Merge remote-tracking branch 'public/pr/1854' into development
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0ade1d4..4dbe76e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,9 @@
cmake_minimum_required(VERSION 2.6)
-project("mbed TLS" C)
+if(TEST_CPP)
+ project("mbed TLS" C CXX)
+else()
+ project("mbed TLS" C)
+endif()
option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
diff --git a/ChangeLog b/ChangeLog
index 2b19e35..ac40da8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,8 +4,9 @@
Features
* Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
- authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
- Daniel King (#485).
+ authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed
+ by Daniel King (#485).
+ * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
* Add platform support for the Haiku OS. (https://www.haiku-os.org).
Contributed by Augustin Cavalier.
* Make the receive and transmit buffers independent sizes, for situations
@@ -29,6 +30,10 @@
by Brendan Shanks. Part of a fix for #992.
* Fix compilation error when MBEDTLS_ARC4_C is disabled and
MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+ * Fix the inline assembly for the MPI multiply helper function for i386 and
+ i386 with SSE2. Found by László Langó. Fixes #1550
+ * Fix namespacing in header files. Remove the `mbedtls` namespacing in
+ the `#include` in the header files. Resolves #857
* Fix compiler warning of 'use before initialisation' in
mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid
Drozd. #1098
@@ -59,6 +64,8 @@
* Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683
* Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
+ * Added length checks to some TLS parsing functions. Found and fixed by
+ Philippe Antoine from Catena cyber. #1663.
Changes
* Changed CMake defaults for IAR to treat all compiler warnings as errors.
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index a783e6b..c9b58dd 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -81,7 +81,7 @@
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
* The optimal size here depends on the typical size of records.
*/
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 512
+#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
#include "mbedtls/check_config.h"
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index f4b2b56..438aa8c 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -49,7 +49,14 @@
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
+
+/*
+ * Disable use of the i386 assembly code below if option -O0, to disable all
+ * compiler optimisations, is passed, detected with __OPTIMIZE__
+ * This is done as the number of registers used in the assembly code doesn't
+ * work with the -O0 option.
+ */
+#if defined(__i386__) && !defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \
@@ -142,7 +149,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#else
@@ -154,7 +161,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
- : "eax", "ecx", "edx", "esi", "edi" \
+ : "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#endif /* SSE2 */
#endif /* i386 */
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 913c05f..a4fd552 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -28,7 +28,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
-#include "mbedtls/cipher.h"
+#include "cipher.h"
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6b44ebe..17208b5 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3072,7 +3072,7 @@
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
+//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index dcbc047..3835d72 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -36,7 +36,7 @@
#include "aes.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index e0821cf..2608de8 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -27,7 +27,7 @@
#include "md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
#endif
/*
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 28ae821..6c13b53 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -1,7 +1,7 @@
/**
* \file net.h
*
- * \brief Deprecated header file that includes mbedtls/net_sockets.h
+ * \brief Deprecated header file that includes net_sockets.h
*
* \deprecated Superseded by mbedtls/net_sockets.h
*/
@@ -25,7 +25,7 @@
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
+#include "net_sockets.h"
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
#endif /* MBEDTLS_DEPRECATED_WARNING */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 9d9c529..624cc64 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -40,7 +40,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6c35c45..3858559 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -62,7 +62,7 @@
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
#endif
/*
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 7d5eba0..cda8b48 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -271,6 +271,15 @@
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
+/* RFC 7905 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
+
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
*/
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 2e9a0fd..59cdc7a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -47,7 +47,7 @@
* 1. By key exchange:
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
* 2. By key length and cipher:
- * AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
+ * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC
@@ -57,6 +57,11 @@
#if defined(MBEDTLS_SSL_CIPHERSUITES)
MBEDTLS_SSL_CIPHERSUITES,
#else
+ /* Chacha-Poly ephemeral suites */
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+
/* All AES-256 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@@ -127,6 +132,8 @@
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */
+ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
@@ -227,6 +234,7 @@
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
/* The RSA PSK suites */
+ MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
@@ -246,6 +254,7 @@
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */
+ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
@@ -312,6 +321,75 @@
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
{
+#if defined(MBEDTLS_CHACHAPOLY_C) && \
+ defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_PSK,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
+ "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+ MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+ 0 },
+#endif
+#endif /* MBEDTLS_CHACHAPOLY_C &&
+ MBEDTLS_SHA256_C &&
+ MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_SHA1_C)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 09d8a0d..ba59c48 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1247,14 +1247,14 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -2709,7 +2709,7 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f81bdbf..52087ae 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -91,6 +91,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+ if( len < 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@@ -101,7 +108,7 @@
}
p = buf + 2;
- while( servername_list_size > 0 )
+ while( servername_list_size > 2 )
{
hostname_len = ( ( p[1] << 8 ) | p[2] );
if( hostname_len + 3 > servername_list_size )
@@ -205,6 +212,12 @@
mbedtls_md_type_t md_cur;
mbedtls_pk_type_t sig_cur;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
sig_alg_list_size % 2 != 0 )
@@ -273,6 +286,12 @@
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
+ if ( len < 2 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( list_size + 2 != len ||
list_size % 2 != 0 )
@@ -332,14 +351,14 @@
size_t list_size;
const unsigned char *p;
- list_size = buf[0];
- if( list_size + 1 != len )
+ if( len == 0 || (size_t)( buf[0] + 1 ) != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ list_size = buf[0];
p = buf + 1;
while( list_size > 0 )
@@ -1656,10 +1675,16 @@
while( ext_len != 0 )
{
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ unsigned int ext_id;
+ unsigned int ext_size;
+ if ( ext_len < 4 ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) );
+ ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) );
if( ext_size + 4 > ext_len )
{
@@ -3437,6 +3462,10 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
+ if ( p + 2 > end ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+ }
if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
*p++ != ( ( len ) & 0xFF ) )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 185f35a..1c35f0d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -698,18 +698,32 @@
transform->keylen = cipher_info->key_bitlen / 8;
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
- cipher_info->mode == MBEDTLS_MODE_CCM )
+ cipher_info->mode == MBEDTLS_MODE_CCM ||
+ cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
{
+ size_t taglen, explicit_ivlen;
+
transform->maclen = 0;
mac_key_len = 0;
+ /* All modes haves 96-bit IVs;
+ * GCM and CCM has 4 implicit and 8 explicit bytes
+ * ChachaPoly has all 12 bytes implicit
+ */
transform->ivlen = 12;
- transform->fixed_ivlen = 4;
+ if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
+ transform->fixed_ivlen = 12;
+ else
+ transform->fixed_ivlen = 4;
- /* Minimum length is expicit IV + tag */
- transform->minlen = transform->ivlen - transform->fixed_ivlen
- + ( transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
+ /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */
+ taglen = transform->ciphersuite_info->flags &
+ MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+
+ /* Minimum length of encrypted record */
+ explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ transform->minlen = explicit_ivlen + taglen;
}
else
{
@@ -1161,6 +1175,9 @@
* other_secret already set by the ClientKeyExchange message,
* and is 48 bytes long
*/
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
*p++ = 0;
*p++ = 48;
p += 48;
@@ -1404,17 +1421,26 @@
}
else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM )
+ mode == MBEDTLS_MODE_CCM ||
+ mode == MBEDTLS_MODE_CHACHAPOLY )
{
int ret;
size_t enc_msglen, olen;
unsigned char *enc_msg;
unsigned char add_data[13];
- unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
+ unsigned char iv[12];
+ mbedtls_ssl_transform *transform = ssl->transform_out;
+ unsigned char taglen = transform->ciphersuite_info->flags &
MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+ size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ /*
+ * Prepare additional authenticated data
+ */
memcpy( add_data, ssl->out_ctr, 8 );
add_data[8] = ssl->out_msgtype;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@@ -1422,44 +1448,57 @@
add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
add_data[12] = ssl->out_msglen & 0xFF;
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
- add_data, 13 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
/*
* Generate IV
*/
- if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
+ if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
+ {
+ /* GCM and CCM: fixed || explicit (=seqnum) */
+ memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
+ memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
+ memcpy( ssl->out_iv, ssl->out_ctr, 8 );
+
+ }
+ else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
+ {
+ /* ChachaPoly: fixed XOR sequence number */
+ unsigned char i;
+
+ memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
+
+ for( i = 0; i < 8; i++ )
+ iv[i+4] ^= ssl->out_ctr[i];
+ }
+ else
{
/* Reminder if we ever add an AEAD mode with a different size */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
- ssl->out_ctr, 8 );
- memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
- ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
+ iv, transform->ivlen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
+ ssl->out_iv, explicit_ivlen );
/*
- * Fix pointer positions and message length with added IV
+ * Fix message length with added IV
*/
enc_msg = ssl->out_msg;
enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->transform_out->ivlen -
- ssl->transform_out->fixed_ivlen;
+ ssl->out_msglen += explicit_ivlen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of padding",
- ssl->out_msglen, 0 ) );
+ "including 0 bytes of padding",
+ ssl->out_msglen ) );
/*
* Encrypt and authenticate
*/
- if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
- ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen,
+ if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
+ iv, transform->ivlen,
add_data, 13,
enc_msg, enc_msglen,
enc_msg, &olen,
@@ -1619,7 +1658,6 @@
static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
{
- size_t i;
mbedtls_cipher_mode_t mode;
int auth_done = 0;
#if defined(SSL_SOME_MODES_USE_MAC)
@@ -1669,20 +1707,27 @@
}
else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM )
+ mode == MBEDTLS_MODE_CCM ||
+ mode == MBEDTLS_MODE_CHACHAPOLY )
{
int ret;
size_t dec_msglen, olen;
unsigned char *dec_msg;
unsigned char *dec_msg_result;
unsigned char add_data[13];
- unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
+ unsigned char iv[12];
+ mbedtls_ssl_transform *transform = ssl->transform_in;
+ unsigned char taglen = transform->ciphersuite_info->flags &
MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
- size_t explicit_iv_len = ssl->transform_in->ivlen -
- ssl->transform_in->fixed_ivlen;
+ size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
+ /*
+ * Compute and update sizes
+ */
if( ssl->in_msglen < explicit_iv_len + taglen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
@@ -1696,6 +1741,9 @@
dec_msg_result = ssl->in_msg;
ssl->in_msglen = dec_msglen;
+ /*
+ * Prepare additional authenticated data
+ */
memcpy( add_data, ssl->in_ctr, 8 );
add_data[8] = ssl->in_msgtype;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@@ -1703,23 +1751,43 @@
add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
add_data[12] = ssl->in_msglen & 0xFF;
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
- add_data, 13 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
- memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
- ssl->in_iv,
- ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
+ /*
+ * Prepare IV
+ */
+ if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
+ {
+ /* GCM and CCM: fixed || explicit (transmitted) */
+ memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
+ memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen );
+ }
+ else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
+ {
+ /* ChachaPoly: fixed XOR sequence number */
+ unsigned char i;
+
+ memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
+
+ for( i = 0; i < 8; i++ )
+ iv[i+4] ^= ssl->in_ctr[i];
+ }
+ else
+ {
+ /* Reminder if we ever add an AEAD mode with a different size */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
/*
* Decrypt and authenticate
*/
if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
- ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen,
+ iv, transform->ivlen,
add_data, 13,
dec_msg, dec_msglen,
dec_msg_result, &olen,
@@ -1837,6 +1905,7 @@
*/
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
+ unsigned char i;
dec_msglen -= ssl->transform_in->ivlen;
ssl->in_msglen -= ssl->transform_in->ivlen;
@@ -1911,6 +1980,7 @@
*/
size_t pad_count = 0, real_count = 1;
size_t padding_idx = ssl->in_msglen - padlen - 1;
+ size_t i;
/*
* Padding is guaranteed to be incorrect if:
@@ -2087,6 +2157,7 @@
else
#endif
{
+ unsigned char i;
for( i = 8; i > ssl_ep_len( ssl ); i-- )
if( ++ssl->in_ctr[i - 1] != 0 )
break;
@@ -4538,6 +4609,12 @@
while( i < ssl->in_hslen )
{
+ if ( i + 3 > ssl->in_hslen ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
diff --git a/programs/.gitignore b/programs/.gitignore
index ddfa1a4..0241896 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -45,6 +45,7 @@
test/benchmark
test/ecp-bench
test/selftest
+test/cpp_dummy_build
test/ssl_cert_test
test/udp_proxy
test/zeroize
diff --git a/programs/Makefile b/programs/Makefile
index 080e82d..b6d1fa2 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -4,9 +4,11 @@
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+WARNING_CXXFLAGS ?= -Wall -W
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
@@ -77,6 +79,10 @@
APPS += ssl/ssl_pthread_server$(EXEXT)
endif
+ifdef TEST_CPP
+APPS += test/cpp_dummy_build$(EXEXT)
+endif
+
.SILENT:
.PHONY: all clean list
@@ -242,6 +248,10 @@
echo " CC test/benchmark.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP)
+ echo " CXX test/cpp_dummy_build.cpp"
+ $(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
test/selftest$(EXEXT): test/selftest.c $(DEP)
echo " CC test/selftest.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4acf38d..c727f93 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#include "mbedtls/aes.h"
#include "mbedtls/md.h"
@@ -71,7 +74,8 @@
#else
int main( int argc, char *argv[] )
{
- int ret = 1;
+ int ret = 0;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned int i, n;
int mode, lastn;
@@ -429,7 +433,7 @@
}
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
@@ -452,6 +456,6 @@
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 0e272eb..99d30c9 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -30,9 +30,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
defined(MBEDTLS_FS_IO)
@@ -74,6 +77,7 @@
int main( int argc, char *argv[] )
{
int ret = 1, i, n;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
FILE *fkey, *fin = NULL, *fout = NULL;
@@ -526,7 +530,7 @@
}
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
@@ -549,6 +553,6 @@
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index d1e81d4..bbe8d92 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/md.h"
@@ -169,7 +172,8 @@
int main( int argc, char *argv[] )
{
- int ret, i;
+ int ret = 1, i;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -196,7 +200,7 @@
fflush( stdout ); getchar();
#endif
- return( 1 );
+ return( exit_code );
}
/*
@@ -206,12 +210,12 @@
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- return( 1 );
+ return( exit_code );
}
ret = 0;
@@ -224,9 +228,12 @@
for( i = 2; i < argc; i++ )
ret |= generic_print( md_info, argv[i] );
+ if ( ret == 0 )
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_md_free( &md_ctx );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 0978408..3dadf48 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t n, buflen;
mbedtls_net_context server_fd;
@@ -115,7 +119,6 @@
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -191,7 +194,6 @@
if( dhm.len < 64 || dhm.len > 512 )
{
- ret = 1;
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
}
@@ -207,7 +209,6 @@
if( ( n = (size_t) ( end - p ) ) != rsa.len )
{
- ret = 1;
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
@@ -286,6 +287,8 @@
buf[16] = '\0';
mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -301,7 +304,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 84a94a1..dbe9153 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -30,9 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
@@ -69,6 +71,7 @@
int main( int argc, char **argv )
{
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi G, P, Q;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -86,7 +89,7 @@
{
usage:
mbedtls_printf( USAGE );
- return( 1 );
+ return( exit_code );
}
for( i = 1; i < argc; i++ )
@@ -164,7 +167,6 @@
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
goto exit;
}
@@ -180,6 +182,8 @@
mbedtls_printf( " ok\n\n" );
fclose( fout );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -191,7 +195,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 4304231..c4e2c39 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t n, buflen;
mbedtls_net_context listen_fd, client_fd;
@@ -121,7 +125,6 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -164,7 +167,6 @@
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n" );
goto exit;
@@ -304,6 +306,8 @@
mbedtls_printf( "\n\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -323,7 +327,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index e7ead9a..5db0408 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_ECDH_C) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
@@ -51,7 +54,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdh_context ctx_cli, ctx_srv;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -218,6 +222,7 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
@@ -231,7 +236,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret != 0 );
+ return( exit_code );
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index b474060..c653df9 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_ECDSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -98,7 +101,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdsa_context ctx_sign, ctx_verify;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -115,7 +119,6 @@
memset( sig, 0, sizeof( sig ) );
memset( message, 0x25, sizeof( message ) );
- ret = 1;
if( argc != 1 )
{
@@ -213,8 +216,6 @@
goto exit;
}
- ret = 0;
-
/*
* Verify signature
*/
@@ -231,6 +232,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#if defined(_WIN32)
@@ -243,7 +246,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index a7f5c90..f01bf5f 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -186,7 +189,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context key;
char buf[1024];
int i;
@@ -214,7 +218,6 @@
if( argc == 0 )
{
usage:
- ret = 1;
mbedtls_printf( USAGE );
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
@@ -222,7 +225,7 @@
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
-#endif
+#endif /* MBEDTLS_ECP_C */
goto exit;
}
@@ -411,9 +414,11 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -436,7 +441,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index f1b548d..7a4cb39 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
@@ -83,7 +86,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
@@ -283,10 +287,12 @@
else
goto usage;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -303,6 +309,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 5f7d2dd..13602c2 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
@@ -189,7 +192,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
@@ -210,7 +214,6 @@
if( argc == 0 )
{
usage:
- ret = 1;
mbedtls_printf( USAGE );
goto exit;
}
@@ -403,9 +406,11 @@
write_private_key( &key, opt.output_file );
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -426,6 +431,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index afe8957..365bdc4 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/bignum.h"
@@ -47,7 +50,8 @@
#else
int main( void )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
@@ -88,15 +92,16 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
mbedtls_printf( "\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
cleanup:
mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
mbedtls_mpi_free( &Z );
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_printf( "\nAn error occurred.\n" );
- ret = 1;
}
#if defined(_WIN32)
@@ -104,6 +109,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 32fbc75..00bd71e 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
@@ -59,7 +62,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret, c;
+ int ret = 1, c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
@@ -71,7 +75,6 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
memset(result, 0, sizeof( result ) );
- ret = 1;
if( argc != 2 )
{
@@ -110,8 +113,6 @@
/*
* Extract the RSA encrypted value from the text file
*/
- ret = 1;
-
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
@@ -143,14 +144,14 @@
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -162,7 +163,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 7ca9d5a..400619c 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -59,7 +62,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
@@ -68,7 +72,6 @@
unsigned char buf[512];
const char *pers = "mbedtls_pk_encrypt";
- ret = 1;
mbedtls_ctr_drbg_init( &ctr_drbg );
if( argc != 3 )
@@ -132,7 +135,6 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -145,12 +147,14 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -162,7 +166,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 55df95e..7ec4675 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -30,9 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -61,6 +63,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -134,14 +137,12 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
- ret = 1;
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit;
@@ -151,13 +152,15 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -169,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( ret ? EXIT_FAILURE : EXIT_SUCCESS );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index d35d17f..3c7709f 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \
@@ -56,6 +59,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
@@ -87,7 +91,6 @@
/*
* Extract the signature from the file
*/
- ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -125,13 +128,13 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
#if defined(MBEDTLS_ERROR_C)
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
@@ -143,7 +146,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 2da3fbf..0a252d2 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -30,11 +30,11 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_printf printf
-#define mbedtls_exit exit
+#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
@@ -61,7 +61,9 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int return_val, exit_val, c;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ int c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -73,7 +75,6 @@
((void) argv);
memset(result, 0, sizeof( result ) );
- exit_val = MBEDTLS_EXIT_SUCCESS;
if( argc != 1 )
{
@@ -83,7 +84,7 @@
mbedtls_printf( "\n" );
#endif
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( exit_code );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
@@ -96,14 +97,13 @@
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
- return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) );
- if( return_val != 0 )
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- return_val );
+ ret );
goto exit;
}
@@ -112,40 +112,38 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- if( ( return_val = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- return_val );
+ ret );
fclose( f );
goto exit;
}
fclose( f );
- if( ( return_val = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
+ if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
- if( ( return_val = mbedtls_rsa_complete( &rsa ) ) != 0 )
+ if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -154,7 +152,6 @@
*/
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -169,7 +166,6 @@
if( i != rsa.len )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
@@ -180,14 +176,13 @@
mbedtls_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
- return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
+ ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
buf, result, 1024 );
- if( return_val != 0 )
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -195,6 +190,8 @@
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
@@ -208,6 +205,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_val );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 81c27d8..411657a 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -30,12 +30,12 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_exit exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -61,7 +61,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int return_val, exit_val;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
@@ -71,8 +72,6 @@
const char *pers = "rsa_encrypt";
mbedtls_mpi N, E;
- exit_val = MBEDTLS_EXIT_SUCCESS;
-
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
@@ -81,7 +80,7 @@
mbedtls_printf( "\n" );
#endif
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( exit_code );
}
mbedtls_printf( "\n . Seeding the random number generator..." );
@@ -92,14 +91,13 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) );
- if( return_val != 0 )
+ ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
- return_val );
+ ret );
goto exit;
}
@@ -108,35 +106,30 @@
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
- if( ( return_val = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
- ( return_val = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
- return_val );
+ ret );
fclose( f );
goto exit;
}
fclose( f );
- if( ( return_val = mbedtls_rsa_import( &rsa, &N, NULL,
- NULL, NULL, &E ) ) != 0 )
+ if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
if( strlen( argv[1] ) > 100 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -149,14 +142,13 @@
mbedtls_printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
- return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PUBLIC,
- strlen( argv[1] ), input, buf );
- if( return_val != 0 )
+ ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+ strlen( argv[1] ), input, buf );
+ if( ret != 0 )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
- return_val );
+ ret );
goto exit;
}
@@ -165,7 +157,6 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- exit_val = MBEDTLS_EXIT_FAILURE;
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -178,6 +169,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -189,7 +182,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_val );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 9399217..3359e14 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
@@ -61,7 +64,8 @@
#else
int main( void )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -105,14 +109,12 @@
( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
- ret = 1;
goto exit;
}
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
- ret = 1;
goto exit;
}
@@ -129,7 +131,6 @@
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
- ret = 1;
goto exit;
}
@@ -160,6 +161,8 @@
*/
mbedtls_printf( " ok\n\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
if( fpub != NULL )
@@ -180,7 +183,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 89018cb..b16fe5d 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -55,7 +58,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[32];
@@ -69,8 +73,6 @@
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
- ret = 1;
-
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_sign <filename>\n" );
@@ -87,7 +89,6 @@
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
@@ -159,7 +160,6 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
goto exit;
}
@@ -172,6 +172,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_rsa_free( &rsa );
@@ -184,7 +186,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 7b6f14d..b0b0f7e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -61,6 +64,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -101,7 +105,6 @@
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
@@ -109,7 +112,6 @@
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
- ret = 1;
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
@@ -145,7 +147,6 @@
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
- ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
@@ -161,6 +162,8 @@
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -171,7 +174,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 1f827aa..6f88345 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -54,7 +57,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret, c;
+ int ret = 1, c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[32];
@@ -62,7 +66,6 @@
char filename[512];
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
- ret = 1;
if( argc != 2 )
{
@@ -100,7 +103,6 @@
/*
* Extract the RSA signature from the text file
*/
- ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -146,7 +148,7 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
@@ -157,7 +159,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 31b720f..7c9c68f 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -60,6 +63,7 @@
{
FILE *f;
int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
@@ -91,7 +95,6 @@
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
- ret = 1;
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
@@ -101,7 +104,6 @@
/*
* Extract the RSA signature from the file
*/
- ret = 1;
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -139,7 +141,7 @@
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
@@ -149,7 +151,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 792d381..a1eb386 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
@@ -49,20 +52,21 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int i, k, ret;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -72,7 +76,8 @@
ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
- mbedtls_printf("failed!\n");
+ mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
+ ret );
goto cleanup;
}
@@ -83,7 +88,7 @@
fflush( stdout );
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf( "\n" );
@@ -91,6 +96,6 @@
fclose( f );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index c76f99d..5ade946 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_FS_IO)
@@ -52,7 +55,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int i, k, ret;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[1024];
@@ -62,13 +66,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -116,7 +120,7 @@
fflush( stdout );
}
- ret = 0;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf("\n");
@@ -125,6 +129,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 6c31462..3fb3f01 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_HAVEGE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/havege.h"
@@ -51,20 +54,21 @@
{
FILE *f;
time_t t;
- int i, k, ret = 0;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_havege_state hs;
unsigned char buf[1024];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( 1 );
+ return( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( 1 );
+ return( exit_code );
}
mbedtls_havege_init( &hs );
@@ -73,11 +77,10 @@
for( i = 0, k = 768; i < k; i++ )
{
- if( mbedtls_havege_random( &hs, buf, sizeof( buf ) ) != 0 )
+ if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
{
- mbedtls_printf( "Failed to get random from source.\n" );
-
- ret = 1;
+ mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X",
+ -ret );
goto exit;
}
@@ -93,9 +96,11 @@
mbedtls_printf(" \n ");
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_havege_free( &hs );
fclose( f );
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 01cee13..bf7c013 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -80,7 +82,8 @@
int main( void )
{
- int ret, len;
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
uint32_t flags;
unsigned char buf[1024];
@@ -281,10 +284,12 @@
mbedtls_ssl_close_notify( &ssl );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
@@ -305,7 +310,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7624896..1c3a806 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#define mbedtls_time_t time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
@@ -95,7 +98,8 @@
int main( void )
{
- int ret, len, cnt = 0, pid;
+ int ret = 1, len, cnt = 0, pid;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "ssl_fork_server";
@@ -392,6 +396,8 @@
goto exit;
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
@@ -408,7 +414,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 04b847a..04f8910 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -346,7 +348,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0, len;
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
unsigned char buf[1024];
#if defined(MBEDTLS_BASE64_C)
@@ -499,8 +502,8 @@
mbedtls_test_cas_pem_len );
#else
{
- ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
}
#endif
if( ret < 0 )
@@ -529,8 +532,8 @@
mbedtls_test_cli_crt_len );
#else
{
- ret = -1;
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ goto exit;
}
#endif
if( ret != 0 )
@@ -549,8 +552,8 @@
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
- ret = -1;
mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
}
#endif
if( ret != 0 )
@@ -819,6 +822,8 @@
mbedtls_ssl_close_notify( &ssl );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -835,7 +840,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3a413ad..7654a64 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -97,6 +97,10 @@
#include <windows.h>
#endif
+/* Size of memory to be allocated for the heap, when using the library's memory
+ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
+#define MEMORY_HEAP_SIZE 120000
+
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
#define DFL_DEBUG_LEVEL 0
@@ -1212,7 +1216,7 @@
const char *alpn_list[ALPN_LIST_SIZE];
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- unsigned char alloc_buf[100000];
+ unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif
int i;
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0c5ce27..9ca0cb2 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -16,6 +16,11 @@
add_executable(benchmark benchmark.c)
target_link_libraries(benchmark ${libs})
+if(TEST_CPP)
+ add_executable(cpp_dummy_build cpp_dummy_build.cpp)
+ target_link_libraries(cpp_dummy_build ${libs})
+endif()
+
add_executable(ssl_cert_test ssl_cert_test.c)
target_link_libraries(ssl_cert_test ${libs})
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
new file mode 100644
index 0000000..41c24c9
--- /dev/null
+++ b/programs/test/cpp_dummy_build.cpp
@@ -0,0 +1,118 @@
+/*
+ * This program is a dummy C++ program to ensure Mbed TLS library header files
+ * can be included and built with a C++ compiler.
+ *
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/bn_mul.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/check_config.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cipher_internal.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/compat-1.3.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/ecp_internal.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/md_internal.h"
+#include "mbedtls/net.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pk_internal.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/rsa_internal.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/xtea.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+int main()
+{
+ mbedtls_platform_context *ctx = NULL;
+ mbedtls_platform_setup(ctx);
+ mbedtls_printf("CPP Build test\n");
+ mbedtls_platform_teardown(ctx);
+}
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index 9cfcd2d..fd3526f 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -29,9 +29,12 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -80,7 +83,8 @@
int main( void )
{
- int ret, i;
+ int ret = 1, i;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt cacert;
mbedtls_x509_crl crl;
char buf[10240];
@@ -210,7 +214,6 @@
if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) )
{
mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" );
- ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
goto exit;
}
@@ -241,6 +244,8 @@
mbedtls_pk_free( &pk );
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crl_free( &crl );
@@ -250,7 +255,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_X509_CRL_PARSE_C */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 5797f3d..55e0f24 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -37,10 +37,12 @@
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_NET_C)
int main( void )
@@ -600,7 +602,8 @@
int main( int argc, char *argv[] )
{
- int ret;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context listen_fd, client_fd, server_fd;
@@ -781,10 +784,12 @@
}
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
#ifdef MBEDTLS_ERROR_C
- if( ret != 0 )
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
@@ -802,7 +807,7 @@
fflush( stdout ); getchar();
#endif
- return( ret != 0 );
+ return( exit_code );
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index ad2c6ac..73a9fb5 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -29,10 +29,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_free free
-#define mbedtls_calloc calloc
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_free free
+#define mbedtls_calloc calloc
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
@@ -178,7 +181,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char *pem_buffer = NULL;
unsigned char der_buffer[4096];
char buf[1024];
@@ -273,6 +277,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
free( pem_buffer );
@@ -281,6 +287,6 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c893ca8..c57ecca 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -30,11 +30,13 @@
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_time time
-#define mbedtls_time_t time_t
-#define mbedtls_fprintf fprintf
-#define mbedtls_printf printf
-#endif
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -145,7 +147,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
unsigned char buf[1024];
mbedtls_entropy_context entropy;
@@ -180,7 +183,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 2;
goto exit;
}
@@ -252,19 +254,23 @@
if( strlen( opt.ca_path ) )
{
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
verify = 1;
}
else if( strlen( opt.ca_file ) )
{
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
- verify = 1;
- }
+ if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret );
+ goto exit;
+ }
- if( ret < 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
- goto exit;
+ verify = 1;
}
mbedtls_printf( " ok (%d skipped)\n", ret );
@@ -332,8 +338,6 @@
cur = cur->next;
}
- ret = 0;
-
/*
* 1.3 Verify the certificate
*/
@@ -470,6 +474,8 @@
else
goto usage;
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_net_free( &server_fd );
@@ -485,10 +491,7 @@
fflush( stdout ); getchar();
#endif
- if( ret < 0 )
- ret = 1;
-
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 30df216..a32ac50 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -133,7 +136,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context key;
char buf[1024];
int i;
@@ -156,7 +160,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 1;
goto exit;
}
@@ -317,9 +320,11 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
- if( ret != 0 && ret != 1)
+ if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -339,7 +344,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 12baf72..09a91e0 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
@@ -211,7 +214,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt issuer_crt;
mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
mbedtls_pk_context *issuer_key = &loaded_issuer_key,
@@ -248,7 +252,6 @@
{
usage:
mbedtls_printf( USAGE );
- ret = 1;
goto exit;
}
@@ -611,7 +614,6 @@
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
- ret = -1;
goto exit;
}
}
@@ -784,6 +786,8 @@
mbedtls_printf( " ok\n" );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &loaded_subject_key );
@@ -797,7 +801,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 210d19e..f831683 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char buf[100000];
mbedtls_x509_crl crl;
int i;
@@ -131,6 +135,8 @@
mbedtls_printf( "%s\n", buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_crl_free( &crl );
@@ -139,7 +145,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 8410a53..0f20c85 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -29,8 +29,11 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
-#define mbedtls_printf printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@
int main( int argc, char *argv[] )
{
- int ret = 0;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned char buf[100000];
mbedtls_x509_csr csr;
int i;
@@ -131,6 +135,8 @@
mbedtls_printf( "%s\n", buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
exit:
mbedtls_x509_csr_free( &csr );
@@ -139,7 +145,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/tests/compat.sh b/tests/compat.sh
index d383cb4..bf65e5e 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -42,6 +42,9 @@
PEER_GNUTLS=""
else
PEER_GNUTLS=" GnuTLS"
+ if [ $MINOR -lt 4 ]; then
+ GNUTLS_MINOR_LT_FOUR='x'
+ fi
fi
fi
else
@@ -58,7 +61,8 @@
# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
-EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA'
+# - ChachaPoly: requires OpenSSL >= 1.1.0
+EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -437,6 +441,9 @@
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see
# https://github.com/ARMmbed/mbedtls/issues/1419
+#
+# ChachaPoly suites are here rather than in "common", as they were added in
+# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
add_openssl_ciphersuites()
{
case $TYPE in
@@ -468,6 +475,7 @@
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
"
O_CIPHERS="$O_CIPHERS \
ECDH-ECDSA-AES128-SHA256 \
@@ -476,6 +484,7 @@
ECDH-ECDSA-AES256-GCM-SHA384 \
ECDHE-ECDSA-ARIA256-GCM-SHA384 \
ECDHE-ECDSA-ARIA128-GCM-SHA256 \
+ ECDHE-ECDSA-CHACHA20-POLY1305 \
"
fi
;;
@@ -498,6 +507,8 @@
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
"
O_CIPHERS="$O_CIPHERS \
ECDHE-ARIA256-GCM-SHA384 \
@@ -506,6 +517,8 @@
ECDHE-ARIA128-GCM-SHA256 \
DHE-RSA-ARIA128-GCM-SHA256 \
ARIA128-GCM-SHA256 \
+ DHE-RSA-CHACHA20-POLY1305 \
+ ECDHE-RSA-CHACHA20-POLY1305 \
"
fi
;;
@@ -518,12 +531,18 @@
TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
"
O_CIPHERS="$O_CIPHERS \
DHE-PSK-ARIA256-GCM-SHA384 \
DHE-PSK-ARIA128-GCM-SHA256 \
PSK-ARIA256-GCM-SHA384 \
PSK-ARIA128-GCM-SHA256 \
+ DHE-PSK-CHACHA20-POLY1305 \
+ ECDHE-PSK-CHACHA20-POLY1305 \
+ PSK-CHACHA20-POLY1305 \
"
fi
;;
@@ -545,12 +564,20 @@
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
"
G_CIPHERS="$G_CIPHERS \
+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
+ +ECDHE-ECDSA:+AES-128-CCM:+AEAD \
+ +ECDHE-ECDSA:+AES-256-CCM:+AEAD \
+ +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD \
+ +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD \
"
fi
;;
@@ -580,6 +607,14 @@
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-WITH-AES-128-CCM \
+ TLS-RSA-WITH-AES-256-CCM \
+ TLS-DHE-RSA-WITH-AES-128-CCM \
+ TLS-DHE-RSA-WITH-AES-256-CCM \
+ TLS-RSA-WITH-AES-128-CCM-8 \
+ TLS-RSA-WITH-AES-256-CCM-8 \
+ TLS-DHE-RSA-WITH-AES-128-CCM-8 \
+ TLS-DHE-RSA-WITH-AES-256-CCM-8 \
"
G_CIPHERS="$G_CIPHERS \
+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
@@ -594,6 +629,14 @@
+DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
+RSA:+CAMELLIA-128-GCM:+AEAD \
+RSA:+CAMELLIA-256-GCM:+AEAD \
+ +RSA:+AES-128-CCM:+AEAD \
+ +RSA:+AES-256-CCM:+AEAD \
+ +RSA:+AES-128-CCM-8:+AEAD \
+ +RSA:+AES-256-CCM-8:+AEAD \
+ +DHE-RSA:+AES-128-CCM:+AEAD \
+ +DHE-RSA:+AES-256-CCM:+AEAD \
+ +DHE-RSA:+AES-128-CCM-8:+AEAD \
+ +DHE-RSA:+AES-256-CCM-8:+AEAD \
"
fi
;;
@@ -665,6 +708,14 @@
TLS-PSK-WITH-AES-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-PSK-WITH-AES-128-CCM \
+ TLS-PSK-WITH-AES-256-CCM \
+ TLS-DHE-PSK-WITH-AES-128-CCM \
+ TLS-DHE-PSK-WITH-AES-256-CCM \
+ TLS-PSK-WITH-AES-128-CCM-8 \
+ TLS-PSK-WITH-AES-256-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-128-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-256-CCM-8 \
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
@@ -695,6 +746,14 @@
+PSK:+AES-256-GCM:+AEAD \
+DHE-PSK:+AES-128-GCM:+AEAD \
+DHE-PSK:+AES-256-GCM:+AEAD \
+ +PSK:+AES-128-CCM:+AEAD \
+ +PSK:+AES-256-CCM:+AEAD \
+ +DHE-PSK:+AES-128-CCM:+AEAD \
+ +DHE-PSK:+AES-256-CCM:+AEAD \
+ +PSK:+AES-128-CCM-8:+AEAD \
+ +PSK:+AES-256-CCM-8:+AEAD \
+ +DHE-PSK:+AES-128-CCM-8:+AEAD \
+ +DHE-PSK:+AES-256-CCM-8:+AEAD \
+RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
+RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
+PSK:+CAMELLIA-128-GCM:+AEAD \
@@ -737,10 +796,6 @@
M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
@@ -755,14 +810,6 @@
if [ `minor_ver "$MODE"` -ge 3 ]
then
M_CIPHERS="$M_CIPHERS \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
@@ -789,14 +836,6 @@
if [ `minor_ver "$MODE"` -ge 3 ]
then
M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
@@ -807,6 +846,7 @@
TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
"
fi
;;
@@ -842,10 +882,17 @@
exit 1;
esac
+ # GnuTLS < 3.4 will choke if we try to allow CCM-8
+ if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then
+ G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:"
+ else
+ G_PRIO_CCM=""
+ fi
+
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
- G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+ G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e1cf35..6eeebb5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -35,6 +35,7 @@
# * GNU Make
# * CMake
# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
+# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
# * Yotta build dependencies, unless invoked with --no-yotta
@@ -227,6 +228,14 @@
done
}
+check_headers_in_cpp () {
+ ls include/mbedtls >headers.txt
+ <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
+ sort |
+ diff headers.txt -
+ rm headers.txt
+}
+
while [ $# -gt 0 ]; do
case "$1" in
--armcc) RUN_ARMCC=1;;
@@ -339,6 +348,7 @@
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ exit 1
elif [ -z "${1-}" ]; then
echo "SUCCESS :)"
fi
@@ -565,8 +575,8 @@
msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
-msg "test: compat.sh ARIA"
-if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA'
+msg "test: compat.sh ARIA + ChachaPoly"
+if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
cleanup
@@ -606,6 +616,12 @@
cleanup
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+msg "test: verify header list in cpp_dummy_build.cpp"
+record_status check_headers_in_cpp
+
+msg "build: Unix make, incremental g++"
+make TEST_CPP=1
+
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
# IO, it should catch missing '#include <stdio.h>'
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9fc91c7..0f61535 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -742,7 +742,7 @@
"$P_CLI" \
0 \
-s "Protocol is TLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
-s "client hello v3, signature_algorithm ext: 6" \
-s "ECDHE curve: secp521r1" \
-S "error" \
@@ -753,20 +753,14 @@
"$P_CLI dtls=1" \
0 \
-s "Protocol is DTLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
+ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
# Test current time in ServerHello
requires_config_enabled MBEDTLS_HAVE_TIME
-run_test "Default, ServerHello contains gmt_unix_time" \
+run_test "ServerHello contains gmt_unix_time" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
- -s "Protocol is TLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
- -s "client hello v3, signature_algorithm ext: 6" \
- -s "ECDHE curve: secp521r1" \
- -S "error" \
- -C "error" \
-f "check_server_hello_time" \
-F "check_server_hello_time"
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index e351ebd..734fd97 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -19,10 +19,10 @@
Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
Diffie-Hellman selftest