- Merged changesets 1399 up to and including 1415 into 1.2 branch
diff --git a/ChangeLog b/ChangeLog
index a448acc..6b2c969 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,16 @@
PolarSSL ChangeLog
-= Version Trunk
+= Version 1.2.1 released 2012-11-13
+Changes
+ * Depth that the certificate verify callback receives is now numbered
+ bottom-up (Peer cert depth is 0)
+
Bugfixes
* Fixes for MSVC6
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
+ * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
+ Pégourié-Gonnard)
+ * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
= Version 1.2.0 released 2012-10-31
Features
diff --git a/Makefile b/Makefile
index 4713cfe..d29d830 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,18 @@
fi \
done
+uninstall:
+ rm -rf $(DESTDIR)/include/polarssl
+ rm -f $(DESTDIR)/lib/libpolarssl.*
+
+ for p in programs/*/* ; do \
+ if [ -x $$p ] && [ ! -d $$p ] ; \
+ then \
+ f=$(PREFIX)`basename $$p` ; \
+ rm -f $(DESTDIR)/bin/$$f ; \
+ fi \
+ done
+
clean:
cd library && $(MAKE) clean && cd ..
cd programs && $(MAKE) clean && cd ..
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index c440840..07dfdc2 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -4,7 +4,7 @@
*/
/**
- * @mainpage PolarSSL v1.2.0 source code documentation
+ * @mainpage PolarSSL v1.2.1 source code documentation
*
* This documentation describes the internal structure of PolarSSL. It was
* automatically generated from specially formatted comment blocks in
@@ -21,7 +21,7 @@
*
* @section mainpage_modules Modules
*
- * PolarSSL supports SSLv3 up to TLSv1.1 communication by providing the
+ * PolarSSL supports SSLv3 up to TLSv1.2 communication by providing the
* following:
* - TCP/IP communication functions: listen, connect, accept, read/write.
* - SSL/TLS communication functions: init, handshake, read/write.
diff --git a/doxygen/polarssl.doxyfile b/doxygen/polarssl.doxyfile
index 90fd2a3..008364e 100644
--- a/doxygen/polarssl.doxyfile
+++ b/doxygen/polarssl.doxyfile
@@ -25,7 +25,7 @@
# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
# by quotes) that should identify the project.
-PROJECT_NAME = "PolarSSL v1.2.0"
+PROJECT_NAME = "PolarSSL v1.2.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 5f6c198..b79894c 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -141,7 +141,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index 48ad60b..7233384 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -66,7 +66,7 @@
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 3b8b1f6..ce29ca3 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -223,7 +223,7 @@
*/
int mpi_lset( mpi *X, t_sint z );
-/*
+/**
* \brief Get a specific bit from X
*
* \param X MPI to use
@@ -233,7 +233,7 @@
*/
int mpi_get_bit( const mpi *X, size_t pos );
-/*
+/**
* \brief Set a bit of X to a specific value of 0 or 1
*
* \note Will grow X if necessary to set a bit to 1 in a not yet
diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h
index 7139c18..313d898 100644
--- a/include/polarssl/blowfish.h
+++ b/include/polarssl/blowfish.h
@@ -129,7 +129,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Blowfish-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index b2b1294..f073d46 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -139,7 +139,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief CAMELLIA-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 09b10c2..1ce28e5 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -150,7 +150,7 @@
*
* Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for
- * channels without virtually no security at all!
+ * channels with virtually no security at all!
*
* This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA
@@ -345,7 +345,7 @@
/**
* \def POLARSSL_BIGNUM_C
*
- * Enable the multo-precision integer library.
+ * Enable the multi-precision integer library.
*
* Module: library/bignum.c
* Caller: library/dhm.c
@@ -738,7 +738,7 @@
*/
#define POLARSSL_SSL_CLI_C
-/*
+/**
* \def POLARSSL_SSL_SRV_C
*
* Enable the SSL/TLS server code.
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index b649ccf..5eee7ac 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -220,7 +220,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index ba6e424..48d9268 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -225,7 +225,7 @@
int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen );
-/*
+/**
* \brief Free the components of a DHM key
*/
void dhm_free( dhm_context *ctx );
diff --git a/include/polarssl/pkcs11.h b/include/polarssl/pkcs11.h
index ddfae30..003d3f5 100644
--- a/include/polarssl/pkcs11.h
+++ b/include/polarssl/pkcs11.h
@@ -104,7 +104,7 @@
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- unsigned int output_max_len );
+ size_t output_max_len );
/**
* \brief Do a private RSA to sign a message digest
@@ -134,7 +134,7 @@
*/
static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
- unsigned int output_max_len )
+ size_t output_max_len )
{
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output,
output_max_len );
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 513b037..3a822cb 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -167,6 +167,9 @@
/**
* \brief Initialize an RSA context
*
+ * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
+ * encryption scheme and the RSASSA-PSS signature scheme.
+ *
* \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 071288e..5a1e7fc 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -116,8 +116,8 @@
#define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1
-#define SSL_RENEGOTIATION_ENABLED 0
-#define SSL_RENEGOTIATION_DISABLED 1
+#define SSL_RENEGOTIATION_DISABLED 0
+#define SSL_RENEGOTIATION_ENABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
@@ -852,7 +852,8 @@
* (Default: SSL_RENEGOTIATION_DISABLED)
*
* Note: A server with support enabled is more vulnerable for a
- * resource DoS by a malicious client.
+ * resource DoS by a malicious client. You should enable this on
+ * a client to enable server-initiated renegotiation.
*
* \param ssl SSL context
* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
@@ -883,8 +884,9 @@
* (Most secure option, interoperability issues)
*
* \param ssl SSL context
- * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION or
- * SSL_ALLOW_LEGACY_RENEGOTIATION)
+ * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ * SSL_ALLOW_LEGACY_RENEGOTIATION or
+ * SSL_LEGACY_BREAK_HANDSHAKE)
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
@@ -999,7 +1001,7 @@
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
* \param message The alert message (SSL_ALERT_MSG_*)
*
- * \return 1 if successful, or a specific SSL error code.
+ * \return 0 if successful, or a specific SSL error code.
*/
int ssl_send_alert_message( ssl_context *ssl,
unsigned char level,
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index 159c95a..4fe84a9 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h
@@ -39,16 +39,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 2
-#define POLARSSL_VERSION_PATCH 0
+#define POLARSSL_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01020000
-#define POLARSSL_VERSION_STRING "1.2.0"
-#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.0"
+#define POLARSSL_VERSION_NUMBER 0x01020100
+#define POLARSSL_VERSION_STRING "1.2.1"
+#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.1"
#if defined(POLARSSL_VERSION_C)
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 32aad72..87151c9 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -641,7 +641,7 @@
*/
const char *x509_oid_get_description( x509_buf *oid );
-/*
+/**
* \brief Give an OID, return a string version of its OID number.
*
* \param buf Buffer to write to
@@ -680,7 +680,7 @@
* (void *parameter, x509_cert *crt, int certificate_depth,
* int *flags). With the flags representing current flags for
* that specific certificate and the certificate depth from
- * the top (Trust CA depth = 0).
+ * the bottom (Peer cert depth = 0).
*
* All flags left after returning from the callback
* are also returned to the application. The function should
diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h
index e2adb87..0db7bc8 100644
--- a/include/polarssl/xtea.h
+++ b/include/polarssl/xtea.h
@@ -97,7 +97,7 @@
unsigned char *input,
unsigned char *output);
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 9995859..640cf82 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -57,7 +57,7 @@
else(NOT USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl SHARED ${src})
-set_target_properties(polarssl PROPERTIES VERSION 1.2.0 SOVERSION 2)
+set_target_properties(polarssl PROPERTIES VERSION 1.2.1 SOVERSION 2)
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index 7983f7b..603f5d1 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -18,7 +18,9 @@
# CFLAGS += -D_BSD_EXTENSION
# To compile as a shared library:
-# CFLAGS += -fPIC
+ifdef SHARED
+CFLAGS += -fPIC
+endif
SONAME=libpolarssl.so.0
@@ -51,7 +53,11 @@
.SILENT:
+ifndef SHARED
all: static
+else
+all: shared
+endif
static: libpolarssl.a
diff --git a/library/bignum.c b/library/bignum.c
index f2a49ec..23feb6a 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1195,9 +1195,9 @@
if( R != NULL )
{
mpi_shift_r( &X, k );
+ X.s = A->s;
mpi_copy( R, &X );
- R->s = A->s;
if( mpi_cmp_int( R, 0 ) == 0 )
R->s = 1;
}
@@ -1212,10 +1212,6 @@
/*
* Division by int: A = Q * b + R
- *
- * Returns 0 if successful
- * 1 if memory allocation failed
- * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
*/
int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b )
{
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 1de7f05..8cf0371 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -194,7 +194,7 @@
/*
* Increase counter
*/
- for( i = CTR_DRBG_BLOCKSIZE; i >= 0; i-- )
+ for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
break;
diff --git a/library/error.c b/library/error.c
index a5eaaba..03abc32 100644
--- a/library/error.c
+++ b/library/error.c
@@ -1,7 +1,7 @@
/*
* Error message information
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -553,4 +553,4 @@
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
-#endif /* POLARSSL_VERBOSE_ERROR */
+#endif /* POLARSSL_ERROR_C */
diff --git a/library/pkcs11.c b/library/pkcs11.c
index b71415a..b68d688 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -115,7 +115,7 @@
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- unsigned int output_max_len )
+ size_t output_max_len )
{
size_t input_len, output_len;
diff --git a/library/rsa.c b/library/rsa.c
index 191bfe8..637c23a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -794,6 +794,9 @@
hlen = md_get_size( md_info );
slen = hlen;
+ if( olen < hlen + slen + 2 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
memset( sig, 0, olen );
memset( &md_ctx, 0, sizeof( md_context_t ) );
diff --git a/library/x509parse.c b/library/x509parse.c
index d7bfc05..e54e0b7 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2984,8 +2984,6 @@
/*
* Wrapper for x509 hashes.
- *
- * \param out Buffer to receive the hash (Should be at least 64 bytes)
*/
static void x509_hash( const unsigned char *in, size_t len, int alg,
unsigned char *out )
@@ -3116,12 +3114,12 @@
static int x509parse_verify_top(
x509_cert *child, x509_cert *trust_ca,
- x509_crl *ca_crl, int *path_cnt, int *flags,
+ x509_crl *ca_crl, int path_cnt, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy )
{
int hash_id, ret;
- int ca_flags = 0;
+ int ca_flags = 0, check_path_cnt = path_cnt + 1;
unsigned char hash[64];
if( x509parse_time_expired( &child->valid_to ) )
@@ -3143,8 +3141,19 @@
continue;
}
+ /*
+ * Reduce path_len to check against if top of the chain is
+ * the same as the trusted CA
+ */
+ if( child->subject_raw.len == trust_ca->subject_raw.len &&
+ memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+ child->issuer_raw.len ) == 0 )
+ {
+ check_path_cnt--;
+ }
+
if( trust_ca->max_pathlen > 0 &&
- trust_ca->max_pathlen < *path_cnt )
+ trust_ca->max_pathlen < check_path_cnt )
{
trust_ca = trust_ca->next;
continue;
@@ -3168,7 +3177,13 @@
break;
}
- if( trust_ca != NULL )
+ /*
+ * If top of chain is not the same as the trusted CA
+ */
+ if( trust_ca != NULL &&
+ ( child->subject_raw.len != trust_ca->subject_raw.len ||
+ memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+ child->issuer_raw.len ) != 0 ) )
{
/* Check trusted CA's CRL for then chain's top crt */
*flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
@@ -3188,7 +3203,7 @@
if( NULL != f_vrfy )
{
- if( ( ret = f_vrfy( p_vrfy, trust_ca, 0, &ca_flags ) ) != 0 )
+ if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
return( ret );
}
}
@@ -3196,12 +3211,10 @@
/* Call callback on top cert */
if( NULL != f_vrfy )
{
- if( ( ret = f_vrfy(p_vrfy, child, 1, flags ) ) != 0 )
+ if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
return( ret );
}
- *path_cnt = 2;
-
*flags |= ca_flags;
return( 0 );
@@ -3209,7 +3222,7 @@
static int x509parse_verify_child(
x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
- x509_crl *ca_crl, int *path_cnt, int *flags,
+ x509_crl *ca_crl, int path_cnt, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy )
{
@@ -3248,28 +3261,26 @@
break;
}
- (*path_cnt)++;
if( grandparent != NULL )
{
/*
* Part of the chain
*/
- ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
+ ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
- ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
+ ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
/* child is verified to be a child of the parent, call verify callback */
if( NULL != f_vrfy )
- if( ( ret = f_vrfy( p_vrfy, child, *path_cnt, flags ) ) != 0 )
+ if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
return( ret );
- (*path_cnt)++;
*flags |= parent_flags;
@@ -3288,7 +3299,7 @@
{
size_t cn_len;
int ret;
- int pathlen = 1;
+ int pathlen = 0;
x509_cert *parent;
x509_name *name;
x509_sequence *cur = NULL;
@@ -3370,13 +3381,13 @@
/*
* Part of the chain
*/
- ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
+ ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
- ret = x509parse_verify_top( crt, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
+ ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
diff --git a/library/x509write.c b/library/x509write.c
index 400ffa0..9f5a910 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -146,8 +146,6 @@
/*
* Wrapper for x509 hashes.
- *
- * \param out Buffer to receive the hash (Should be at least 64 bytes)
*/
static void x509_hash( const unsigned char *in, size_t len, int alg,
unsigned char *out )
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a0610b3..2fb0c85 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -298,6 +298,7 @@
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
+ ssl_free( &ssl );
goto exit;
}
}
@@ -313,12 +314,14 @@
if( ret == -1 )
{
printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
+ ssl_free( &ssl );
goto exit;
}
printf( "%s\n", buf );
ssl_close_notify( &ssl );
+ ssl_free( &ssl );
}
else
goto usage;
@@ -329,7 +332,6 @@
net_close( server_fd );
x509_free( &clicert );
rsa_free( &rsa );
- ssl_free( &ssl );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
diff --git a/scripts/check_doxy_blocks.pl b/scripts/check_doxy_blocks.pl
new file mode 100644
index 0000000..c90143b
--- /dev/null
+++ b/scripts/check_doxy_blocks.pl
@@ -0,0 +1,57 @@
+#!/usr/bin/perl
+
+# Detect comment blocks that are likely meant to be doxygen blocks but aren't.
+#
+# More precisely, look for normal comment block containing '\'.
+# Of course one could use doxygen warnings, eg with:
+# sed -e '/EXTRACT/s/YES/NO/' doxygen/polarssl.doxyfile | doxygen -
+# but that would warn about any undocumented item, while our goal is to find
+# items that are documented, but not marked as such by mistake.
+
+use warnings;
+use strict;
+use File::Basename;
+
+# header files in the following directories will be checked
+my @directories = qw(include/polarssl library doxygen/input);
+
+# very naive pattern to find directives:
+# everything with a backslach except '\0'
+my $doxy_re = qr/\\(?!0)/;
+
+sub check_file {
+ my ($fname) = @_;
+ open my $fh, '<', $fname or die "Failed to open '$fname': $!\n";
+
+ # first line of the last normal comment block,
+ # or 0 if not in a normal comment block
+ my $block_start = 0;
+ while (my $line = <$fh>) {
+ $block_start = $. if $line =~ m/\/\*(?![*!])/;
+ $block_start = 0 if $line =~ m/\*\//;
+ if ($block_start and $line =~ m/$doxy_re/) {
+ print "$fname:$block_start: directive on line $.\n";
+ $block_start = 0; # report only one directive per block
+ }
+ }
+
+ close $fh;
+}
+
+sub check_dir {
+ my ($dirname) = @_;
+ for my $file (<$dirname/*.[ch]>) {
+ check_file($file);
+ }
+}
+
+# locate root directory based on invocation name
+my $root = dirname($0) . '/..';
+chdir $root or die "Can't chdir to '$root': $!\n";
+
+# just do it
+for my $dir (@directories) {
+ check_dir($dir)
+}
+
+__END__
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index 9f83681..535effc 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -1,7 +1,7 @@
/*
* Error message information
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -86,4 +86,4 @@
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
-#endif /* POLARSSL_VERBOSE_ERROR */
+#endif /* POLARSSL_ERROR_C */
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 1b328c4..6635392 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -514,21 +514,21 @@
BEGIN_CASE
mpi_mod_mpi:radix_X:input_X:radix_Y:input_Y:radix_A:input_A:div_result
{
- mpi X, Y, Z, A;
+ mpi X, Y, A;
int res;
- mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); mpi_init( &A );
+ mpi_init( &X ); mpi_init( &Y ); mpi_init( &A );
TEST_ASSERT( mpi_read_string( &X, {radix_X}, {input_X} ) == 0 );
TEST_ASSERT( mpi_read_string( &Y, {radix_Y}, {input_Y} ) == 0 );
TEST_ASSERT( mpi_read_string( &A, {radix_A}, {input_A} ) == 0 );
- res = mpi_mod_mpi( &Z, &X, &Y );
+ res = mpi_mod_mpi( &X, &X, &Y );
TEST_ASSERT( res == {div_result} );
if( res == 0 )
{
- TEST_ASSERT( mpi_cmp_mpi( &Z, &A ) == 0 );
+ TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 );
}
- mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z ); mpi_free( &A );
+ mpi_free( &X ); mpi_free( &Y ); mpi_free( &A );
}
END_CASE
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index d5c85c6..8812c9e 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -1,6 +1,12 @@
RSAES-OAEP Encryption Test Vector Int
pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
+RSAES-OAEP Encryption Test Vector Data just fits
+pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd":"aafd12f659cae63489b479e5076ddec2f06cb58f":"3082f2288fff275213d53168f0a272573cff81837c249dc1f380a12ac124c8f217b700708a1ce7dce154265f31a126ebdd9ed3ef9145ae29124a25f4e65aa52c5a9ff34f6cf4de9ba937ae406dc7d1f277af4f6fb7ea73bfbab2bd397b6b2c53570e173ffcf3b9f0bb96837623a4f87bd81b41446c59e681a2f3da81239e9bdf":0
+
+RSAES-OAEP Encryption Test Vector Data too long
+pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":POLARSSL_ERR_RSA_BAD_INPUT_DATA
+
RSAES-OAEP Encryption Test Vector 1_1
pkcs1_rsaes_oaep_encrypt:1024:16:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":16:"010001":POLARSSL_MD_SHA1:"6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34":"18b776ea21069d69776a33e96bad48e1dda0a5ef":"354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a":0
@@ -370,6 +376,9 @@
RSASSA-PSS Verification Test Vector Int
pkcs1_rsassa_pss_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
+RSASSA-PSS Signing Test Vector Hash too large
+pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":POLARSSL_ERR_RSA_BAD_INPUT_DATA
+
RSASSA-PSS Signature Example 1_1
pkcs1_rsassa_pss_sign:1024:16:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":16:"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":16:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA1:"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index b6baca3..c795cf9 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,5 +1,5 @@
Check compiletime library version
-check_compiletime_version:"1.2.0"
+check_compiletime_version:"1.2.1"
Check runtime library version
-check_runtime_version:"1.2.0"
+check_runtime_version:"1.2.1"