailing whitespace:"
+ self.files_exemptions = [".md"]
+
+ def issue_with_line(self, line):
+ return line.rstrip(b"\r\n") != line.rstrip()
+
+
+class TabIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "Tabs present:"
+ self.files_exemptions = [
+ "Makefile", "generate_visualc_files.pl"
+ ]
+
+ def issue_with_line(self, line):
+ return b"\t" in line
+
+
+class TodoIssueTracker(IssueTracker):
+
+ def __init__(self):
+ super().__init__()
+ self.heading = "TODO present:"
+ self.files_exemptions = [
+ __file__, "benchmark.c", "pull_request_template.md"
+ ]
+
+ def issue_with_line(self, line):
+ return b"todo" in line.lower()
+
+
+class IntegrityChecker(object):
+
+ def __init__(self, log_file):
+ self.check_repo_path()
+ self.logger = None
+ self.setup_logger(log_file)
+ self.files_to_check = (
+ ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
+ "Makefile", "CMakeLists.txt", "ChangeLog"
+ )
+ self.issues_to_check = [
+ PermissionIssueTracker(),
+ EndOfFileNewlineIssueTracker(),
+ Utf8BomIssueTracker(),
+ LineEndingIssueTracker(),
+ TrailingWhitespaceIssueTracker(),
+ TabIssueTracker(),
+ TodoIssueTracker(),
+ ]
+
+ def check_repo_path(self):
+ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
+ raise Exception("Must be run from Mbed TLS root")
+
+ def setup_logger(self, log_file, level=logging.INFO):
+ self.logger = logging.getLogger()
+ self.logger.setLevel(level)
+ if log_file:
+ handler = logging.FileHandler(log_file)
+ self.logger.addHandler(handler)
+ else:
+ console = logging.StreamHandler()
+ self.logger.addHandler(console)
+
+ def check_files(self):
+ for root, dirs, files in sorted(os.walk(".")):
+ for filename in sorted(files):
+ filepath = os.path.join(root, filename)
+ if (os.path.join("yotta", "module") in filepath or
+ not filepath.endswith(self.files_to_check)):
+ continue
+ for issue_to_check in self.issues_to_check:
+ if issue_to_check.should_check_file(filepath):
+ issue_to_check.check_file_for_issue(filepath)
+
+ def output_issues(self):
+ integrity_return_code = 0
+ for issue_to_check in self.issues_to_check:
+ if issue_to_check.files_with_issues:
+ integrity_return_code = 1
+ issue_to_check.output_file_issues(self.logger)
+ return integrity_return_code
+
+
+def run_main():
+ parser = argparse.ArgumentParser(
+ description=(
+ "This script checks the current state of the source code for "
+ "minor issues, including incorrect file permissions, "
+ "presence of tabs, non-Unix line endings, trailing whitespace, "
+ "presence of UTF-8 BOM, and TODO comments. "
+ "Note: requires python 3, must be run from Mbed TLS root."
+ )
+ )
+ parser.add_argument(
+ "-l", "--log_file", type=str, help="path to optional output log",
+ )
+ check_args = parser.parse_args()
+ integrity_check = IntegrityChecker(check_args.log_file)
+ integrity_check.check_files()
+ return_code = integrity_check.output_issues()
+ sys.exit(return_code)
+
+
+if __name__ == "__main__":
+ run_main()
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 0041814..ddc90c5 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# curves.pl
#
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index 29dcfb0..f57e7ed 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# depends-hashes.pl
#
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 14c92b2..97a43e8 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# depends-pkalgs.pl
#
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 66d9b3a..3c074be 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
# Based on NIST CTR_DRBG.rsp validation file
# Only uses AES-256-CTR cases that use a Derivation function
@@ -64,7 +64,7 @@
my $AdditionalInput2 = get_val("AdditionalInput");
my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1);
my $ReturnedBits = get_val("ReturnedBits");
-
+
if ($PredictionResistance == 1)
{
print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n");
diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl
index 6decac2..03809cb 100755
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
# Based on NIST gcmDecryptxxx.rsp validation files
# Only first 3 of every set used for compile time saving
diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl
index 8adbbce..29ec677 100755
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
# Based on NIST gcmEncryptIntIVxxx.rsp validation files
# Only first 3 of every set used for compile time saving
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 0d7fc7d..110cb4b 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
#
use strict;
@@ -18,10 +18,10 @@
next if($line !~ /^# $str/);
last;
}
-
+
while(my $line = <TEST_DATA>)
{
- last if($line eq "\r\n");
+ last if($line eq "\r\n");
$val .= $line;
}
@@ -66,7 +66,7 @@
print(":\"$val_salt\"");
print(":\"$val_sig\":0");
print("\n\n");
- }
+ }
$cnt++;
}
close(TEST_DATA);
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index d167c67..3bf7ae3 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# key-exchanges.pl
#
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 633e3fd..21c25b3 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
use warnings;
use strict;
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 3ad42b1..431e592 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# Find functions making recursive calls to themselves.
# (Multiple recursion where a() calls b() which calls a() not covered.)
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 7e2974b..6279358 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# run-test-suites.pl
#
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 600fc75..e1d2184 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# test-ref-configs.pl
#
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9fde54a..a70ace3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -308,7 +308,7 @@
done
}
else
- echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY"
+ echo "Warning: lsof not available, wait_server_start = sleep"
wait_server_start() {
sleep "$START_DELAY"
}
@@ -1151,6 +1151,38 @@
-s "received FALLBACK_SCSV" \
-S "inapropriate fallback"
+# Test sending and receiving empty application data records
+
+run_test "Encrypt then MAC: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=1" \
+ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Default, no Encrypt then MAC: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=0" \
+ "$P_CLI auth_mode=none etm=0 request_size=0" \
+ 0 \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Encrypt then MAC, DTLS: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
+ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
+ 0 \
+ -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
+run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
+ "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
+ "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
+ 0 \
+ -s "dumping 'input payload after decrypt' (0 bytes)" \
+ -c "0 bytes written in 1 fragments"
+
## ClientHello generated with
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
## then manually twiddling the ciphersuite list.
@@ -2646,6 +2678,142 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-s "The certificate has been revoked (is on a CRL)"
+# Tests for SNI and DTLS
+
+run_test "SNI: DTLS, no SNI callback" \
+ "$P_SRV debug_level=3 dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_CLI server_name=localhost dtls=1" \
+ 0 \
+ -S "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+
+run_test "SNI: DTLS, matching cert 1" \
+ "$P_SRV debug_level=3 dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ "$P_CLI server_name=localhost dtls=1" \
+ 0 \
+ -s "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+
+run_test "SNI: DTLS, matching cert 2" \
+ "$P_SRV debug_level=3 dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ "$P_CLI server_name=polarssl.example dtls=1" \
+ 0 \
+ -s "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+
+run_test "SNI: DTLS, no matching cert" \
+ "$P_SRV debug_level=3 dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ "$P_CLI server_name=nonesuch.example dtls=1" \
+ 1 \
+ -s "parse ServerName extension" \
+ -s "ssl_sni_wrapper() returned" \
+ -s "mbedtls_ssl_handshake returned" \
+ -c "mbedtls_ssl_handshake returned" \
+ -c "SSL - A fatal alert message was received from our peer"
+
+run_test "SNI: DTLS, client auth no override: optional" \
+ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1" \
+ 0 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify"
+
+run_test "SNI: DTLS, client auth override: none -> optional" \
+ "$P_SRV debug_level=3 auth_mode=none dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1" \
+ 0 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify"
+
+run_test "SNI: DTLS, client auth override: optional -> none" \
+ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1" \
+ 0 \
+ -s "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got no certificate request" \
+ -c "skip write certificate" \
+ -c "skip write certificate verify" \
+ -s "skip parse certificate verify"
+
+run_test "SNI: DTLS, CA no override" \
+ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ ca_file=data_files/test-ca.crt \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1 \
+ crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ 1 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -S "The certificate has been revoked (is on a CRL)"
+
+run_test "SNI: DTLS, CA override" \
+ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ ca_file=data_files/test-ca.crt \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1 \
+ crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ 0 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -S "x509_verify_cert() returned" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
+ -S "The certificate has been revoked (is on a CRL)"
+
+run_test "SNI: DTLS, CA override with CRL" \
+ "$P_SRV debug_level=3 auth_mode=optional \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
+ ca_file=data_files/test-ca.crt \
+ sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
+ "$P_CLI debug_level=3 server_name=localhost dtls=1 \
+ crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ 1 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
+ -s "The certificate has been revoked (is on a CRL)"
+
# Tests for non-blocking I/O: exercise a variety of handshake flows
run_test "Non-blocking I/O: basic handshake" \
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index e351ebd..734fd97 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -19,10 +19,10 @@
Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
Diffie-Hellman selftest
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 308e14b..3d0830e 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -35,7 +35,7 @@
memset( tag_str, 0x00, sizeof( tag_str ) );
memset( output, 0x00, sizeof( output ) );
memset( tag_output, 0x00, sizeof( tag_output ) );
-
+
key_len = unhexify( key_str, hex_key_string );
pt_len = unhexify( src_str, hex_src_string );
iv_len = unhexify( iv_str, hex_iv_string );
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 17cf350..1ab06a3 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -301,10 +301,10 @@
Base test mbedtls_mpi_add_mpi inplace #1
mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356"
-Test mbedtls_mpi_add_mpi inplace #2
+Test mbedtls_mpi_add_mpi inplace #2
mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306"
-Test mbedtls_mpi_add_mpi inplace #3
+Test mbedtls_mpi_add_mpi inplace #3
mbedtls_mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe"
Test mbedtls_mpi_add_int #1
diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data
index db7a4cd..0309400 100644
--- a/tests/suites/test_suite_pkcs1_v15.data
+++ b/tests/suites/test_suite_pkcs1_v15.data
@@ -13,19 +13,19 @@
RSAES-V15 Encryption Test Vector Data too long 1
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 7
+RSAES-V15 Decryption Test Vector Padding too short 7
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 Encryption Test Vector Data too long 3
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 5
+RSAES-V15 Decryption Test Vector Padding too short 5
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING
RSAES-V15 Encryption Test Vector Data too long 8
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSAES-V15 Decryption Test Vector Padding too short 0
+RSAES-V15 Decryption Test Vector Padding too short 0
pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING
RSASSA-V15 Signing Test Vector Int
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 60683af..1cd2ed5 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -52,4 +52,5 @@
mbedtls_ssl_free( &ssl );
}
-/* END_CASE */
\ No newline at end of file
+/* END_CASE */
+
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 647d381..d710c2b 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.7.3"
+check_compiletime_version:"2.7.4"
Check runtime library version
-check_runtime_version:"2.7.3"
+check_runtime_version:"2.7.4"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md
index ae4b1ef..7ad685f 100644
--- a/yotta/data/example-authcrypt/README.md
+++ b/yotta/data/example-authcrypt/README.md
@@ -36,13 +36,13 @@
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
+6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md
index 3b66916..0b99d3d 100644
--- a/yotta/data/example-benchmark/README.md
+++ b/yotta/data/example-benchmark/README.md
@@ -36,13 +36,13 @@
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-benchmark.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
+6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md
index 553c3a6..1a5491c 100644
--- a/yotta/data/example-hashing/README.md
+++ b/yotta/data/example-hashing/README.md
@@ -36,13 +36,13 @@
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-hashing.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
+6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.
diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md
index 5bc22a6..0daf820 100644
--- a/yotta/data/example-selftest/README.md
+++ b/yotta/data/example-selftest/README.md
@@ -36,13 +36,13 @@
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-selftest.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
+6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
- Use the following settings:
+ Use the following settings:
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
+ * 115200 baud (not 9600).
+ * 8N1.
+ * No flow control.
7. Press the Reset button on the board.