diff --git a/.github/issue_template.md b/.github/issue_template.md old mode 100755 new mode 100644 diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md old mode 100755 new mode 100644 diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/.globalrc b/.globalrc old mode 100755 new mode 100644 diff --git a/.pylintrc b/.pylintrc index 168e0b75902c48ed6fc721ba1a6025889abf82f0..08c114ad9d3d27c86f8e6ade618fed95c5e45f5f 100755 --- a/.pylintrc +++ b/.pylintrc @@ -40,7 +40,27 @@ max-attributes=15 max-module-lines=2000 [MESSAGES CONTROL] -disable= +# * locally-disabled, locally-enabled: If we disable or enable a message +# locally, it's by design. There's no need to clutter the Pylint output +# with this information. +# * logging-format-interpolation: Pylint warns about things like +# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. +# This is of minor utility (mainly a performance gain when there are +# many messages that use formatting and are below the log level). +# Some versions of Pylint (including 1.8, which is the version on +# Ubuntu 18.04) only recognize old-style format strings using '%', +# and complain about something like ``log.info('{}', foo)`` with +# logging-too-many-args (Pylint supports new-style formatting if +# declared globally with logging_format_style under [LOGGING] but +# this requires Pylint >=2.2). +# * no-else-return: Allow the perfectly reasonable idiom +# if condition1: +# return value1 +# else: +# return value2 +# * unnecessary-pass: If we take the trouble of adding a line with "pass", +# it's because we think the code is clearer that way. +disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass [REPORTS] # Don't diplay statistics. Just the facts. diff --git a/.travis.yml b/.travis.yml index c45d4081d024c5fa7850f7b069127908b79c74ba..8789c444b496bab3f31da72ac7ae6d90672fb93c 100755 --- a/.travis.yml +++ b/.travis.yml @@ -1,48 +1,64 @@ language: c -compiler: -- clang -- gcc +compiler: gcc sudo: false cache: ccache -# blocklist -branches: - except: - - development-psa - - coverity_scan - -script: -- tests/scripts/recursion.pl library/*.c -- tests/scripts/check-generated-files.sh -- tests/scripts/check-doxy-blocks.pl -- tests/scripts/check-names.sh -- tests/scripts/check-files.py -- tests/scripts/doxygen.sh -- cmake -D CMAKE_BUILD_TYPE:String="Check" . -- make -- make test -- programs/test/selftest -- OSSL_NO_DTLS=1 tests/compat.sh -- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' -- tests/scripts/test-ref-configs.pl -- tests/scripts/curves.pl -- tests/scripts/key-exchanges.pl +jobs: + include: + - name: basic checks and reference configurations + addons: + apt: + packages: + - gnutls-bin + - doxygen + - graphviz + - gcc-arm-none-eabi + - libnewlib-arm-none-eabi + language: python # Needed to get pip for Python 3 + python: 3.5 # version from Ubuntu 16.04 + install: + - pip install pylint==2.4.4 + script: + - tests/scripts/all.sh -k 'check_*' + - tests/scripts/all.sh -k test_default_out_of_box + - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus + + - name: full configuration + script: + - tests/scripts/all.sh -k test_full_cmake_gcc_asan + + - name: check compilation guards + script: + - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' + + - name: macOS + os: osx + compiler: clang + script: + - tests/scripts/all.sh -k test_default_out_of_box + + - name: Windows + os: windows + script: + - scripts/windows_msbuild.bat v141 # Visual Studio 2017 + after_failure: - tests/scripts/travis-log-failure.sh + env: global: - SEED=1 - - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" + - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg=" addons: apt: packages: - - doxygen - - graphviz + - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" - notification_email: simon.butcher@arm.com + notification_email: support-mbedtls@arm.com build_command_prepend: build_command: make branch_pattern: coverity_scan diff --git a/BUILD.gn b/BUILD.gn index b409bb710509ba905ec38535c40502dd9ab6fec8..ae84926dd9c4a68a0b7de2c9d9ad514ce5fb98c8 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -1,120 +1,151 @@ -# -# Copyright (c) 2020 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -import("//build/lite/config/component/lite_component.gni") -import("//build/lite/ndk/ndk.gni") - -config("mbedtls_config") { - include_dirs = [ - "./include", - ] -} - -mbedtls_sources = [ - "library/aes.c", - "library/aesni.c", - "library/arc4.c", - "library/aria.c", - "library/asn1parse.c", - "library/asn1write.c", - "library/base64.c", - "library/bignum.c", - "library/blowfish.c", - "library/camellia.c", - "library/ccm.c", - "library/chacha20.c", - "library/chachapoly.c", - "library/cipher.c", - "library/cipher_wrap.c", - "library/cmac.c", - "library/ctr_drbg.c", - "library/des.c", - "library/dhm.c", - "library/ecdh.c", - "library/ecdsa.c", - "library/ecjpake.c", - "library/ecp.c", - "library/ecp_curves.c", - "library/entropy.c", - "library/entropy_poll.c", - "library/error.c", - "library/gcm.c", - "library/havege.c", - "library/hkdf.c", - "library/hmac_drbg.c", - "library/md.c", - "library/md_wrap.c", - "library/md2.c", - "library/md4.c", - "library/md5.c", - "library/memory_buffer_alloc.c", - "library/nist_kw.c", - "library/oid.c", - "library/padlock.c", - "library/pem.c", - "library/pk.c", - "library/pk_wrap.c", - "library/pkcs12.c", - "library/pkcs5.c", - "library/pkparse.c", - "library/pkwrite.c", - "library/platform.c", - "library/platform_util.c", - "library/poly1305.c", - "library/ripemd160.c", - "library/rsa.c", - "library/rsa_internal.c", - "library/sha1.c", - "library/sha256.c", - "library/sha512.c", - "library/threading.c", - "library/timing.c", - "library/version.c", - "library/version_features.c", - "library/x509.c", - "library/x509_crt.c", - "library/x509_crl.c", - "library/xtea.c", -] - -shared_library("mbedtls_shared") { - sources = mbedtls_sources - output_name = "mbedtls_shared" - public_configs = [ - ":mbedtls_config", - ] -} - -static_library("mbedtls_static") { - sources = mbedtls_sources - output_name = "mbedtls_static" - public_configs = [ - ":mbedtls_config", - ] -} - -group("mbedtls") { - deps = [ ":mbedtls_shared" ] -} - -ndk_lib("mbedtls_ndk") { - lib_extension = ".so" - deps = [ - ":mbedtls" - ] - head_files = [ - "include" - ] -} +# +# Copyright (c) 2020 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import("//build/lite/config/component/lite_component.gni") +import("//build/lite/ndk/ndk.gni") + +mbedtls_sources = [] +mbedtls_sources += [ + "library/aes.c", + "library/aesni.c", + "library/arc4.c", + "library/aria.c", + "library/asn1parse.c", + "library/asn1write.c", + "library/base64.c", + "library/bignum.c", + "library/blowfish.c", + "library/camellia.c", + "library/ccm.c", + "library/chacha20.c", + "library/chachapoly.c", + "library/cipher.c", + "library/cipher_wrap.c", + "library/cmac.c", + "library/ctr_drbg.c", + "library/des.c", + "library/dhm.c", + "library/ecdh.c", + "library/ecdsa.c", + "library/ecjpake.c", + "library/ecp.c", + "library/ecp_curves.c", + "library/entropy.c", + "library/entropy_poll.c", + "library/error.c", + "library/gcm.c", + "library/havege.c", + "library/hkdf.c", + "library/hmac_drbg.c", + "library/md.c", + "library/md2.c", + "library/md4.c", + "library/md5.c", + "library/md_wrap.c", + "library/memory_buffer_alloc.c", + "library/net_sockets.c", + "library/nist_kw.c", + "library/oid.c", + "library/padlock.c", + "library/pem.c", + "library/pk.c", + "library/pk_wrap.c", + "library/pkcs12.c", + "library/pkcs5.c", + "library/pkparse.c", + "library/pkwrite.c", + "library/platform.c", + "library/platform_util.c", + "library/poly1305.c", + "library/ripemd160.c", + "library/rsa.c", + "library/rsa_internal.c", + "library/sha1.c", + "library/sha256.c", + "library/sha512.c", + "library/ssl_ciphersuites.c", + "library/ssl_cli.c", + "library/ssl_tls.c", + "library/threading.c", + "library/timing.c", + "library/version.c", + "library/version_features.c", + "library/x509.c", + "library/x509_crl.c", + "library/x509_crt.c", + "library/xtea.c", +] + +config("mbedtls_config") { + include_dirs = [ "./include" ] +} + +shared_library("mbedtls_shared") { + sources = mbedtls_sources + output_name = "mbedtls" + public_configs = [ ":mbedtls_config" ] +} + +static_library("mbedtls_static") { + sources = mbedtls_sources + output_name = "mbedtls" + public_configs = [ ":mbedtls_config" ] +} + +group("mbedtls") { + deps = [ ":mbedtls_shared" ] +} + +ndk_lib("mbedtls_ndk") { + lib_extension = ".so" + deps = [ ":mbedtls" ] + head_files = [ "include" ] +} + +# for test: test profile +if (ohos_build_type == "debug") { + config("mbedtls_profile_test") { + include_dirs = [ + "./include", + "./configs", # The directory where the custom configuration file is + # located + ] + defines = [ "MBEDTLS_CONFIG_FILE=" ] + ldflags = [ + "-s", + "-w", + ] + } + + mbedtls_sources += [ + "library/certs.c", + "library/debug.c", + "library/pkcs11.c", + "library/ssl_cache.c", + "library/ssl_cookie.c", + "library/ssl_srv.c", + "library/ssl_ticket.c", + "library/x509_create.c", + "library/x509_csr.c", + "library/x509write_crt.c", + "library/x509write_csr.c", + ] + + static_library("mbedtls_gt") { + sources = mbedtls_sources + output_name = "mbedtls_gt" + public_configs = [ ":mbedtls_profile_test" ] + } +} diff --git a/CMakeLists.txt b/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c1ae452e21c3f9ee4693f8e10b5b7ab01fe1c912..9b02ba56c8d0fbde4cc2dd8bbc8cd1ecedc46445 100755 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ Coding Standards Making a Contribution --------------------- -1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. +1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug. 1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. 1. Write a test which shows that the bug was fixed or that the feature works as expected. 1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) @@ -79,4 +79,4 @@ Mbed TLS is well documented, but if you think documentation is needed, speak out 1. Complex parts in the code should include comments. 1. If needed, a Readme file is advised. 1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description. -1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution. +1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution. diff --git a/COPYRIGHT.OpenSource b/COPYRIGHT.OpenSource new file mode 100755 index 0000000000000000000000000000000000000000..c4c5da77164aa0e838ee0d68e0bcc53a25098529 --- /dev/null +++ b/COPYRIGHT.OpenSource @@ -0,0 +1 @@ +Copyright The Mbed TLS Contributors diff --git a/ChangeLog b/ChangeLog index 96fa9f334ecd0e00a8a6e977b5100f020fe64776..c68bd1b65b79c8d09f15b42b3a41067170e57b96 100755 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,122 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.16.8 branch released 2020-09-01 + +Features + * Support building on e2k (Elbrus) architecture: correctly enable + -Wformat-signedness, and fix the code that causes signed-one-bit-field + and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) + . + +Security + * When checking X.509 CRLs, a certificate was only considered as revoked if + its revocationDate was in the past according to the local clock if + available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, + certificates were never considered as revoked. On builds with + MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for + example, an untrusted OS attacking a secure enclave) could prevent + revocation of certificates via CRLs. Fixed by no longer checking the + revocationDate field, in accordance with RFC 5280. Reported by + yuemonangong in #3340. Reported independently and fixed by + Raoul Strackx and Jethro Beekman in #3433. + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even + if they have access to fine-grained measurements. In particular, this + fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, + Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). + * Fix side channel in RSA private key operations and static (finite-field) + Diffie-Hellman. An adversary with precise enough timing and memory access + information (typically an untrusted operating system attacking a secure + enclave) could bypass an existing counter-measure (base blinding) and + potentially fully recover the private key. + * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). + Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine + for pinpointing the problematic code. + * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused + application data from memory. Reported in #689 by + Johan Uppman Bruce of Sectra. + +Bugfix + * Avoid use of statically sized stack buffers for certificate writing. + This previously limited the maximum size of DER encoded certificates + in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631. + * Reduce the stack consumption of mbedtls_x509write_csr_der() which + previously could lead to stack overflow on constrained devices. + Contributed by Doru Gucea and Simon Leet in #3464. + * Use arc4random_buf on NetBSD instead of rand implementation with cyclical + lower bits. Fix contributed in #3540. + * Fix building library/net_sockets.c and the ssl_mail_client program on + NetBSD. NetBSD conditionals were added for the backport to avoid the risk + of breaking a platform. Original fix contributed by Nia Alarie in #3422. + Adapted for long-term support branch 2.16 in #3558. + * Fix bug in redirection of unit test outputs on platforms where stdout is + defined as a macro. First reported in #2311 and fix contributed in #3528. + Adopted for LTS branch 2.16 in #3601. + +Changes + * Update copyright notices to use Linux Foundation guidance. As a result, + the copyright of contributors other than Arm is now acknowledged, and the + years of publishing are no longer tracked in the source files. This also + eliminates the need for the lines declaring the files to be part of + MbedTLS. Fixes #3457. + += mbed TLS 2.16.7 branch released 2020-07-01 + +Security + * Fix a side channel vulnerability in modular exponentiation that could + reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, + Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute + of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul + Strackx (Fortanix) in #3394. + * Fix side channel in mbedtls_ecp_check_pub_priv() and + mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a + private key that didn't include the uncompressed public key), as well as + mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL + f_rng argument. An attacker with access to precise enough timing and + memory access information (typically an untrusted operating system + attacking a secure enclave) could fully recover the ECC private key. + Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. + * Fix issue in Lucky 13 counter-measure that could make it ineffective when + hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT + macros). This would cause the original Lucky 13 attack to be possible in + those configurations, allowing an active network attacker to recover + plaintext after repeated timing measurements under some conditions. + Reported and fix suggested by Luc Perneel in #3246. + +Bugfix + * Fix the Visual Studio Release x64 build configuration for mbedtls itself. + Completes a previous fix in Mbed TLS 2.16.3 that only fixed the build for + the example programs. Reported in #1430 and fix contributed by irwir. + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3197 + * Include asn1.h in error.c. Fixes #3328 reported by David Hu. + * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() + when PRNG function fails. Contributed by Jonas Lejeune in #3318. + * Add additional bounds checks in ssl_write_client_hello() preventing + output buffer overflow if the configuration declared a buffer that was + too small. + +Changes + * Unify the example programs termination to call mbedtls_exit() instead of + using a return command. This has been done to enable customization of the + behavior in bare metal environments. + * Abort the ClientHello writing function as soon as some extension doesn't + fit into the record buffer. Previously, such extensions were silently + dropped. As a consequence, the TLS handshake now fails when the output + buffer is not large enough to hold the ClientHello. + * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on + `MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or + `MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels + are not a concern, this dependency can be avoided by enabling the new + option `MBEDTLS_ECP_NO_INTERNAL_RNG`. + = mbed TLS 2.16.6 branch released 2020-04-14 Security diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md new file mode 100755 index 0000000000000000000000000000000000000000..b559e2336cbe198f4f7eabcca525a37ee77f7030 --- /dev/null +++ b/ChangeLog.d/00README.md @@ -0,0 +1,67 @@ +# Pending changelog entry directory + +This directory contains changelog entries that have not yet been merged +to the changelog file ([`../ChangeLog`](../ChangeLog)). + +## Changelog entry file format + +A changelog entry file must have the extension `*.txt` and must have the +following format: + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Security + * Change description. + * Another change description. + +Features + * Yet another change description. This is a long change description that + spans multiple lines. + * Yet again another change description. + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The permitted changelog entry categories are as follows: + + + API changes + Default behavior changes + Requirement changes + New deprecations + Removals + Features + Security + Bugfix + Changes + +Use “Changes” for anything that doesn't fit in the other categories, such as +performance, documentation and test improvements. + +## How to write a changelog entry + +Each entry starts with three spaces, an asterisk and a space. Continuation +lines start with 5 spaces. Lines wrap at 79 characters. + +Write full English sentences with proper capitalization and punctuation. Use +the present tense. Use the imperative where applicable. For example: “Fix a +bug in mbedtls_xxx() ….” + +Include GitHub issue numbers where relevant. Use the format “#1234” for an +Mbed TLS issue. Add other external references such as CVE numbers where +applicable. + +Credit the author of the contribution if the contribution is not a member of +the Mbed TLS development team. Also credit bug reporters where applicable. + +**Explain why, not how**. Remember that the audience is the users of the +library, not its developers. In particular, for a bug fix, explain the +consequences of the bug, not how the bug was fixed. For a new feature, explain +why one might be interested in the feature. For an API change or a deprecation, +explain how to update existing applications. + +See [existing entries](../ChangeLog) for examples. + +## How `ChangeLog` is updated + +Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py) +from a Git working copy +to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file. diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl old mode 100755 new mode 100644 diff --git a/LICENSE b/LICENSE index 546a8e631f5baffec4fd135439b9ffb198f8b6c7..e15ea821d279c3249de82aca8ba3762cd5a86e33 100755 --- a/LICENSE +++ b/LICENSE @@ -1,2 +1,5 @@ -Unless specifically indicated otherwise in a file, files are licensed -under the Apache 2.0 license, as can be found in: apache-2.0.txt +Unless specifically indicated otherwise in a file, Mbed TLS files are provided +under the Apache License 2.0, or the GNU General Public License v2.0 or later +(SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later). + +A copy of these licenses can be found in apache-2.0.txt and gpl-2.0.txt diff --git a/Makefile b/Makefile index 0a9640fc38ece5af1667af7ff0c650bdbb1afc21..24d529a5474f04eb2fb062bcb700f6688175cdf5 100755 --- a/Makefile +++ b/Makefile @@ -106,11 +106,11 @@ covtest: lcov: rm -rf Coverage lcov --capture --initial --directory library -o files.info - lcov --capture --directory library -o tests.info - lcov --add-tracefile files.info --add-tracefile tests.info -o all.info - lcov --remove all.info -o final.info '*.h' + lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info + lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info + lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h' gendesc tests/Descriptions.txt -o descriptions - genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info + genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info rm -f files.info tests.info all.info final.info descriptions apidoc: diff --git a/README.OpenSource b/README.OpenSource new file mode 100755 index 0000000000000000000000000000000000000000..ebd4bbc909fa15c32872621ad710e8aa34d42335 --- /dev/null +++ b/README.OpenSource @@ -0,0 +1,12 @@ +[ + { + "Name": "mbed TLS", + "License": "Apache License V2.0; GPL V2.0", + "License File": "LICENSE", + "Version Number": "2.16.8", + "Owner": "shituanhui@huawei.com", + "Upstream URL": "https://tls.mbed.org/", + "Description": "An open source, portable, easy to use, readable and flexible SSL library." + } +] + diff --git a/README.md b/README.md index a44b6354dcb2572b1f6921467c5546f8fbb1fc05..11f9ba40afd17a2994618f368d08fb36e86eb35b 100755 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ Mbed TLS can be ported to many different architectures, OS's and platforms. Befo License ------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See [here](./apache-2.0.txt) for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. A copy of these licenses can be found in [apache-2.0.txt](./apache-2.0.txt) and [gpl-2.0.txt](./gpl-2.0.txt). Contributors must accept that their contributions are made under both the Apache-2.0 AND GPL-2.0-or-later licenses. Contributing ------------ diff --git a/apache-2.0.txt b/apache-2.0.txt old mode 100755 new mode 100644 diff --git a/configs/README.txt b/configs/README.txt old mode 100755 new mode 100644 diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index c9b58dd538eb59e583784d0d4015bb56431da460..f3929aef092ea0488c1923e0b930fe10f54d6839 100755 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -4,8 +4,14 @@ * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h index 013bc0300d5e4ed35d8cae3455783f4536cc92c7..c235e3c04d9743bc9872d0f1f96591f72118f851 100755 --- a/configs/config-mini-tls1_1.h +++ b/configs/config-mini-tls1_1.h @@ -4,8 +4,14 @@ * \brief Minimal configuration for TLS 1.1 (RFC 4346) */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 7d34ad52ecc0dc6026d7dde0ed544f06d66bf11f..54e2f6c134d184679da732cfababc74450d49534 100755 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -4,8 +4,14 @@ * \brief Minimal configuration of features that do not require an entropy source */ /* - * Copyright (C) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Minimal configuration of features that do not require an entropy source diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 18e2c4036995f406827e5029109b9f213b59a59b..897c4d633b46ba85a786d7010b1fbcae36a95e69 100755 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -4,8 +4,14 @@ * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) diff --git a/configs/config-thread.h b/configs/config-thread.h index 25db16bf0f8487f6c0f44412e3d5cd18d574292f..4c18f6a169a24bee9590951efc9dea583e1c853b 100755 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -4,8 +4,14 @@ * \brief Minimal configuration for using TLS as part of Thread */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/configs/config_rsa_aes_cbc.h b/configs/config_rsa_aes_cbc.h new file mode 100644 index 0000000000000000000000000000000000000000..77e754a614d7280c834ba2bb51592e4ad0d2fb9e --- /dev/null +++ b/configs/config_rsa_aes_cbc.h @@ -0,0 +1,87 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +#define MBEDTLS_CONFIG_FILE_NO 4 + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_CIPHER_MODE_CBC + +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C + +#define MBEDTLS_RSA_C +#define MBEDTLS_PKCS1_V15 + + +/* For test certificates */ +#define MBEDTLS_BASE64_C +#define MBEDTLS_PEM_PARSE_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_MPI_MAX_SIZE 512 // 4096 bits is 512 bytes + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, \ + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See coments in "mbedtls/ssl.h".) + * The minimum size here depends on the certificate chain used as well as the + * typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/dco.txt b/dco.txt old mode 100755 new mode 100644 diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index b1281cb63f9814837b6bfe01ffe3be6e236325db..81b1b9146229925a00c1a160651603a6c2b7ff44 100755 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index e54b28e5607d9c2757d6b1d487729d4215c6a7a4..7de2957bae2ea93f02e5d6597e84bd22b4e1fba3 100755 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index db5bb49ce1dbba4210a06892be2b918bb1f68463..acd8be1f7d0764ea255fd4e6337be87931aad74a 100755 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,11 +26,30 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** - * @mainpage mbed TLS v2.16.6 source code documentation + * @mainpage mbed TLS v2.16.8 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h index 0f212e040c8110f1639a1378c2feed3c4f53bea4..44c4204af44703aac8b9315f923b667c10871158 100755 --- a/doxygen/input/doc_rng.h +++ b/doxygen/input/doc_rng.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h index 4addfb38e58382f400e0bc9ff5fc72aaf21be310..1db44c2a6523dc84f9a7d2605f677203833702c3 100755 --- a/doxygen/input/doc_ssltls.h +++ b/doxygen/input/doc_ssltls.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h index 95f458601245160296983940093cfe4af37e2796..a08960113f0c4bce1109a14f37fd800366ae4611 100755 --- a/doxygen/input/doc_tcpip.h +++ b/doxygen/input/doc_tcpip.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h index 9b52569bbb2793e798fba17a1bc91ce1d2df7568..1f9f8e02dc0658784114c78d60168288e2da3c77 100755 --- a/doxygen/input/doc_x509.h +++ b/doxygen/input/doc_x509.h @@ -5,8 +5,14 @@ */ /* * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /** diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 1edc9ceface7fddf9f1391120d4c3f8bf104f841..45398b70c9568302a08e90924bd15ce39412a0cc 100755 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.16.6" +PROJECT_NAME = "mbed TLS v2.16.8" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/gpl-2.0.txt b/gpl-2.0.txt new file mode 100755 index 0000000000000000000000000000000000000000..d159169d1050894d3ea3b98e1c965c4058208fe1 --- /dev/null +++ b/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/include/.gitignore b/include/.gitignore old mode 100755 new mode 100644 diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 94e7282d36d0f515236550e31b6de25b808f0280..4468b6623ac2a10b67353a4341d6e3e48d36181d 100755 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -20,8 +20,15 @@ * . */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0 +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -35,7 +42,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_AES_H diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index a4ca012f8a10d8534c6601025b66f2669ae42ab6..9b63a0010a0bc9221679eac976ed666a8a5c7b94 100755 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -7,8 +7,14 @@ * functions; you must not call them directly. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index fb044d5b7fd33d4a2f8b25192a29ec31b8b6f3be..6334a9cc1e268999f1167cf63b70d506773b2696 100755 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -7,8 +7,14 @@ * security risk. We recommend considering stronger ciphers instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ #ifndef MBEDTLS_ARC4_H diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 1e8956ed13c5955352cf19b35ac537c7fc57d1c1..13763d420037f64b4657e2ee8c880edc4d16612e 100755 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -9,8 +9,15 @@ * Korean, but see http://210.104.33.10/ARIA/index-e.html in English) * and also described by the IETF in RFC 5794. */ -/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -24,7 +31,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ARIA_H diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 96c1c9a8ab217573cd4c3775eb13f8314962532d..0e596bca2cd8026b8a6307fc7a37ce97993485df 100755 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -4,8 +4,14 @@ * \brief Generic ASN.1 parsing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index a194243696ac8254a09d131f0b24f16fb2d748db..3c7cdd6b469f1ec5040b237647285e0ea418dcf1 100755 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -4,8 +4,14 @@ * \brief ASN.1 buffer writing functionality */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 0d024164c5659979f10d373c149fa9526e428c6f..cbed6887ee67ed06266980b3906e43b8ecbe0c0a 100755 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -4,8 +4,14 @@ * \brief RFC 1521 base64 encoding/decoding */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 22b373113edb9bc34cad562b049ce7e863c6a81b..4bb9fa3d435b83469fac8460487aa7f764414584 100755 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -4,8 +4,14 @@ * \brief Multi-precision integer library */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index f01573dcaf8d0fab5e8efbe720e776865ee46513..945bd426a9f0ebdc0c4f3f67a7e63f1be56a816c 100755 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -4,8 +4,14 @@ * \brief Blowfish block cipher */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_BLOWFISH_H #define MBEDTLS_BLOWFISH_H diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 748975ea51225e184af2845950fda35eb0aa1212..9615090f919603f0382d5d999a11a42512ff61a4 100755 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -4,8 +4,14 @@ * \brief Multi-precision integer library */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Multiply source vector [s] with b, add result diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 3eeb66366d68224c0662a3b0dd0ee3bb81e4f747..38871288e4bd4a25d047ecd401d950eb3d817dce 100755 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -4,8 +4,14 @@ * \brief Camellia block cipher */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index f03e3b580eae0c842277fd11cc2b94e98f04ed5a..3dcdc9189470e7d5c9d6d0a23b73d5bf2d6e60fb 100755 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -28,8 +28,14 @@ * consistent with RFC 3610. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -43,7 +49,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CCM_H diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h index 179ebbbad22a3aba4ccf09a930da53a51d124d6c..8472a6f38ce395c36c48c97f770b689e6e490058 100755 --- a/include/mbedtls/certs.h +++ b/include/mbedtls/certs.h @@ -4,8 +4,14 @@ * \brief Sample certificates and DHM parameters for testing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 2ae5e6e5f4ee8ae0967af68a36272bb191412eb7..8c9c2af6ffb72d8c4f7af0ff2690cd9462e010c1 100755 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -12,8 +12,15 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0 +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -27,7 +34,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CHACHA20_H diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 49e615d278fad937d2843039a69a4584ead4e1a6..5f6cb6e03069914003a5f8be45c4dae91cf3e32a 100755 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -12,8 +12,15 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0 +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -27,7 +34,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CHACHAPOLY_H diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 93de091c4db572a11c72cf46cd2de762f8a532db..2bbd7a80ffeca69a426b3d26cf8e150fd5bb92b7 100755 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -4,8 +4,14 @@ * \brief Consistency checks for configuration options */ /* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* @@ -140,6 +165,16 @@ #error "MBEDTLS_ECP_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ECP_C) && !( \ + defined(MBEDTLS_ECP_ALT) || \ + defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_HMAC_DRBG_C) || \ + defined(MBEDTLS_SHA512_C) || \ + defined(MBEDTLS_SHA256_C) || \ + defined(MBEDTLS_ECP_NO_INTERNAL_RNG)) +#error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used" +#endif + #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" #endif @@ -162,6 +197,16 @@ #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#define MBEDTLS_HAS_MEMSAN +#endif +#endif +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) +#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" +#endif +#undef MBEDTLS_HAS_MEMSAN + #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) ) #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites" diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 082a69174159cce9ecdeb7623f2615134c455cce..1f41b528c48cfc7d13ecb3c08cc827a44505602a 100755 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -8,8 +8,14 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CIPHER_H diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index c6def0bef755cf810b4252732488875165839a59..88282ec9d20f299387aacb7fc4e6891a2022fc7b 100755 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -6,8 +6,14 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CIPHER_WRAP_H #define MBEDTLS_CIPHER_WRAP_H diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 9d42b3f209f9c52f0a6a4fcb6d1c0e973d69573c..5a7c9b246f0b701f469b08e5642a42fcff5eabc2 100755 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -7,8 +7,14 @@ * Authentication is defined in RFC-4493: The AES-CMAC Algorithm. */ /* - * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CMAC_H diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index a58b47243d9c954b494c33ec807e7e0b253a8499..45e5a1cf77c98b42afa33aa2fbc7d5fc8a5e0e66 100755 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -7,8 +7,14 @@ * \deprecated Use the new names directly instead */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d37f9aff3a723854b4e72f0fb04cb7d48db6a6fc..4acbadc498695420ce4cd4152872819c79c4ad84 100755 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -8,8 +8,14 @@ * memory footprint. */ /* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CONFIG_H @@ -525,6 +550,42 @@ // #define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT // #define MBEDTLS_ECP_NORMALIZE_MXZ_ALT +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + * + * Enable testing of the constant-flow nature of some sensitive functions with + * clang's MemorySanitizer. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires compiling with clang -fsanitize=memory. The test + * suites can then be run normally. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +// #define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + * + * Enable testing of the constant-flow nature of some sensitive functions with + * valgrind's memcheck tool. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires valgrind headers for building, and is only useful for + * testing if the tests suites are run with valgrind's memcheck. This can be + * done for an individual test suite with 'valgrind ./test_suite_xxx', or when + * using CMake, this can be done for all test suites with 'make memcheck'. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + /** * \def MBEDTLS_TEST_NULL_ENTROPY * @@ -781,6 +842,28 @@ */ #define MBEDTLS_ECP_NIST_OPTIM +/** + * \def MBEDTLS_ECP_NO_INTERNAL_RNG + * + * When this option is disabled, mbedtls_ecp_mul() will make use of an + * internal RNG when called with a NULL \c f_rng argument, in order to protect + * against some side-channel attacks. + * + * This protection introduces a dependency of the ECP module on one of the + * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very + * constrained applications that don't require this protection (for example, + * because you're only doing signature verification, so not manipulating any + * secret, or because local/physical side-channel attacks are outside your + * threat model), it might be desirable to get rid of that dependency. + * + * \warning Enabling this option makes some uses of ECP vulnerable to some + * side-channel attacks. Only enable it if you know that's not a problem for + * your use case. + * + * Uncomment this macro to disable some counter-measures in ECP. + */ +//#define MBEDTLS_ECP_NO_INTERNAL_RNG + /** * \def MBEDTLS_ECP_RESTARTABLE * @@ -3077,8 +3160,8 @@ /* Platform options */ // #define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ - #define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ - #define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ +#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ // #define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ // #define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ // #define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index e0b5ed9c937d76d615c43363783d9edc73ba61f5..7e5f2e5769ba47f3cc11016af00fbfa159972068 100755 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -38,8 +38,14 @@ * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time. */ /* - * Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -53,7 +59,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CTR_DRBG_H diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 736444bb76a995d9a8e955938f4e60892015d634..abc2d4f07ca04f252214ab8d300052bf0677f83c 100755 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -4,8 +4,14 @@ * \brief Functions for controlling and providing debug output from the library. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_DEBUG_H #define MBEDTLS_DEBUG_H diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 54e6b7894b6f9ec1b3eb5823f16cca347754084d..ee24f659459e415300e904e83db29a81430b4191 100755 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -8,8 +8,14 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ #ifndef MBEDTLS_DES_H diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 2909f5fbc8e8aeb46a4811deed9c6d93339c211f..11042efb556b31519b3ddaf28733275d960f453d 100755 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -44,8 +44,14 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -59,7 +65,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_DHM_H diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 4479a1d46fb3169895c4a3879a4434c19b116c77..b9324bc496434d49b266193119a04a59db33fcc5 100755 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -13,8 +13,14 @@ * Cryptography. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -28,7 +34,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ECDH_H diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 932acc6d14191ce3882ac634da1bdedd5f3a6454..da02b2786435a79efb4ef4b8d9048a2ab0ca3bcc 100755 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -11,8 +11,14 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -26,7 +32,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ECDSA_H diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 3d8d02ae6464cbe2feb16a63d626a4bced0ee37e..a9b68d00c61b37e04ce9ebe867001a53ecb1d8f9 100755 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -4,8 +4,14 @@ * \brief Elliptic curve J-PAKE */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 065a4cc0b990ff3f799727a59282986eca2cd1db..bdc750eb244e0c5a0ef270e0661fd50862e49528 100755 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -15,8 +15,14 @@ */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -30,7 +36,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ECP_H @@ -813,6 +838,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * intermediate results to prevent potential timing attacks * targeting these results. We recommend always providing * a non-NULL \p f_rng. The overhead is negligible. + * Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when + * \p f_rng is NULL, an internal RNG (seeded from the value + * of \p m) will be used instead. * * \param grp The ECP group to use. * This must be initialized and have group parameters diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h index 7625ed48e1afc2ae3c41b15f0ee84db031bcec3d..0047bd4ef9163abda1674839e27f354a54b7b12c 100755 --- a/include/mbedtls/ecp_internal.h +++ b/include/mbedtls/ecp_internal.h @@ -5,8 +5,14 @@ * point arithmetic. */ /* - * Copyright (C) 2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index ca06dc3c58e8c48043fdf117a900aa9983bc3713..1e1d3f56ec63fd728dd9bf4d5fda377bcdef92be 100755 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -4,8 +4,14 @@ * \brief Entropy accumulator implementation */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index 94dd657eb9565a857d4303b9793889ce91832b30..c348fe52d422d89ee2f9cc74183ad50c381c4aa9 100755 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -4,8 +4,14 @@ * \brief Platform-specific and custom entropy polling functions */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index bee0fe485ac6bb5fa1a4c0d62b161920637bad02..fa8582a39147a52027d8e0bd7844a74fb0306321 100755 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -4,8 +4,14 @@ * \brief Error to string translation */ /* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H @@ -100,6 +125,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) + * SSL 5 1 (Started from 0x5E80) * CIPHER 6 8 * SSL 6 23 (Started from top) * SSL 7 32 diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index fd130abd7cffe5f6390a01879fabb2f619da36de..4e4434ed4dfd1ce6686dd589547fb4b59fcd6526 100755 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -12,8 +12,14 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -27,7 +33,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_GCM_H diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h index 4c1c86087a8c510373272beab7d3c4e58c94d102..e90839ddeb4f503425864db0c86acf72352a7eef 100755 --- a/include/mbedtls/havege.h +++ b/include/mbedtls/havege.h @@ -4,8 +4,14 @@ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_HAVEGE_H #define MBEDTLS_HAVEGE_H diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index bcafe42513694d58b3828473e36eb0210ca0860c..07ffe83b23d61ee95c4efd69623c039bfe0f0405 100755 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -7,8 +7,14 @@ * specified by RFC 5869. */ /* - * Copyright (C) 2016-2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 7931c2281cf03eeeef45a6b14738dd4e353a823d..68836782043d057ba612e1e36cef32debd14828b 100755 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -8,8 +8,14 @@ * Deterministic Random Bit Generators. */ /* - * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 8bcf766a6ca67792b235d9988483c8db55af95de..2ba8d9e7a91d19693c2fee7b30b4eef7177645b2 100755 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -6,8 +6,14 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_MD_H @@ -98,6 +123,8 @@ typedef struct mbedtls_md_context_t * \brief This function returns the list of digests supported by the * generic digest module. * + * \note The list starts with the strongest available hashes. + * * \return A statically allocated array of digests. Each element * in the returned list is an integer belonging to the * message-digest enumeration #mbedtls_md_type_t. diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index fe97cf08d409a91b38f7869c4e6228d1a72f2561..9607df66baffd4f87836cc0bc5db6fca91096b38 100755 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -8,8 +8,14 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ #ifndef MBEDTLS_MD2_H diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index ce703c0ba4f3fd1ab241272b26b1e3e237f06f3a..6ceaf7a2f69127718b6c4b6bd7c2de1a8b78caff 100755 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -8,8 +8,14 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ #ifndef MBEDTLS_MD4_H diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 6eed6cc864aae8fb2976ea4bc4c99fcc334788fa..b9d0ca929a0af01130fa01d30e8562b5e9686939 100755 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -8,8 +8,14 @@ * digests instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 04de48291844e0af67107cad1d45a8fcb42c83b5..847f50aa0a83616e1f65e4ab11975f3a6ae5a995 100755 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -8,8 +8,14 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_MD_WRAP_H #define MBEDTLS_MD_WRAP_H diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 705f9a636900fde07a9e27d56946283b0b3751ed..89c06174957cf8aca9c1e6018ea1ac0a9bc243fc 100755 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -4,8 +4,14 @@ * \brief Buffer-based memory allocator */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H #define MBEDTLS_MEMORY_BUFFER_ALLOC_H diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h index 8cead58e5df2c9b76252da48ff868d2b16d03fcb..6c7a49d3bdf762f81e88b4f1bb870c0e57d69241 100755 --- a/include/mbedtls/net.h +++ b/include/mbedtls/net.h @@ -6,8 +6,14 @@ * \deprecated Superseded by mbedtls/net_sockets.h */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 4c7ef00fe667e49b6e7bf1816446492e344d0dce..00fea7db197be8cbcd69a0b116559b9b18652e43 100755 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -20,8 +20,14 @@ * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -35,7 +41,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index 3b67b59cd2972753928ca7309fdfc9b9a6cd6b13..94356569942c296ccb96b98a8d89c37245cfcc6a 100755 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -16,8 +16,14 @@ * */ /* - * Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -31,7 +37,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_NIST_KW_H diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 6fbd018aaa1a7338f309f731d3e936ca409d00f4..4a7e3b4b3fd9eca97430a8e7bcdf5c6945059a5e 100755 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -4,8 +4,14 @@ * \brief Object Identifier (OID) database */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h index 721a5d4930e6c71da84f33d74fc740df14f9a8b1..d8246e2cd015b7de3b4b7f14b33ba3df807591ca 100755 --- a/include/mbedtls/padlock.h +++ b/include/mbedtls/padlock.h @@ -8,8 +8,14 @@ * functions; you must not call them directly. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -23,7 +29,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index a29e9ce30024888dd4a04204ab7048c8fa196feb..c9df7ca6e860ffa4c59eedca3b8a04528aa6d53e 100755 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -4,8 +4,14 @@ * \brief Privacy Enhanced Mail (PEM) decoding */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H @@ -112,17 +137,27 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx ); * \brief Write a buffer of PEM information from a DER encoded * buffer. * - * \param header header string to write - * \param footer footer string to write - * \param der_data DER data to write - * \param der_len length of the DER data - * \param buf buffer to write to - * \param buf_len length of output buffer - * \param olen total length written / required (if buf_len is not enough) - * - * \return 0 on success, or a specific PEM or BASE64 error code. On - * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required - * size. + * \param header The header string to write. + * \param footer The footer string to write. + * \param der_data The DER data to encode. + * \param der_len The length of the DER data \p der_data in Bytes. + * \param buf The buffer to write to. + * \param buf_len The length of the output buffer \p buf in Bytes. + * \param olen The address at which to store the total length written + * or required (if \p buf_len is not enough). + * + * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len + * to request the length of the resulting PEM buffer in + * `*olen`. + * + * \note This function may be called with overlapping \p der_data + * and \p buf buffers. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large + * enough to hold the PEM buffer. In this case, `*olen` holds + * the required minimum size of \p buf. + * \return Another PEM or BASE64 error code on other kinds of failure. */ int mbedtls_pem_write_buffer( const char *header, const char *footer, const unsigned char *der_data, size_t der_len, diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 136427503a0aa9d5390a9c6cf5d979de4008ea55..20d51d4f38c569d8b5bdeed2c7b465e7aa575faa 100755 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -4,8 +4,14 @@ * \brief Public Key abstraction layer */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PK_H diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h index 48b7a5f7bf2993402ffd6b5acf9bee8c53eed7e4..3f84cdf7489f81ad9b84c90f810c0f7598e69400 100755 --- a/include/mbedtls/pk_internal.h +++ b/include/mbedtls/pk_internal.h @@ -4,8 +4,14 @@ * \brief Public Key abstraction layer: wrapper functions */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PK_WRAP_H diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h index 02427ddc1e9ce2980e46b6664326450a1bd48798..3874d4a05ee1f218504cc535d795ee807012a5f5 100755 --- a/include/mbedtls/pkcs11.h +++ b/include/mbedtls/pkcs11.h @@ -6,8 +6,14 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PKCS11_H #define MBEDTLS_PKCS11_H diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index d441357b7f4ff386bb1f7c142eea8cc74f98487e..9cbcb1730559bb7d3a22a378467b9f6aa1b1c3fa 100755 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -4,8 +4,14 @@ * \brief PKCS#12 Personal Information Exchange Syntax */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index c92185f7a68c9412900f9501e2b49987a5d0a91b..328633c492d250e9ae496b81b160d36e90548930 100755 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -6,8 +6,14 @@ * \author Mathias Olsson */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 89fe8a7b197a30942f8b1da62a2c94cb1e4da9dd..689cfc6ec79a85a789b28f62495dfa02c53e1c1f 100755 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -13,8 +13,14 @@ * dynamically configured at runtime. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -28,7 +34,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index 2ed36f56c9ee8f357908ce4ef7cfc3811ac02661..e132f6a688c00402ae211e24215ef3bbd97884d2 100755 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -4,8 +4,14 @@ * \brief mbed TLS Platform time abstraction */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PLATFORM_TIME_H #define MBEDTLS_PLATFORM_TIME_H diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 09d09651829546adec10f1127e1b2f30686292c2..426afaf040172a1bda707bdf560b205dd1bbc351 100755 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -5,8 +5,14 @@ * library. */ /* - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index f0ec44c96833a66e575dc8719314dbf8abbb7e97..b337aa841cab6e4209836c2d3d1273ade4a1edd4 100755 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -12,8 +12,15 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0 +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -27,7 +34,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_POLY1305_H diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index b42f6d2a9597ede9ec13bc67d93ee2b6ae1a1bbb..31c6637d6dc754c76748b88573f955d8af1006ad 100755 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -4,8 +4,14 @@ * \brief RIPE MD-160 message digest */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 35bacd8763c6f6d0246bb939403d82fb638645bb..188c37cf3aa9291c5fa8c353321d350e6d18860a 100755 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -10,8 +10,14 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -25,7 +31,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 53abd3c5b0eeeafdfe73bd95174bd7a45929a0d0..953cb7b81d7c3bac0487bab2ee2fbc4ee598398e 100755 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -35,8 +35,14 @@ * */ /* - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -50,7 +56,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index bb6ecf05a4a8a93a496ab245243e1bf97983cace..60c514a49ecbf82151f86cd60ebd7130a4f6465b 100755 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -11,8 +11,14 @@ * digests instead. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -26,7 +32,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index d64739820c6d32ab993bb2d1cf701e1148ec4af1..b1881e183c4351210761c23b19ce4a4876def7eb 100755 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -7,8 +7,14 @@ * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -22,7 +28,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index c06ceed1d13c2e5acce3cebb22d1955f05444605..9ff78ecf41801eba4b9c95fad41fd2088be740cf 100755 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -6,8 +6,14 @@ * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -21,7 +27,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1adf9608ccfcf422d573f90ee808186e3180c68e..d3ee3c4e6f62fb7fddde9ea36fb7bac8138deb60 100755 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4,8 +4,14 @@ * \brief SSL/TLS functions. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H @@ -123,6 +148,7 @@ #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */ #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ +#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ /* * Various constants @@ -137,6 +163,9 @@ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ +#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ + +#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index 52ba0948c55d70bbc3e79e1a65a3e0756008fe1e..612d81776ef2f1c556e6c0465949a4740759c71e 100755 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -4,8 +4,14 @@ * \brief SSL session cache implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 71053e5ba71ccec1358f00be6b313285829e5507..ab8e601db716066b65468af4b650bf496767ac15 100755 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -4,8 +4,14 @@ * \brief SSL Ciphersuites for mbed TLS */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index e34760ae85ea86bebb22a7c6ac88912ef8d94e14..9c2d5b62a433c18adc250515ce279de564288a22 100755 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -4,8 +4,14 @@ * \brief DTLS cookie callbacks implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index bd5ad94dbf0690401bcda07dcaec5da70e4323df..6ba6c2af09d89a533165b0d7209eedece07c1bf2 100755 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -4,8 +4,14 @@ * \brief Internal functions shared by the SSL modules */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_INTERNAL_H #define MBEDTLS_SSL_INTERNAL_H @@ -125,6 +150,24 @@ #define MBEDTLS_SSL_RETRANS_WAITING 2 #define MBEDTLS_SSL_RETRANS_FINISHED 3 +/* This macro determines whether CBC is supported. */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ + ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_CAMELLIA_C) || \ + defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_DES_C) ) +#define MBEDTLS_SSL_SOME_SUITES_USE_CBC +#endif + +/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as + * opposed to the very different CBC construct used in SSLv3) is supported. */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ + ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) ) +#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC +#endif + /* * Allow extra bytes for record, authentication and encryption overhead: * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) @@ -182,6 +225,12 @@ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ ) +/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */ +#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534 + +/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ +#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 + /* * Check that we obey the standard's message size bounds */ @@ -236,6 +285,41 @@ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) +/** + * \brief This function checks if the remaining size in a buffer is + * greater or equal than a needed space. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + * \return Zero if the needed space is available in the buffer, non-zero + * otherwise. + */ +static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, + const uint8_t *end, size_t need ) +{ + return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); +} + +/** + * \brief This macro checks if the remaining size in a buffer is + * greater or equal than a needed space. If it is not the case, + * it returns an SSL_BUFFER_TOO_SMALL error. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + */ +#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ + do { \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ + { \ + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ + } \ + } while( 0 ) + #ifdef __cplusplus extern "C" { #endif @@ -775,6 +859,73 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/** \brief Compute the HMAC of variable-length data with constant flow. + * + * This function computes the HMAC of the concatenation of \p add_data and \p + * data, and does with a code flow and memory access pattern that does not + * depend on \p data_len_secret, but only on \p min_data_len and \p + * max_data_len. In particular, this function always reads exactly \p + * max_data_len bytes from \p data. + * + * \param ctx The HMAC context. It must have keys configured + * with mbedtls_md_hmac_starts() and use one of the + * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. + * It is reset using mbedtls_md_hmac_reset() after + * the computation is complete to prepare for the + * next computation. + * \param add_data The additional data prepended to \p data. This + * must point to a readable buffer of \p add_data_len + * bytes. + * \param add_data_len The length of \p add_data in bytes. + * \param data The data appended to \p add_data. This must point + * to a readable buffer of \p max_data_len bytes. + * \param data_len_secret The length of the data to process in \p data. + * This must be no less than \p min_data_len and no + * greater than \p max_data_len. + * \param min_data_len The minimal length of \p data in bytes. + * \param max_data_len The maximal length of \p data in bytes. + * \param output The HMAC will be written here. This must point to + * a writable buffer of sufficient size to hold the + * HMAC value. + * + * \retval 0 + * Success. + * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED + * The hardware accelerator failed. + */ +int mbedtls_ssl_cf_hmac( + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output ); + +/** \brief Copy data from a secret position with constant flow. + * + * This function copies \p len bytes from \p src_base + \p offset_secret to \p + * dst, with a code flow and memory access pattern that does not depend on \p + * offset_secret, but only on \p offset_min, \p offset_max and \p len. + * + * \param dst The destination buffer. This must point to a writable + * buffer of at least \p len bytes. + * \param src_base The base of the source buffer. This must point to a + * readable buffer of at least \p offset_max + \p len + * bytes. + * \param offset_secret The offset in the source buffer from which to copy. + * This must be no less than \p offset_min and no greater + * than \p offset_max. + * \param offset_min The minimal value of \p offset_secret. + * \param offset_max The maximal value of \p offset_secret. + * \param len The number of bytes to copy. + */ +void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len ); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 774a007a9f3b8e15977c0108fb22c638dd682462..a10a4341387d6838cd11f28a72229ce27dde0012 100755 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -4,8 +4,14 @@ * \brief TLS server ticket callbacks implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 92e6e6b987e7fd8486761bc5147ccc89c7b62a19..a8183a6ef48ec310277bc54030142f203a3218a3 100755 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -4,8 +4,14 @@ * \brief Threading abstraction layer */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index a965fe0d355a68bd9997dedc5cced8eebb2c3787..8611ba9a4e58816e193513975cf44ad4ac956b7a 100755 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -4,8 +4,14 @@ * \brief Portable interface to timeouts and to the CPU cycle counter */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index e0a2e7f6d6c6daa893065d9cdb41283a3fe3385d..d09b45002d59d80460d8c02d4b33d60ee760a7d1 100755 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -4,8 +4,14 @@ * \brief Run-time version information */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * This set of compile-time defines and run-time variables can be used to @@ -40,16 +65,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 16 -#define MBEDTLS_VERSION_PATCH 6 +#define MBEDTLS_VERSION_PATCH 8 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02100600 -#define MBEDTLS_VERSION_STRING "2.16.6" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.6" +#define MBEDTLS_VERSION_NUMBER 0x02100800 +#define MBEDTLS_VERSION_STRING "2.16.8" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.8" #if defined(MBEDTLS_VERSION_C) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 63aae32d870ec2c84bfe56b13f70cf1130abbfb9..5bb9b00292f6d7fa9b2d8ee66e0da84abc0e0cee 100755 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -4,8 +4,14 @@ * \brief X.509 generic defines and structures */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index fa838d68cbfebdb984deb801b36ba13ab1ea39c6..2ade47c89db3809cd98e8b4758757dcf1157e9c7 100755 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -4,8 +4,14 @@ * \brief X.509 certificate revocation list parsing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 670bd10d8910d111f54c0598e0f97f8fef6d7a63..c38e0c0556c63943bbc7f7b59916b4cf9894694e 100755 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -4,8 +4,14 @@ * \brief X.509 certificate parsing and writing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index a3c28048e011e9f8d5346ca022983709c5efb301..5dfb4213e8d3f2e89ff219427a961ded79ad42ec 100755 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -4,8 +4,14 @@ * \brief X.509 certificate signing request parsing and writing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index b47f5535085e028f8a31025cdd3af45aba7b40d6..cd6d3753d13bacb24c5ffe1e062467325da15d83 100755 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -4,8 +4,14 @@ * \brief XTEA block cipher (32-bit) */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -19,7 +25,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_XTEA_H #define MBEDTLS_XTEA_H diff --git a/library/.gitignore b/library/.gitignore old mode 100755 new mode 100644 diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 93ce7b8f44761644bf42111c2ca55870dea3732f..beec785d1f30a0c9231531609351fde51c50d628 100755 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.6 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.8 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.16.6 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.8 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.16.6 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.8 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/library/Makefile b/library/Makefile old mode 100755 new mode 100644 diff --git a/library/aes.c b/library/aes.c index 02a7986b59c3a965fb8ea99332a18c5a4571b5ce..9b337505fd15c8152650ab098681e66804853b95 100755 --- a/library/aes.c +++ b/library/aes.c @@ -1,8 +1,14 @@ /* * FIPS-197 compliant AES implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. diff --git a/library/aesni.c b/library/aesni.c index 062708b047d8314669619ab3e5040827991efd6c..358d4ad8606d2bb6203860a1362239bad68cc42b 100755 --- a/library/aesni.c +++ b/library/aesni.c @@ -1,8 +1,14 @@ /* * AES-NI support functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/arc4.c b/library/arc4.c index b8998ac6cd7679ab109d29deac7a41bef313fd8b..6729bab002ce8a3f3049fbef19c303e41b8f2631 100755 --- a/library/arc4.c +++ b/library/arc4.c @@ -1,8 +1,14 @@ /* * An implementation of the ARCFOUR algorithm * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The ARCFOUR algorithm was publicly disclosed on 94/09. diff --git a/library/aria.c b/library/aria.c index aff66d667f1dc172d988691dfddeaaf74791bc35..ef0392f658934907f642f349cae58a3e93fed45d 100755 --- a/library/aria.c +++ b/library/aria.c @@ -1,8 +1,14 @@ /* * ARIA implementation * - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/asn1parse.c b/library/asn1parse.c index 171c340b8c8d8414f4e47e4d52e0fe9560727592..10239fdd15c5ebaf91d786e4e818c936547e2553 100755 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -1,8 +1,14 @@ /* * Generic ASN.1 parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/asn1write.c b/library/asn1write.c index c0b4622d58d859f1aa998ad32a06ff4c81c7cd29..d94d0a760550552ccf5dbff8beaa36cc78adfd1b 100755 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -1,8 +1,14 @@ /* * ASN.1 buffer writing functionality * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/base64.c b/library/base64.c index f06b57b31fcd321c2747c38dc0745b4e5afe7ba0..bfafb05353cbc02402a726c9bfa60ca3a02dc86d 100755 --- a/library/base64.c +++ b/library/base64.c @@ -1,8 +1,14 @@ /* * RFC 1521 base64 encoding/decoding * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/bignum.c b/library/bignum.c index 87ccf42fad9a97b58c83843a92ff55d703ed15e7..dfe976d6489fe54368b34e5ad9b025c6316a9223 100755 --- a/library/bignum.c +++ b/library/bignum.c @@ -1,8 +1,14 @@ /* * Multi-precision integer library * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* @@ -242,6 +267,22 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) memcpy( Y, &T, sizeof( mbedtls_mpi ) ); } +/* + * Conditionally assign dest = src, without leaking information + * about whether the assignment was made or not. + * dest and src must be arrays of limbs of size n. + * assign must be 0 or 1. + */ +static void mpi_safe_cond_assign( size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char assign ) +{ + size_t i; + for( i = 0; i < n; i++ ) + dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; +} + /* * Conditionally assign X = Y, without leaking information * about whether the assignment was made or not. @@ -261,10 +302,9 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned X->s = X->s * ( 1 - assign ) + Y->s * assign; - for( i = 0; i < Y->n; i++ ) - X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign; + mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); - for( ; i < X->n; i++ ) + for( i = Y->n; i < X->n; i++ ) X->p[i] *= ( 1 - assign ); cleanup: @@ -1249,10 +1289,24 @@ cleanup: return( ret ); } -/* - * Helper for mbedtls_mpi subtraction +/** + * Helper for mbedtls_mpi subtraction. + * + * Calculate d - s where d and s have the same size. + * This function operates modulo (2^ciL)^n and returns the carry + * (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise). + * + * \param n Number of limbs of \p d and \p s. + * \param[in,out] d On input, the left operand. + * On output, the result of the subtraction: + * \param[in] s The right operand. + * + * \return 1 if `d < s`. + * 0 if `d >= s`. */ -static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) +static mbedtls_mpi_uint mpi_sub_hlp( size_t n, + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s ) { size_t i; mbedtls_mpi_uint c, z; @@ -1263,28 +1317,22 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) c = ( *d < *s ) + z; *d -= *s; } - while( c != 0 ) - { - z = ( *d < c ); *d -= c; - c = z; d++; - } + return( c ); } /* - * Unsigned subtraction: X = |A| - |B| (HAC 14.9) + * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10) */ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { mbedtls_mpi TB; int ret; size_t n; + mbedtls_mpi_uint carry; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); - mbedtls_mpi_init( &TB ); if( X == B ) @@ -1307,7 +1355,18 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, B->p, X->p ); + carry = mpi_sub_hlp( n, X->p, B->p ); + if( carry != 0 ) + { + /* Propagate the carry to the first nonzero limb of X. */ + for( ; n < X->n && X->p[n] == 0; n++ ) + --X->p[n]; + /* If we ran out of space for the carry, it means that the result + * is negative. */ + if( n == X->n ) + return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + --X->p[n]; + } cleanup: @@ -1887,18 +1946,34 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) *mm = ~x + 1; } -/* - * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) +/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + * + * \param[in,out] A One of the numbers to multiply. + * It must have at least as many limbs as N + * (A->n >= N->n), and any limbs beyond n are ignored. + * On successful completion, A contains the result of + * the multiplication A * B * R^-1 mod N where + * R = (2^ciL)^n. + * \param[in] B One of the numbers to multiply. + * It must be nonzero and must not have more limbs than N + * (B->n <= N->n). + * \param[in] N The modulo. N must be odd. + * \param mm The value calculated by `mpi_montg_init(&mm, N)`. + * This is -N^-1 mod 2^ciL. + * \param[in,out] T A bignum for temporary storage. + * It must be at least twice the limb size of N plus 2 + * (T->n >= 2 * (N->n + 1)). + * Its initial content is unused and + * its final content is indeterminate. + * Note that unlike the usual convention in the library + * for `const mbedtls_mpi*`, the content of T can change. */ -static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; - if( T->n < N->n + 1 || T->p == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - memset( T->p, 0, T->n * ciL ); d = T->p; @@ -1919,22 +1994,34 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *d++ = u0; d[n + 1] = 0; } - memcpy( A->p, d, ( n + 1 ) * ciL ); - - if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) - mpi_sub_hlp( n, N->p, A->p ); - else - /* prevent timing attacks */ - mpi_sub_hlp( n, A->p, T->p ); - - return( 0 ); + /* At this point, d is either the desired result or the desired result + * plus N. We now potentially subtract N, avoiding leaking whether the + * subtraction is performed through side channels. */ + + /* Copy the n least significant limbs of d to A, so that + * A = d if d < N (recall that N has n limbs). */ + memcpy( A->p, d, n * ciL ); + /* If d >= N then we want to set A to d - N. To prevent timing attacks, + * do the calculation without using conditional tests. */ + /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ + d[n] += 1; + d[n] -= mpi_sub_hlp( n, d, N->p ); + /* If d0 < N then d < (2^biL)^n + * so d[n] == 0 and we want to keep A as it is. + * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n + * so d[n] == 1 and we want to set A to the result of the subtraction + * which is d - (2^biL)^n, i.e. the n least significant limbs of d. + * This exactly corresponds to a conditional assignment. */ + mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] ); } /* * Montgomery reduction: A = A * R^-1 mod N + * + * See mpi_montmul() regarding constraints and guarantees on the parameters. */ -static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1942,7 +2029,7 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, U.n = U.s = (int) z; U.p = &z; - return( mpi_montmul( A, &U, N, mm, T ) ); + mpi_montmul( A, &U, N, mm, T ); } /* @@ -2028,13 +2115,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); + mpi_montmul( &W[1], &RR, N, mm, &T ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( wsize > 1 ) { @@ -2047,7 +2134,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); + mpi_montmul( &W[j], &W[j], N, mm, &T ); /* * W[i] = W[i - 1] * W[1] @@ -2057,7 +2144,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); + mpi_montmul( &W[i], &W[1], N, mm, &T ); } } @@ -2094,7 +2181,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * out of window, square X */ - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); continue; } @@ -2112,12 +2199,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); /* * X = X * W[wbits] R^-1 mod N */ - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); + mpi_montmul( X, &W[wbits], N, mm, &T ); state--; nbits = 0; @@ -2130,18 +2217,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, */ for( i = 0; i < nbits; i++ ) { - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); + mpi_montmul( X, &W[1], N, mm, &T ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) { diff --git a/library/blowfish.c b/library/blowfish.c index cbf92382468db7dbfc9e0a38f4f55b13002bb22c..a3f9be959fd380acc122d4f218c5dbefb6b7e026 100755 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -1,8 +1,14 @@ /* * Blowfish implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The Blowfish block cipher was designed by Bruce Schneier in 1993. diff --git a/library/camellia.c b/library/camellia.c index 22262b89a865f56e571e24eaba36d030cdc2b5c6..40d62121bfc5f8db74ee31a1cc74497727be226f 100755 --- a/library/camellia.c +++ b/library/camellia.c @@ -1,8 +1,14 @@ /* * Camellia implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The Camellia block cipher was designed by NTT and Mitsubishi Electric diff --git a/library/ccm.c b/library/ccm.c index c6211ee773c37e460ee718b0ff84e83c53653756..b2e5a4763d5d72224b606d0e9e1fbe45c06eed5e 100755 --- a/library/ccm.c +++ b/library/ccm.c @@ -1,8 +1,14 @@ /* * NIST SP800-38C compliant CCM implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/certs.c b/library/certs.c index 80ab0b9d6c961a18d85bf21253a759be08d72f0b..cb43f53368c51b4c84796aaf78b832b786b913d1 100755 --- a/library/certs.c +++ b/library/certs.c @@ -1,8 +1,14 @@ /* * X.509 test certificates * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/chacha20.c b/library/chacha20.c index 8a3610f0e03bce1f1fd3cad4aa583db3b336aa4e..80fe50cc672fe628996676c4928cdcd0817cc672 100755 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -5,8 +5,14 @@ * * \author Daniel King * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/chachapoly.c b/library/chachapoly.c index dc643dd618900958d1c7ca06195cba1c568909fa..c8b5bba4b2352133c745e7a6c004f6e5992ceccf 100755 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -3,8 +3,14 @@ * * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539. * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -18,7 +24,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/library/cipher.c b/library/cipher.c index 8d010b59ac4e27a8c1884e4b5f839f4bbf0cb7a4..57da0b9c44d0e34933450df09b0efb6b625efc12 100755 --- a/library/cipher.c +++ b/library/cipher.c @@ -5,8 +5,14 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 6dd8c5d3a967b1164fffccfb2cd9173f3db31bac..1dcac21be1a5bc610286f24b2045b84adce78b45 100755 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -5,8 +5,14 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/cmac.c b/library/cmac.c index 5d101e1c7d0bfd346b5489898110e839556b82c9..1a1200b52bc2535b9d3cb21b4e896910d5c4b4c9 100755 --- a/library/cmac.c +++ b/library/cmac.c @@ -3,8 +3,14 @@ * * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -18,7 +24,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ad0a1936d1b4a523c0bf60aa638d22f27a462cf5..b98df29a9b429826744dfc86e237bd39e02e56a1 100755 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -1,8 +1,14 @@ /* * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The NIST SP 800-90 DRBGs are described in the following publication. diff --git a/library/debug.c b/library/debug.c index 36510cdd56d43039597eae78cf49c55c1b964642..5f06d0da13481477cf2ee311bff94962a27931c1 100755 --- a/library/debug.c +++ b/library/debug.c @@ -1,8 +1,14 @@ /* * Debugging routines * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/des.c b/library/des.c index 8a33d82e50e2df1973da8a2bcfe5a5e940878d4c..623165d39180a102e2c1d2889093efbe3d78565e 100755 --- a/library/des.c +++ b/library/des.c @@ -1,8 +1,14 @@ /* * FIPS-46-3 compliant Triple-DES implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * DES, on which TDES is based, was originally designed by Horst Feistel diff --git a/library/dhm.c b/library/dhm.c index 8255632a993fb5bf89b686c0f5d2b79ab1d1d6e5..d652cf0ac97825a98b0f1b4d953552294c778d76 100755 --- a/library/dhm.c +++ b/library/dhm.c @@ -1,8 +1,14 @@ /* * Diffie-Hellman-Merkle key exchange * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The following sources were referenced in the design of this implementation @@ -323,6 +348,32 @@ cleanup: return( 0 ); } +/* + * Pick a random R in the range [2, M) for blinding purposes + */ +static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + int ret, count; + + count = 0; + do + { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) ); + + while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) ); + + if( count++ > 10 ) + return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + } + while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 ); + +cleanup: + return( ret ); +} + + /* * Use the blinding method and optimisation suggested in section 10 of: * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA, @@ -332,7 +383,10 @@ cleanup: static int dhm_update_blinding( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret, count; + int ret; + mbedtls_mpi R; + + mbedtls_mpi_init( &R ); /* * Don't use any blinding the first time a particular X is used, @@ -367,24 +421,23 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, */ /* Vi = random( 2, P-1 ) */ - count = 0; - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); + + /* Vf = Vi^-X mod P + * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod), + * then elevate to the Xth power. */ + MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); - - if( count++ > 10 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - } - while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 ); - - /* Vf = Vi^-X mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) ); cleanup: + mbedtls_mpi_free( &R ); + return( ret ); } diff --git a/library/ecdh.c b/library/ecdh.c index c5726877d5e73ce65fa2852d000d3883a8d7b273..8c27e4e19645956402395a9561d4d55dcef9694f 100755 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -1,8 +1,14 @@ /* * Elliptic curve Diffie-Hellman * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/ecdsa.c b/library/ecdsa.c index 6b72e0d927eef4c3db7dc4518c4988cf621d751a..da8df9cde2f9dafe5f2a52d1f643157c64126205 100755 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -1,8 +1,14 @@ /* * Elliptic curve DSA * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/ecjpake.c b/library/ecjpake.c index 1845c936abc6ff7a35517ec7196bc84b6ed823c8..f6e24580c72e719ccc704a5847329d34e9604273 100755 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -1,8 +1,14 @@ /* * Elliptic curve J-PAKE * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/ecp.c b/library/ecp.c index 725e176df22eabc8a9ee5efec42c9a7302001949..fe41b4128a669b3b0d6e5e8d93a5542b3414d839 100755 --- a/library/ecp.c +++ b/library/ecp.c @@ -1,8 +1,14 @@ /* * Elliptic curves over GF(p): generic functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* @@ -104,6 +129,20 @@ #include "mbedtls/ecp_internal.h" +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) +#if defined(MBEDTLS_HMAC_DRBG_C) +#include "mbedtls/hmac_drbg.h" +#elif defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/ctr_drbg.h" +#elif defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#elif defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#else +#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#endif +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -117,6 +156,233 @@ static unsigned long add_count, dbl_count, mul_count; #endif +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) +/* + * Currently ecp_mul() takes a RNG function as an argument, used for + * side-channel protection, but it can be NULL. The initial reasoning was + * that people will pass non-NULL RNG when they care about side-channels, but + * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with + * no opportunity for the user to do anything about it. + * + * The obvious strategies for addressing that include: + * - change those APIs so that they take RNG arguments; + * - require a global RNG to be available to all crypto modules. + * + * Unfortunately those would break compatibility. So what we do instead is + * have our own internal DRBG instance, seeded from the secret scalar. + * + * The following is a light-weight abstraction layer for doing that with + * HMAC_DRBG (first choice) or CTR_DRBG. + */ + +#if defined(MBEDTLS_HMAC_DRBG_C) + +/* DRBG context type */ +typedef mbedtls_hmac_drbg_context ecp_drbg_context; + +/* DRBG context init */ +static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_init( ctx ); +} + +/* DRBG context free */ +static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_free( ctx ); +} + +/* DRBG function */ +static inline int ecp_drbg_random( void *p_rng, + unsigned char *output, size_t output_len ) +{ + return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); +} + +/* DRBG context seeding */ +static int ecp_drbg_seed( ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len ) +{ + int ret; + unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; + /* The list starts with strong hashes */ + const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, + secret_bytes, secret_len ) ); + + ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); + +cleanup: + mbedtls_platform_zeroize( secret_bytes, secret_len ); + + return( ret ); +} + +#elif defined(MBEDTLS_CTR_DRBG_C) + +/* DRBG context type */ +typedef mbedtls_ctr_drbg_context ecp_drbg_context; + +/* DRBG context init */ +static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + mbedtls_ctr_drbg_init( ctx ); +} + +/* DRBG context free */ +static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_ctr_drbg_free( ctx ); +} + +/* DRBG function */ +static inline int ecp_drbg_random( void *p_rng, + unsigned char *output, size_t output_len ) +{ + return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) ); +} + +/* + * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does, + * we need to pass an entropy function when seeding. So we use a dummy + * function for that, and pass the actual entropy as customisation string. + * (During seeding of CTR_DRBG the entropy input and customisation string are + * concatenated before being used to update the secret state.) + */ +static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) +{ + (void) ctx; + memset( out, 0, len ); + return( 0 ); +} + +/* DRBG context seeding */ +static int ecp_drbg_seed( ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len ) +{ + int ret; + unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, + secret_bytes, secret_len ) ); + + ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, + secret_bytes, secret_len ); + +cleanup: + mbedtls_platform_zeroize( secret_bytes, secret_len ); + + return( ret ); +} + +#elif defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA256_C) + +/* This will be used in the self-test function */ +#define ECP_ONE_STEP_KDF + +/* + * We need to expand secret data (the scalar) into a longer stream of bytes. + * + * We'll use the One-Step KDF from NIST SP 800-56C, with option 1 (H is a hash + * function) and empty FixedInfo. (Though we'll make it fit the DRBG API for + * convenience, this is not a full-fledged DRBG, but we don't need one here.) + * + * We need a basic hash abstraction layer to use whatever SHA-2 is available. + */ +#if defined(MBEDTLS_SHA512_C) + +#define HASH_FUNC( in, ilen, out ) mbedtls_sha512_ret( in, ilen, out, 0 ); +#define HASH_BLOCK_BYTES ( 512 / 8 ) + +#elif defined(MBEDTLS_SHA256_C) + +#define HASH_FUNC( in, ilen, out ) mbedtls_sha256_ret( in, ilen, out, 0 ); +#define HASH_BLOCK_BYTES ( 256 / 8 ) + +#endif /* SHA512/SHA256 abstraction */ + +/* + * State consists of a 32-bit counter plus the secret value. + * + * We stored them concatenated in a single buffer as that's what will get + * passed to the hash function. + */ +typedef struct { + size_t total_len; + uint8_t buf[4 + MBEDTLS_ECP_MAX_BYTES]; +} ecp_drbg_context; + +static void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + memset( ctx, 0, sizeof( ecp_drbg_context ) ); +} + +static void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( ecp_drbg_context ) ); +} + +static int ecp_drbg_seed( ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len ) +{ + ctx->total_len = 4 + secret_len; + memset( ctx->buf, 0, 4); + return( mbedtls_mpi_write_binary( secret, ctx->buf + 4, secret_len ) ); +} + +static int ecp_drbg_random( void *p_rng, unsigned char *output, size_t output_len ) +{ + ecp_drbg_context *ctx = p_rng; + int ret; + size_t len_done = 0; + uint8_t tmp[HASH_BLOCK_BYTES]; + + while( len_done < output_len ) + { + uint8_t use_len; + + /* This function is only called for coordinate randomisation, which + * happens only twice in a scalar multiplication. Each time needs a + * random value in the range [2, p-1], and gets it by drawing len(p) + * bytes from this function, and retrying up to 10 times if unlucky. + * + * So for the largest curve, each scalar multiplication draws at most + * 20 * 66 bytes. The minimum block size is 32 (SHA-256), so with + * rounding that means a most 20 * 3 blocks. + * + * Since we don't need to draw more that 255 blocks, don't bother + * with carry propagation and just return an error instead. We can + * change that it we even need to draw more blinding values. + */ + ctx->buf[3] += 1; + if( ctx->buf[3] == 0 ) + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + + ret = HASH_FUNC( ctx->buf, ctx->total_len, tmp ); + if( ret != 0 ) + return( ret ); + + if( output_len - len_done > HASH_BLOCK_BYTES ) + use_len = HASH_BLOCK_BYTES; + else + use_len = output_len - len_done; + + memcpy( output + len_done, tmp, use_len ); + len_done += use_len; + } + + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + + return( 0 ); +} + +#else /* DRBG/SHA modules */ +#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#endif /* DRBG/SHA modules */ +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. @@ -164,6 +430,10 @@ struct mbedtls_ecp_restart_mul ecp_rsm_comb_core, /* ecp_mul_comb_core() */ ecp_rsm_final_norm, /* do the final normalization */ } state; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + unsigned char drbg_seeded; +#endif }; /* @@ -176,6 +446,10 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) ctx->T = NULL; ctx->T_size = 0; ctx->state = ecp_rsm_init; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_init( &ctx->drbg_ctx ); + ctx->drbg_seeded = 0; +#endif } /* @@ -197,6 +471,10 @@ static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_free( ctx->T ); } +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &ctx->drbg_ctx ); +#endif + ecp_restart_rsm_init( ctx ); } @@ -1466,7 +1744,10 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); @@ -1816,7 +2097,9 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R i = d; MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } @@ -1937,6 +2220,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, rs_ctx->rsm->state = ecp_rsm_final_norm; final_norm: + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); #endif /* * Knowledge of the jacobian coordinates may leak the last few bits of the @@ -1949,10 +2233,11 @@ final_norm: * * Avoid the leak by randomizing coordinates before we normalize them. */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2021,11 +2306,44 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret; unsigned char w, p_eq_g, i; size_t d; - unsigned char T_size, T_ok; - mbedtls_ecp_point *T; + unsigned char T_size = 0, T_ok = 0; + mbedtls_ecp_point *T = NULL; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + + ecp_drbg_init( &drbg_ctx ); +#endif ECP_RS_ENTER( rsm ); +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( f_rng == NULL ) + { + /* Adjust pointers */ + f_rng = &ecp_drbg_random; +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + p_rng = &rs_ctx->rsm->drbg_ctx; + else +#endif + p_rng = &drbg_ctx; + + /* Initialize internal DRBG if necessary */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx == NULL || rs_ctx->rsm == NULL || + rs_ctx->rsm->drbg_seeded == 0 ) +#endif + { + const size_t m_len = ( grp->nbits + 7 ) / 8; + MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); + } +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->drbg_seeded = 1; +#endif + } +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -2097,6 +2415,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &drbg_ctx ); +#endif + /* does T belong to the group? */ if( T == grp->T ) T = NULL; @@ -2198,7 +2520,10 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); @@ -2284,9 +2609,23 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char b; mbedtls_ecp_point RP; mbedtls_mpi PX; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + ecp_drbg_init( &drbg_ctx ); +#endif mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( f_rng == NULL ) + { + const size_t m_len = ( grp->nbits + 7 ) / 8; + MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) ); + f_rng = &ecp_drbg_random; + p_rng = &drbg_ctx; + } +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + /* Save PX and read from P before writing to R, in case P == R */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); @@ -2300,7 +2639,9 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MOD_ADD( RP.X ); /* Randomize coordinates of the starting point */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); /* Loop invariant: R = result so far, RP = R + P */ @@ -2333,12 +2674,18 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * * Avoid the leak by randomizing coordinates before we normalize them. */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); cleanup: +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &drbg_ctx ); +#endif + mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); return( ret ); @@ -2893,6 +3240,76 @@ cleanup: #if defined(MBEDTLS_SELF_TEST) +#if defined(ECP_ONE_STEP_KDF) +/* + * There are no test vectors from NIST for the One-Step KDF in SP 800-56C, + * but unofficial ones can be found at: + * https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors + * + * We only use the ones with empty fixedInfo, and for brevity's sake, only + * 40-bytes output (with SHA-256 that's more than one block, and with SHA-512 + * less than one block). + */ +#if defined(MBEDTLS_SHA512_C) + +static const uint8_t test_kdf_z[16] = { + 0x3b, 0xa9, 0x79, 0xe9, 0xbc, 0x5e, 0x3e, 0xc7, + 0x61, 0x30, 0x36, 0xb6, 0xf5, 0x1c, 0xd5, 0xaa, +}; +static const uint8_t test_kdf_out[40] = { + 0x3e, 0xf6, 0xda, 0xf9, 0x51, 0x60, 0x70, 0x5f, + 0xdf, 0x21, 0xcd, 0xab, 0xac, 0x25, 0x7b, 0x05, + 0xfe, 0xc1, 0xab, 0x7c, 0xc9, 0x68, 0x43, 0x25, + 0x8a, 0xfc, 0x40, 0x6e, 0x5b, 0xf7, 0x98, 0x27, + 0x10, 0xfa, 0x7b, 0x93, 0x52, 0xd4, 0x16, 0xaa, +}; + +#elif defined(MBEDTLS_SHA256_C) + +static const uint8_t test_kdf_z[16] = { + 0xc8, 0x3e, 0x35, 0x8e, 0x99, 0xa6, 0x89, 0xc6, + 0x7d, 0xb4, 0xfe, 0x39, 0xcf, 0x8f, 0x26, 0xe1, +}; +static const uint8_t test_kdf_out[40] = { + 0x7d, 0xf6, 0x41, 0xf8, 0x3c, 0x47, 0xdc, 0x28, + 0x5f, 0x7f, 0xaa, 0xde, 0x05, 0x64, 0xd6, 0x25, + 0x00, 0x6a, 0x47, 0xd9, 0x1e, 0xa4, 0xa0, 0x8c, + 0xd7, 0xf7, 0x0c, 0x99, 0xaa, 0xa0, 0x72, 0x66, + 0x69, 0x0e, 0x25, 0xaa, 0xa1, 0x63, 0x14, 0x79, +}; + +#endif + +static int ecp_kdf_self_test( void ) +{ + int ret; + ecp_drbg_context kdf_ctx; + mbedtls_mpi scalar; + uint8_t out[sizeof( test_kdf_out )]; + + ecp_drbg_init( &kdf_ctx ); + mbedtls_mpi_init( &scalar ); + memset( out, 0, sizeof( out ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &scalar, + test_kdf_z, sizeof( test_kdf_z ) ) ); + + MBEDTLS_MPI_CHK( ecp_drbg_seed( &kdf_ctx, + &scalar, sizeof( test_kdf_z ) ) ); + + MBEDTLS_MPI_CHK( ecp_drbg_random( &kdf_ctx, out, sizeof( out ) ) ); + + if( memcmp( out, test_kdf_out, sizeof( out ) ) != 0 ) + ret = -1; + +cleanup: + ecp_drbg_free( &kdf_ctx ); + mbedtls_mpi_free( &scalar ); + + return( ret ); +} +#endif /* ECP_ONE_STEP_KDF */ + /* * Checkup routine */ @@ -3004,6 +3421,24 @@ int mbedtls_ecp_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); +#if defined(ECP_ONE_STEP_KDF) + if( verbose != 0 ) + mbedtls_printf( " ECP test #3 (internal KDF): " ); + + ret = ecp_kdf_self_test(); + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + goto cleanup; + } + + if( verbose != 0 ) + mbedtls_printf( "passed\n" ); +#endif /* ECP_ONE_STEP_KDF */ + cleanup: if( ret < 0 && verbose != 0 ) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 282481d0538e4def991010fbe4b6c94331c55ff8..cc4c5b71c045d2c4830f9debd2962547fd21f48d 100755 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1,8 +1,14 @@ /* * Elliptic curves over GF(p): curve-specific data and functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/entropy.c b/library/entropy.c index f8db1a550362d5e68bbf987a7ebaabe453fdec45..666c55654cc9abbdfa5fa92553d21ef943c0c2cf 100755 --- a/library/entropy.c +++ b/library/entropy.c @@ -1,8 +1,14 @@ /* * Entropy accumulator implementation * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index f0b12faf949507f3f417a760ccb4c996bda66569..476c9f0a0f9866a2d5e22c87ae93b47e953bada5 100755 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -1,8 +1,14 @@ /* * Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if defined(__linux__) diff --git a/library/error.c b/library/error.c index c596f0bcc5766e72b5493e8fb058c3ed57628ab7..eb52052b51e3844f77727eb9bd629501c12b1360 100755 --- a/library/error.c +++ b/library/error.c @@ -1,8 +1,14 @@ /* * Error message information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -53,6 +78,10 @@ #include "mbedtls/aria.h" #endif +#if defined(MBEDTLS_ASN1_PARSE_C) +#include "mbedtls/asn1.h" +#endif + #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" #endif @@ -525,6 +554,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" ); if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) ) mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" ); + if( use_ret == -(MBEDTLS_ERR_SSL_BAD_CONFIG) ) + mbedtls_snprintf( buf, buflen, "SSL - Invalid value in SSL config" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) diff --git a/library/gcm.c b/library/gcm.c index 675926a518b5569477daf5b84589314f9864aa1d..2afe5025a09e32ef049208e9e6be9525b4c47d94 100755 --- a/library/gcm.c +++ b/library/gcm.c @@ -1,8 +1,14 @@ /* * NIST SP800-38D compliant GCM implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/havege.c b/library/havege.c index c139e1db03ec835c75952a8fd941686c1b270ba8..5e91f40d8426127f436bc59685f1d364440cfbdb 100755 --- a/library/havege.c +++ b/library/havege.c @@ -1,8 +1,14 @@ /** * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The HAVEGE RNG was designed by Andre Seznec in 2002. diff --git a/library/hkdf.c b/library/hkdf.c index 82d8a429f4f28f695ff85274f5be42b3d10046b6..4a8bdfbe18c289305591a041451f11a869c501ca 100755 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -1,8 +1,14 @@ /* * HKDF implementation -- RFC 5869 * - * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 284c9b4e96f51d296e2b318f7a0be6edf2d0a8f1..9fbfc30660672897d28acc56d509be818e06b302 100755 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -1,8 +1,14 @@ /* * HMAC_DRBG implementation (NIST SP 800-90) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/md.c b/library/md.c index 303cdcbeebea37e91aa1d37d009f7eb37b3a785e..867b91462d1079c5fa9ef3713574b6d20668aa5d 100755 --- a/library/md.c +++ b/library/md.c @@ -5,8 +5,14 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/md2.c b/library/md2.c index 1c0b3df52d3cb95582f9337856586130a5ba52ac..cbdaaabdc75e0cf9ced6c01dadd403fa57fe356c 100755 --- a/library/md2.c +++ b/library/md2.c @@ -1,8 +1,14 @@ /* * RFC 1115/1319 compliant MD2 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The MD2 algorithm was designed by Ron Rivest in 1989. diff --git a/library/md4.c b/library/md4.c index 828fd42999a54091508371f0edf01ac626309053..cb16dce54a96c070600e13a0d5d6d8faf615915f 100755 --- a/library/md4.c +++ b/library/md4.c @@ -1,8 +1,14 @@ /* * RFC 1186/1320 compliant MD4 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The MD4 algorithm was designed by Ron Rivest in 1990. diff --git a/library/md5.c b/library/md5.c index a93da8a061bacef0ec1ec74f64aa5f423eed886f..fe25925214f89c50e5eb709f7553f3cfcad53b5f 100755 --- a/library/md5.c +++ b/library/md5.c @@ -1,8 +1,14 @@ /* * RFC 1321 compliant MD5 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The MD5 algorithm was designed by Ron Rivest in 1991. diff --git a/library/md_wrap.c b/library/md_wrap.c index 32f087197657e586ee113eca22307cd1ee84831b..7459db2faf9b59fbeeaf9f24452f7e62078ad27c 100755 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -5,8 +5,14 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 51ea7c41d77334bc6c0261cbca11294aa3dbef4b..915ec3ae9d447bd45dd4114c26601bacb3b5aee9 100755 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -1,8 +1,14 @@ /* * Buffer-based memory allocator * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/net_sockets.c b/library/net_sockets.c index 5d538bfd56224c8eaba83f05bac4832511ec3796..11304082635183af045a766b650faf4d11d15766 100755 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -1,8 +1,14 @@ /* * TCP/IP or UDP/IP networking functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must @@ -24,6 +49,10 @@ * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#if defined(__NetBSD__) +#define _XOPEN_SOURCE 600 /* sockaddr_storage */ +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -318,8 +347,9 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, struct sockaddr_storage client_addr; -#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) +#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ + ( defined(__NetBSD__) && defined(socklen_t) ) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else diff --git a/library/nist_kw.c b/library/nist_kw.c index 317a2426ae716ea3f63fa8af999d63a5fb5939e3..8341ff13032d3c2f252b7d6efede0e9c2c747e35 100755 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -2,8 +2,14 @@ * Implementation of NIST SP 800-38F key wrapping, supporting KW and KWP modes * only * - * Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * Definition of Key Wrapping: diff --git a/library/oid.c b/library/oid.c index 33f437cbe64b8342e7981287759741052b9e2803..2414083f0c69f48161d48b36d09f2ec1d037dcf3 100755 --- a/library/oid.c +++ b/library/oid.c @@ -3,8 +3,14 @@ * * \brief Object Identifier (OID) database * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -18,7 +24,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/padlock.c b/library/padlock.c index b85ff9cd2c9a2695bff406f77c12baf723c98af6..afb7e0ad42b5f1f28af282677a6a7fc3e2b46923 100755 --- a/library/padlock.c +++ b/library/padlock.c @@ -1,8 +1,14 @@ /* * VIA PadLock support functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * This implementation is based on the VIA PadLock Programming Guide: diff --git a/library/pem.c b/library/pem.c index 897c8a0d6f7e969bff8abbe4dccb93eac28a0dca..a7a2f7f5cf9567f9a8cecae6ffa36ed17a7f189d 100755 --- a/library/pem.c +++ b/library/pem.c @@ -1,8 +1,14 @@ /* * Privacy Enhanced Mail (PEM) decoding * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/pk.c b/library/pk.c index bac685dc1993e0e66f6875fdb23c7acd4f3ab9a3..81cfdbfe80585d5ec0bd4e258f97d64e49cb5115 100755 --- a/library/pk.c +++ b/library/pk.c @@ -1,8 +1,14 @@ /* * Public Key abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 87806be337c2c9b4616581046ac22c9a703b41a4..2c27552d9b2792f1ee6c8be7fe580b9a63df9d32 100755 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1,8 +1,14 @@ /* * Public Key abstraction layer: wrapper functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/pkcs11.c b/library/pkcs11.c index 0ea64252ee4f5a07386210387e69917c3ba349d4..cf484b86eb49c4acbd34f532f2c1111a014939be 100755 --- a/library/pkcs11.c +++ b/library/pkcs11.c @@ -5,8 +5,14 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #include "mbedtls/pkcs11.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 7edf064c1367ed0cbf897f99763d149b893a855d..3d23d5e354923cd01d69a479fcf572d80af540a6 100755 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -1,8 +1,14 @@ /* * PKCS#12 Personal Information Exchange Syntax * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 diff --git a/library/pkcs5.c b/library/pkcs5.c index 50133435ceb796dd21896584821271964c5c1dc4..8a80aa5d05c58e253e8b561c070a5a50ba1d315d 100755 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -5,8 +5,14 @@ * * \author Mathias Olsson * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -20,7 +26,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * PKCS#5 includes PBKDF2 and more diff --git a/library/pkparse.c b/library/pkparse.c index d5004577a1d6ee367b484bf1bb17538b44eb5675..086807d836379d27636e928fbb867a129da259b3 100755 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1,8 +1,14 @@ /* * Public Key layer for parsing key files and structures * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/pkwrite.c b/library/pkwrite.c index 03d14f2ff97333b6190fa5674b1e0cdb838d67a8..150626c1478f496c98e90d9a5c142b914efc6060 100755 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -1,8 +1,14 @@ /* * Public Key layer for writing key files and structures * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/platform.c b/library/platform.c index 73a6db9ebe2a4ff8d2b9c99196fe183424a6b45b..c4c3fd332d6371b570a79710a486a7df24f2a031 100755 --- a/library/platform.c +++ b/library/platform.c @@ -1,8 +1,14 @@ /* * Platform abstraction layer * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/platform_util.c b/library/platform_util.c index b1f745097ca8645bf7ce9a9038417d02738be852..3ba2aead12541ba2539cd8ed799d851089240a9a 100755 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -2,8 +2,14 @@ * Common and shared functions used by multiple modules in the Mbed TLS * library. * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/poly1305.c b/library/poly1305.c index 2b56c5f7efefac6fe678ec81cac0ea2cb9f4acce..5b023f04e4a185b3676964068a7d8e1b65a92f16 100755 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -3,8 +3,14 @@ * * \brief Poly1305 authentication algorithm. * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -18,7 +24,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/library/ripemd160.c b/library/ripemd160.c index 0791ae4cc93be3f83ceaaaa9f163fa3a33681565..0b6efcb5742eb931084bb4489a421f482b0bcd97 100755 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -1,8 +1,14 @@ /* * RIPE MD-160 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/rsa.c b/library/rsa.c index 09fd379fdb38795a8c3c3fa6d5ec9c96bec11f9c..42becbf17bf4d8f2559f711e070a066a65e0363f 100755 --- a/library/rsa.c +++ b/library/rsa.c @@ -1,8 +1,14 @@ /* * The RSA public-key cryptosystem * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* @@ -56,7 +81,7 @@ #include "mbedtls/md.h" #endif -#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) +#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__) #include #endif @@ -781,6 +806,9 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, count = 0; + mbedtls_mpi R; + + mbedtls_mpi_init( &R ); if( ctx->Vf.p != NULL ) { @@ -796,18 +824,41 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, /* Unblinding value: Vf = random number, invertible mod N */ do { if( count++ > 10 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED ); + { + ret = MBEDTLS_ERR_RSA_RNG_FAILED; + goto cleanup; + } MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) ); - } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ); - /* Blinding value: Vi = Vf^(-e) mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) ); + /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + + /* At this point, Vi is invertible mod N if and only if both Vf and R + * are invertible mod N. If one of them isn't, we don't need to know + * which one, we just loop and choose new values for both of them. + * (Each iteration succeeds with overwhelming probability.) */ + ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); + if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + continue; + if( ret != 0 ) + goto cleanup; + + /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + } while( 0 ); + + /* Blinding value: Vi = Vf^(-e) mod N + * (Vi already contains Vf^-1 at this point) */ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); cleanup: + mbedtls_mpi_free( &R ); + return( ret ); } @@ -2563,7 +2614,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) #if defined(MBEDTLS_PKCS1_V15) static int myrand( void *rng_state, unsigned char *output, size_t len ) { -#if !defined(__OpenBSD__) +#if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; if( rng_state != NULL ) @@ -2576,7 +2627,7 @@ static int myrand( void *rng_state, unsigned char *output, size_t len ) rng_state = NULL; arc4random_buf( output, len ); -#endif /* !OpenBSD */ +#endif /* !OpenBSD && !NetBSD */ return( 0 ); } diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 9a42d47ceba07bc056ee9ee977274fe0032cf2ac..4d94ca685aece59d6584d1eba332c232a7dea44f 100755 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -1,8 +1,14 @@ /* * Helper functions for the RSA module * - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** * */ diff --git a/library/sha1.c b/library/sha1.c index 355c83d2f78d1b81b88cb2b6c3820578a6532968..8682abd740b32483edd4c1303cf82ca9af0a0a63 100755 --- a/library/sha1.c +++ b/library/sha1.c @@ -1,8 +1,14 @@ /* * FIPS-180-1 compliant SHA-1 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The SHA-1 standard was published by NIST in 1993. diff --git a/library/sha256.c b/library/sha256.c index 2dc0e1a2c9cbe4aab63432ae7700f8ac6b90b9b7..5169584b684d3b09cd469a2b50d98fadbb2fa4c1 100755 --- a/library/sha256.c +++ b/library/sha256.c @@ -1,8 +1,14 @@ /* * FIPS-180-2 compliant SHA-256 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. diff --git a/library/sha512.c b/library/sha512.c index bdd20b284a89070187475cc4738440ad163cc32d..36d5d96146fbdb9eb5aec15bc49e49fe83e00f31 100755 --- a/library/sha512.c +++ b/library/sha512.c @@ -1,8 +1,14 @@ /* * FIPS-180-2 compliant SHA-384/512 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 47867f132d601281aab20d7149d4df7508d3661e..1d2558a1893a5c4f2f2c788b289012720b0de063 100755 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -1,8 +1,14 @@ /* * SSL session cache implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 518f7dde00f0e98a9fda2113627af65838786758..090040e9aba0d0df792ed386d7b40031cf7dc518 100755 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -3,8 +3,14 @@ * * \brief SSL ciphersuites for mbed TLS * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -18,7 +24,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c5c3af69df33b275f87b1da132dc4398407f6848..bd7f28134dbb83170c78b5abfe999b616ea29675 100755 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1,8 +1,14 @@ /* * SSLv3/TLSv1 client-side functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -52,29 +77,26 @@ #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t hostname_len; *olen = 0; if( ssl->hostname == NULL ) - return; + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", - ssl->hostname ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding server name extension: %s", + ssl->hostname ) ); hostname_len = strlen( ssl->hostname ); - if( end < p || (size_t)( end - p ) < hostname_len + 9 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); /* * Sect. 3, RFC 6066 (TLS Extensions Definitions) @@ -118,16 +140,18 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->hostname, hostname_len ); *olen = hostname_len + 9; + + return( 0 ); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) -static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; @@ -135,21 +159,20 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - return; + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding renegotiation extension" ) ); - if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len ); /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) + & 0xFF ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -158,6 +181,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); *olen = 5 + ssl->verify_data_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -166,14 +191,15 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) -static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t sig_alg_len = 0; const int *md; + #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) unsigned char *sig_alg_list = buf + 6; #endif @@ -181,9 +207,13 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return; + return( 0 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding signature_algorithms extension" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + if( ssl->conf->sig_hashes == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { @@ -193,13 +223,19 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_RSA_C) sig_alg_len += 2; #endif + if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "length in bytes of sig-hash-alg extension too big" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } - if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + /* Empty signature algorithms list, this is a configuration error. */ + if( sig_alg_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); /* * Prepare signature_algorithms extension (TLS 1.2) @@ -245,75 +281,75 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); *olen = 6 + sig_alg_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; -#if defined(MBEDTLS_ECP_C) const mbedtls_ecp_group_id *grp_id; -#else - ((void) ssl); -#endif *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_elliptic_curves extension" ) ); -#if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) -#endif + if( ssl->conf->curve_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif if( info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); - return; + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "invalid curve in ssl configuration" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } - elliptic_curve_len += 2; - } - if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; + if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "malformed supported_elliptic_curves extension in config" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } + /* Empty elliptic curve list, this is a configuration error. */ + if( elliptic_curve_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); + elliptic_curve_len = 0; -#if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) -#endif + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } - if( elliptic_curve_len == 0 ) - return; - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) + & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); @@ -322,27 +358,28 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); *olen = 6 + elliptic_curve_len; + + return( 0 ); } -static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + (void) ssl; /* ssl used for debugging only */ *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); - - if( end < p || (size_t)( end - p ) < 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_point_formats extension" ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) + & 0xFF ); *p++ = 0x00; *p++ = 2; @@ -351,33 +388,32 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; *olen = 6; + + return( 0 ); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { int ret; unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return; + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding ecjpake_kkpp extension" ) ); - if( end - p < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); @@ -393,19 +429,20 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); - return; + MBEDTLS_SSL_DEBUG_RET( 1 , + "mbedtls_ecjpake_write_round_one", ret ); + return( ret ); } ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); if( ssl->handshake->ecjpake_cache == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); - return; + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); @@ -416,12 +453,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); kkpp_len = ssl->handshake->ecjpake_cache_len; - - if( (size_t)( end - p - 2 ) < kkpp_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len ); memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } @@ -430,33 +462,33 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); *olen = kkpp_len + 4; + + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { - return; - } + if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding max_fragment_length extension" ) ); - if( end < p || (size_t)( end - p ) < 5 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) + & 0xFF ); *p++ = 0x00; *p++ = 1; @@ -464,30 +496,28 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *p++ = ssl->conf->mfl_code; *olen = 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { - return; - } + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding truncated_hmac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); @@ -496,32 +526,29 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding encrypt_then_mac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); @@ -530,65 +557,63 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding extended_master_secret extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) + & 0xFF ); *p++ = 0x00; *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t tlen = ssl->session_negotiate->ticket_len; *olen = 0; if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) - { - return; - } + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding session ticket extension" ) ); - if( end < p || (size_t)( end - p ) < 4 + tlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + /* The addition is safe here since the ticket length is 16 bit. */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); @@ -599,44 +624,40 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, *olen = 4; if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) - { - return; - } + return( 0 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "sending session ticket of length %d", tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); *olen += tlen; + + return( 0 ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t alpnlen = 0; const char **cur; *olen = 0; if( ssl->conf->alpn_list == NULL ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; + alpnlen += strlen( *cur ) + 1; - if( end < p || (size_t)( end - p ) < 6 + alpnlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); @@ -654,7 +675,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) { - *p = (unsigned char)( strlen( *cur ) & 0xFF ); + /* + * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of + * protocol names is less than 255. + */ + *p = (unsigned char)strlen( *cur ); memcpy( p + 1, *cur, *p ); p += 1 + *p; } @@ -668,6 +693,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + + return( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -724,9 +751,10 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \return 0 if valid, else 1 */ -static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl, - int min_minor_ver, int max_minor_ver ) +static int ssl_validate_ciphersuite( + const mbedtls_ssl_ciphersuite_t * suite_info, + const mbedtls_ssl_context * ssl, + int min_minor_ver, int max_minor_ver ) { (void) ssl; if( suite_info == NULL ) @@ -761,8 +789,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret; size_t i, n, olen, ext_len = 0; + unsigned char *buf; unsigned char *p, *q; + const unsigned char *end; + unsigned char offer_compress; const int *ciphersuites; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -789,23 +820,41 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->max_major_ver == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " - "consider using mbedtls_ssl_config_defaults()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + buf = ssl->out_msg; + end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN; + /* - * 0 . 0 handshake type - * 1 . 3 handshake length + * Check if there's enough space for the first part of the ClientHello + * consisting of the 38 bytes described below, the session identifier (at + * most 32 bytes) and its length (1 byte). + * + * Use static upper bounds instead of the actual values + * to allow the compiler to optimize this away. + */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 ); + + /* + * The 38 first bytes of the ClientHello: + * 0 . 0 handshake type (written later) + * 1 . 3 handshake length (written later) * 4 . 5 highest version supported * 6 . 9 current UNIX time * 10 . 37 random bytes + * + * The current UNIX time (4 bytes) and following 28 random bytes are written + * by ssl_generate_random() into ssl->handshake->randbytes buffer and then + * copied from there into the output buffer. */ - buf = ssl->out_msg; - p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + p = buf + 4; + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); p += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", @@ -825,7 +874,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * 38 . 38 session id length * 39 . 39+n session id * 39+n . 39+n DTLS only: cookie length (1 byte) - * 40+n . .. DTSL only: cookie + * 40+n . .. DTLS only: cookie * .. . .. ciphersuitelist length (2 bytes) * .. . .. ciphersuitelist * .. . .. compression methods length (1 byte) @@ -856,7 +905,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) { - ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); + ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->session_negotiate->id, 32 ); if( ret != 0 ) return( ret ); @@ -866,6 +916,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + /* + * The first check of the output buffer size above ( + * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );) + * has checked that there is enough space in the output buffer for the + * session identifier length byte and the session identifier (n <= 32). + */ *p++ = (unsigned char) n; for( i = 0; i < n; i++ ) @@ -874,12 +930,27 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + /* + * With 'n' being the length of the session identifier + * + * 39+n . 39+n DTLS only: cookie length (1 byte) + * 40+n . .. DTLS only: cookie + * .. . .. ciphersuitelist length (2 bytes) + * .. . .. ciphersuitelist + * .. . .. compression methods length (1 byte) + * .. . .. compression methods + * .. . .. extensions length (2 bytes) + * .. . .. extensions + */ + /* * DTLS cookie */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + if( ssl->handshake->verify_cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); @@ -892,6 +963,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->handshake->verify_cookie_len ); *p++ = ssl->handshake->verify_cookie_len; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, + ssl->handshake->verify_cookie_len ); memcpy( p, ssl->handshake->verify_cookie, ssl->handshake->verify_cookie_len ); p += ssl->handshake->verify_cookie_len; @@ -907,6 +981,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* Skip writing ciphersuite length for now */ n = 0; q = p; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); p += 2; for( i = 0; ciphersuites[i] != 0; i++ ) @@ -926,12 +1002,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); #endif + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + n++; *p++ = (unsigned char)( ciphersuites[i] >> 8 ); *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -941,6 +1020,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; @@ -951,6 +1031,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; @@ -981,8 +1063,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", - MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_COMPRESS_DEFLATE, + MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; *p++ = MBEDTLS_SSL_COMPRESS_NULL; @@ -993,27 +1077,45 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = 1; *p++ = MBEDTLS_SSL_COMPRESS_NULL; } - // First write extensions, then the total length - // + /* First write extensions, then the total length */ + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); + return( ret ); + } ext_len += olen; #endif /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) - ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1021,46 +1123,91 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( uses_ec ) { - ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret ); + return( ret ); + } ext_len += olen; - ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret ); + return( ret ); + } ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1068,10 +1215,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ((void) olen); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", - ext_len ) ); + ext_len ) ); if( ext_len > 0 ) { + /* No need to check for space here, because the extension + * writing functions already took care of that. */ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += ext_len; @@ -1124,8 +1273,10 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1134,9 +1285,12 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, { if( len != 1 || buf[0] != 0x00 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-zero length renegotiation info" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1159,9 +1313,12 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, len != 1 || buf[0] != ssl->conf->mfl_code ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching max fragment length extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1177,9 +1334,12 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching truncated HMAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1200,9 +1360,12 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching encrypt-then-MAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1223,9 +1386,12 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching extended master secret extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1245,9 +1411,12 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching session ticket extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1328,8 +1497,10 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, buf, len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -1348,8 +1519,10 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, if( ssl->conf->alpn_list == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1529,12 +1702,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->renego_max_records >= 0 && ssl->renego_records_seen > ssl->conf->renego_max_records ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " - "but not honored by server" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation requested, but not honored by server" ) ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-handshake message during renegotiation" ) ); ssl->keep_current_message = 1; return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); @@ -1542,8 +1716,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_RENEGOTIATION */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -1597,11 +1773,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->major_ver > ssl->conf->max_major_ver || ssl->minor_ver > ssl->conf->max_minor_ver ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " - " min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, ssl->conf->min_minor_ver, - ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", + ssl->conf->min_major_ver, + ssl->conf->min_minor_ver, + ssl->major_ver, ssl->minor_ver, + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); @@ -1638,8 +1816,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1678,26 +1858,32 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( comp != MBEDTLS_SSL_COMPRESS_NULL ) #endif/* MBEDTLS_ZLIB_SUPPORT */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server hello, bad compression: %d", comp ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } /* * Initialize update checksum functions */ - ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); + ssl->transform_negotiate->ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( i ); if( ssl->transform_negotiate->ciphersuite_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "ciphersuite info for %04x not found", i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); + mbedtls_ssl_optimize_checksum( ssl, + ssl->transform_negotiate->ciphersuite_info ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); @@ -1731,8 +1917,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( ret ); } } @@ -1741,7 +1929,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->handshake->resume ? "a" : "no" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", + buf[37 + n] ) ); /* * Perform cipher suite validation in same way as in ssl_write_client_hello. @@ -1752,8 +1941,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1764,16 +1955,21 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } - suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) + suite_info = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, + ssl->minor_ver ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && @@ -1790,15 +1986,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } ssl->session_negotiate->compression = comp; ext = buf + 40 + n; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "server hello, total extension length: %d", ext_len ) ); while( ext_len ) { @@ -1810,8 +2009,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ext_size + 4 > ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1831,7 +2031,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found max_fragment_length extension" ) ); if( ( ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -1870,7 +2071,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found extended_master_secret extension" ) ); if( ( ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -1897,7 +2099,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found supported_point_formats extension" ) ); if( ( ret = ssl_parse_supported_point_formats_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -1933,8 +2136,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown extension found: %d (ignoring)", ext_id ) ); } ext_len -= 4 + ext_size; @@ -1951,9 +2154,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * Renegotiation security checks */ if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "legacy renegotiation, breaking off handshake" ) ); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -1961,12 +2166,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && renegotiation_info_seen == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension missing (secure)" ) ); handshake_failure = 1; } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); handshake_failure = 1; @@ -1975,15 +2182,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && renegotiation_info_seen == 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension present (legacy)" ) ); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ if( handshake_failure == 1 ) { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1994,7 +2204,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, +static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, + unsigned char **p, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -2008,7 +2219,8 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char * * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, + p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); return( ret ); @@ -2104,7 +2316,8 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, if( ssl_check_server_ecdh_params( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (ECDHE curve)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2130,8 +2343,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, */ if( end - (*p) < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } len = (*p)[0] << 8 | (*p)[1]; @@ -2139,8 +2352,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, if( end - (*p) < (int) len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2182,8 +2395,9 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) { @@ -2260,20 +2474,22 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, /* * Get hash algorithm */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) + if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) + == MBEDTLS_MD_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " - "HashAlgorithm %d", *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } /* * Get signature algorithm */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) + if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) + == MBEDTLS_PK_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " - "SignatureAlgorithm %d", (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2282,13 +2498,15 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", - *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", + (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", + (*p)[0] ) ); *p += 2; return( 0 ); @@ -2366,8 +2584,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -2397,8 +2617,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2417,10 +2639,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " - "not be skipped" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server key exchange message must not be skipped" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2444,8 +2668,10 @@ start_processing: if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } /* FALLTROUGH */ @@ -2467,8 +2693,10 @@ start_processing: if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2485,8 +2713,10 @@ start_processing: if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2502,8 +2732,10 @@ start_processing: if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2534,17 +2766,24 @@ start_processing: if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg, &pk_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + if( pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2574,8 +2813,10 @@ start_processing: if( p > end - 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } sig_len = ( p[0] << 8 ) | p[1]; @@ -2584,8 +2825,10 @@ start_processing: if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2630,19 +2873,24 @@ start_processing: if( ssl->session_negotiate->peer_cert == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } /* * Verify signature */ - if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) + if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, + pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } @@ -2658,8 +2906,10 @@ start_processing: #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) #endif - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -2724,8 +2974,10 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2801,8 +3053,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = + ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -2820,11 +3073,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * buf[...hdr_len + 3 + n + sig_alg_len], * which is one less than we need the buf to be. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + + 3 + n + sig_alg_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } @@ -2832,8 +3088,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; for( i = 0; i < sig_alg_len; i += 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" - ",%d", sig_alg[i], sig_alg[i + 1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Supported Signature Algorithm found: %d,%d", + sig_alg[i], sig_alg[i + 1] ) ); } #endif @@ -2922,9 +3179,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) i = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[i], n, - ssl->conf->f_rng, ssl->conf->p_rng ); + (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + &ssl->out_msg[i], n, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -2935,10 +3192,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -3001,10 +3258,10 @@ ecdh_calc_secret: n = ssl->handshake->ecrs_n; #endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) @@ -3039,15 +3296,17 @@ ecdh_calc_secret: if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " - "SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } ssl->out_msg[i++] = (unsigned char)( n >> 8 ); ssl->out_msg[i++] = (unsigned char)( n ); - memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); + memcpy( ssl->out_msg + i, + ssl->conf->psk_identity, + ssl->conf->psk_identity_len ); i += ssl->conf->psk_identity_len; #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) @@ -3075,8 +3334,8 @@ ecdh_calc_secret: if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" - " or SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity or DHM size too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -3123,7 +3382,8 @@ ecdh_calc_secret: if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } } @@ -3332,8 +3592,9 @@ sign: * Until we encounter a server that does not, we will take this * shortcut. * - * Reason: Otherwise we should have running hashes for SHA512 and SHA224 - * in order to satisfy 'weird' needs from the server side. + * Reason: Otherwise we should have running hashes for SHA512 and + * SHA224 in order to satisfy 'weird' needs from the server + * side. */ if( ssl->transform_negotiate->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) @@ -3423,8 +3684,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 56e9bdd2bf44c0fbca42642dee665904cc49c88e..04565e0b798b6b9c24e88eeb07af7b9d7998d819 100755 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -1,8 +1,14 @@ /* * DTLS cookie callbacks implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * These session callbacks use a simple chained list @@ -133,8 +158,7 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, { unsigned char hmac_out[COOKIE_MD_OUTLEN]; - if( (size_t)( end - *p ) < COOKIE_HMAC_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN ); if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || @@ -164,8 +188,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, if( ctx == NULL || cli_id == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( (size_t)( end - *p ) < COOKIE_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN ); #if defined(MBEDTLS_HAVE_TIME) t = (unsigned long) mbedtls_time( NULL ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5825970c43c8cc9d33cafca91601a934c8ae05ed..97b778452c81be0c6aa95b6b0a73cd8dcbb5549f 100755 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1,8 +1,14 @@ /* * SSLv3/TLSv1 server-side functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8492c19a8cba7eab1dbf9dabc02f152c5852fd71..bbde8e4ceb919f99dee6e99a7dff1da4ff498714 100755 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -1,8 +1,14 @@ /* * TLS server tickets callbacks implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -35,6 +60,7 @@ #define mbedtls_free free #endif +#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_ticket.h" #include "mbedtls/platform_util.h" @@ -54,6 +80,19 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) #define MAX_KEY_BYTES 32 /* 256 bits */ +#define TICKET_KEY_NAME_BYTES 4 +#define TICKET_IV_BYTES 12 +#define TICKET_CRYPT_LEN_BYTES 2 +#define TICKET_AUTH_TAG_BYTES 16 + +#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES + \ + TICKET_AUTH_TAG_BYTES ) +#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES ) + /* * Generate/update a key */ @@ -278,6 +317,7 @@ static int ssl_load_session( mbedtls_ssl_session *session, * The key_name, iv, and length of encrypted_state are the additional * authenticated data. */ + int mbedtls_ssl_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, @@ -289,9 +329,9 @@ int mbedtls_ssl_ticket_write( void *p_ticket, mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = start; - unsigned char *iv = start + 4; - unsigned char *state_len_bytes = iv + 12; - unsigned char *state = state_len_bytes + 2; + unsigned char *iv = start + TICKET_KEY_NAME_BYTES; + unsigned char *state_len_bytes = iv + TICKET_IV_BYTES; + unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES; unsigned char *tag; size_t clear_len, ciph_len; @@ -302,8 +342,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - if( end - start < 4 + 12 + 2 + 16 ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -317,9 +356,9 @@ int mbedtls_ssl_ticket_write( void *p_ticket, *ticket_lifetime = ctx->ticket_lifetime; - memcpy( key_name, key->name, 4 ); + memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES ); - if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 ) + if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 ) goto cleanup; /* Dump session state */ @@ -335,8 +374,11 @@ int mbedtls_ssl_ticket_write( void *p_ticket, /* Encrypt and authenticate */ tag = state + clear_len; if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx, - iv, 12, key_name, 4 + 12 + 2, - state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 ) + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + state, clear_len, state, &ciph_len, + tag, TICKET_AUTH_TAG_BYTES ) ) != 0 ) { goto cleanup; } @@ -346,7 +388,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, goto cleanup; } - *tlen = 4 + 12 + 2 + 16 + ciph_len; + *tlen = TICKET_MIN_LEN + ciph_len; cleanup: #if defined(MBEDTLS_THREADING_C) @@ -385,17 +427,16 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = buf; - unsigned char *iv = buf + 4; - unsigned char *enc_len_p = iv + 12; - unsigned char *ticket = enc_len_p + 2; + unsigned char *iv = buf + TICKET_KEY_NAME_BYTES; + unsigned char *enc_len_p = iv + TICKET_IV_BYTES; + unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; unsigned char *tag; size_t enc_len, clear_len; if( ctx == NULL || ctx->f_rng == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - /* See mbedtls_ssl_ticket_write() */ - if( len < 4 + 12 + 2 + 16 ) + if( len < TICKET_MIN_LEN ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); #if defined(MBEDTLS_THREADING_C) @@ -409,7 +450,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; tag = ticket + enc_len; - if( len != 4 + 12 + 2 + enc_len + 16 ) + if( len != TICKET_MIN_LEN + enc_len ) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; goto cleanup; @@ -425,9 +466,13 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, } /* Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12, - key_name, 4 + 12 + 2, ticket, enc_len, - ticket, &clear_len, tag, 16 ) ) != 0 ) + if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + ticket, enc_len, + ticket, &clear_len, + tag, TICKET_AUTH_TAG_BYTES ) ) != 0 ) { if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) ret = MBEDTLS_ERR_SSL_INVALID_MAC; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cbec74fe8c1ca0462853c34342ee7c9e9c6b8bd2..2471600c9a18c5590669e429798b7196ce0b743d 100755 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1,8 +1,14 @@ /* * SSLv3/TLSv1 shared functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The SSL 3.0 specification was drafted by Netscape in 1996, @@ -1406,32 +1431,10 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ - ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) ) + defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #define SSL_SOME_MODES_USE_MAC #endif -/* The function below is only used in the Lucky 13 counter-measure in - * ssl_decrypt_buf(). These are the defines that guard the call site. */ -#if defined(SSL_SOME_MODES_USE_MAC) && \ - ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) ) -/* This function makes sure every byte in the memory region is accessed - * (in ascending addresses order) */ -static void ssl_read_memory( unsigned char *p, size_t len ) -{ - unsigned char acc = 0; - volatile unsigned char force; - - for( ; len != 0; p++, len-- ) - acc ^= *p; - - force = acc; - (void) force; -} -#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */ - /* * Encryption/decryption functions */ @@ -1642,8 +1645,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if( mode == MBEDTLS_MODE_CBC ) { int ret; @@ -1762,8 +1764,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ } else -#endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1781,6 +1782,156 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) return( 0 ); } +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/* + * Constant-flow conditional memcpy: + * - if c1 == c2, equivalent to memcpy(dst, src, len), + * - otherwise, a no-op, + * but with execution flow independent of the values of c1 and c2. + * + * Use only bit operations to avoid branches that could be used by some + * compilers on some platforms to translate comparison operators. + */ +static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, + const unsigned char *src, + size_t len, + size_t c1, size_t c2 ) +{ + /* diff = 0 if c1 == c2, non-zero otherwise */ + const size_t diff = c1 ^ c2; + + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + /* diff_msb's most significant bit is equal to c1 != c2 */ + const size_t diff_msb = ( diff | -diff ); + + /* diff1 = c1 != c2 */ + const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + + /* mask = c1 != c2 ? 0xff : 0x00 */ + const unsigned char mask = (unsigned char) -diff1; + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + /* dst[i] = c1 != c2 ? dst[i] : src[i] */ + size_t i; + for( i = 0; i < len; i++ ) + dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask ); +} + +/* + * Compute HMAC of variable-length data with constant flow. + * + * Only works with MD-5, SHA-1, SHA-256 and SHA-384. + * (Otherwise, computation of block_size needs to be adapted.) + */ +int mbedtls_ssl_cf_hmac( + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output ) +{ + /* + * This function breaks the HMAC abstraction and uses the md_clone() + * extension to the MD API in order to get constant-flow behaviour. + * + * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means + * concatenation, and okey/ikey are the XOR of the key with some fixed bit + * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. + * + * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to + * minlen, then cloning the context, and for each byte up to maxlen + * finishing up the hash computation, keeping only the correct result. + * + * Then we only need to compute HASH(okey + inner_hash) and we're done. + */ + const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info ); + /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5, + * all of which have the same block size except SHA-384. */ + const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; + const unsigned char * const ikey = ctx->hmac_ctx; + const unsigned char * const okey = ikey + block_size; + const size_t hash_size = mbedtls_md_get_size( ctx->md_info ); + + unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; + mbedtls_md_context_t aux; + size_t offset; + int ret; + + mbedtls_md_init( &aux ); + +#define MD_CHK( func_call ) \ + do { \ + ret = (func_call); \ + if( ret != 0 ) \ + goto cleanup; \ + } while( 0 ) + + MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); + + /* After hmac_start() of hmac_reset(), ikey has already been hashed, + * so we can start directly with the message */ + MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); + MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); + + /* For each possible length, compute the hash up to that point */ + for( offset = min_data_len; offset <= max_data_len; offset++ ) + { + MD_CHK( mbedtls_md_clone( &aux, ctx ) ); + MD_CHK( mbedtls_md_finish( &aux, aux_out ) ); + /* Keep only the correct inner_hash in the output buffer */ + mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size, + offset, data_len_secret ); + + if( offset < max_data_len ) + MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); + } + + /* Now compute HASH(okey + inner_hash) */ + MD_CHK( mbedtls_md_starts( ctx ) ); + MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); + MD_CHK( mbedtls_md_update( ctx, output, hash_size ) ); + MD_CHK( mbedtls_md_finish( ctx, output ) ); + + /* Done, get ready for next time */ + MD_CHK( mbedtls_md_hmac_reset( ctx ) ); + +#undef MD_CHK + +cleanup: + mbedtls_md_free( &aux ); + return( ret ); +} + +/* + * Constant-flow memcpy from variable position in buffer. + * - functionally equivalent to memcpy(dst, src + offset_secret, len) + * - but with execution flow independent from the value of offset_secret. + */ +void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len ) +{ + size_t offset; + + for( offset = offset_min; offset <= offset_max; offset++ ) + { + mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len, + offset, offset_secret ); + } +} +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { mbedtls_cipher_mode_t mode; @@ -1935,8 +2086,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if( mode == MBEDTLS_MODE_CBC ) { /* @@ -2149,8 +2299,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ssl->in_msglen -= padlen; } else -#endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -2169,6 +2318,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) if( auth_done == 0 ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; + unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD]; ssl->in_msglen -= ssl->transform_in->maclen; @@ -2183,6 +2333,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ssl->in_msg, ssl->in_msglen, ssl->in_ctr, ssl->in_msgtype, mac_expect ); + memcpy( mac_peer, ssl->in_msg + ssl->in_msglen, + ssl->transform_in->maclen ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -2190,34 +2342,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) { - /* - * Process MAC and always update for padlen afterwards to make - * total time independent of padlen. - * - * Known timing attacks: - * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) - * - * To compensate for different timings for the MAC calculation - * depending on how much padding was removed (which is determined - * by padlen), process extra_run more blocks through the hash - * function. - * - * The formula in the paper is - * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 ) - * where L1 is the size of the header plus the decrypted message - * plus CBC padding and L2 is the size of the header plus the - * decrypted message. This is for an underlying hash function - * with 64-byte blocks. - * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values - * correctly. We round down instead of up, so -56 is the correct - * value for our calculations instead of -55. - * - * Repeat the formula rather than defining a block_size variable. - * This avoids requiring division by a variable at runtime - * (which would be marginally less efficient and would require - * linking an extra division function in some builds). - */ - size_t j, extra_run = 0; + int ret; + unsigned char add_data[13]; /* * The next two sizes are the minimum and maximum values of @@ -2232,56 +2358,25 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) const size_t max_len = ssl->in_msglen + padlen; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - switch( ssl->transform_in->ciphersuite_info->mac ) + memcpy( add_data + 0, ssl->in_ctr, 8 ); + memcpy( add_data + 8, ssl->in_hdr, 3 ); + memcpy( add_data + 11, ssl->in_len, 2 ); + + ret = mbedtls_ssl_cf_hmac( &ssl->transform_in->md_ctx_dec, + add_data, sizeof( add_data ), + ssl->in_msg, ssl->in_msglen, + min_len, max_len, + mac_expect ); + if( ret != 0 ) { -#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ - defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_MD5: - case MBEDTLS_MD_SHA1: - case MBEDTLS_MD_SHA256: - /* 8 bytes of message size, 64-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - - ( 13 + ssl->in_msglen + 8 ) / 64; - break; -#endif -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA384: - /* 16 bytes of message size, 128-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 - - ( 13 + ssl->in_msglen + 16 ) / 128; - break; -#endif - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret ); + return( ret ); } - extra_run &= correct * 0xFF; - - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, - ssl->in_msglen ); - /* Make sure we access everything even when padlen > 0. This - * makes the synchronisation requirements for just-in-time - * Prime+Probe attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); - - /* Call mbedtls_md_process at least once due to cache attacks - * that observe whether md_process() was called of not */ - for( j = 0; j < extra_run + 1; j++ ) - mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); - - mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); - - /* Make sure we access all the memory that could contain the MAC, - * before we check it in the next code block. This makes the - * synchronisation requirements for just-in-time Prime+Probe - * attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + min_len, - max_len - min_len + ssl->transform_in->maclen ); + mbedtls_ssl_cf_memcpy_offset( mac_peer, ssl->in_msg, + ssl->in_msglen, + min_len, max_len, + ssl->transform_in->maclen ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ @@ -2293,11 +2388,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, - ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, ssl->transform_in->maclen ); #endif - if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, + if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect, ssl->transform_in->maclen ) != 0 ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -2725,7 +2819,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %lu were requested", @@ -2779,7 +2873,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %lu bytes were sent", @@ -7589,7 +7683,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot cur_len = strlen( *p ); tot_len += cur_len; - if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) + if( ( cur_len == 0 ) || + ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) || + ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -8557,6 +8653,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) memcpy( buf, ssl->in_offt, n ); ssl->in_msglen -= n; + /* Zeroising the plaintext buffer to erase unused application data + from the memory. */ + mbedtls_platform_zeroize( ssl->in_offt, n ); + if( ssl->in_msglen == 0 ) { /* all bytes consumed */ diff --git a/library/threading.c b/library/threading.c index 7c90c7c5951d809df1a2fd7dd873806e9f621d90..61c4b94041f265adb007a3d24a3043fa4e75049a 100755 --- a/library/threading.c +++ b/library/threading.c @@ -1,8 +1,14 @@ /* * Threading abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* diff --git a/library/timing.c b/library/timing.c index 009516a6e3c3377ed76df9949526e5be5a8d709d..50a22165a6c48a4d5e8db45af72758b71f956c4f 100755 --- a/library/timing.c +++ b/library/timing.c @@ -1,8 +1,14 @@ /* * Portable interface to the CPU cycle counter * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/version.c b/library/version.c index fd967508850b5fa739caf935d6eb84648367ea56..5733288f62de5e5022d2ca83c2a78912f303b8c6 100755 --- a/library/version.c +++ b/library/version.c @@ -1,8 +1,14 @@ /* * Version information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/version_features.c b/library/version_features.c index 3b67b2be8593846fa74821943f6712a7a6c467c4..cbf38dc2c29ac3198286c34664e700c74efb0959 100755 --- a/library/version_features.c +++ b/library/version_features.c @@ -1,8 +1,14 @@ /* * Version feature information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -252,6 +277,12 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) + "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) "MBEDTLS_TEST_NULL_ENTROPY", #endif /* MBEDTLS_TEST_NULL_ENTROPY */ @@ -351,6 +382,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + "MBEDTLS_ECP_NO_INTERNAL_RNG", +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ #if defined(MBEDTLS_ECP_RESTARTABLE) "MBEDTLS_ECP_RESTARTABLE", #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/x509.c b/library/x509.c index 4d25303206e36bde2e03003eb0822a611997f7dd..0c820eca90fa1fe4c67b1256ee933a04b7f2c61d 100755 --- a/library/x509.c +++ b/library/x509.c @@ -1,8 +1,14 @@ /* * X.509 common functions for parsing and verification * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_create.c b/library/x509_create.c index 546e8fa1a99e24f9fe71f23a5bcc812e771ac975..0dbd679a9396772d9e9dc087c77b8eaa2a8cb88c 100755 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -1,8 +1,14 @@ /* * X.509 base functions for creating certificates / CSRs * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/x509_crl.c b/library/x509_crl.c index 00f8545d7cd2f22d429989e1cdec1f50d5a28545..dba71fad580dc29013b95c64d93d71b1f69514ec 100755 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -1,8 +1,14 @@ /* * X.509 Certidicate Revocation List (CRL) parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The ITU-T X.509 standard defines a certificate format for PKI. @@ -258,13 +283,13 @@ static int x509_get_entries( unsigned char **p, size_t len2; const unsigned char *end2; + cur_entry->raw.tag = **p; if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) { return( ret ); } - cur_entry->raw.tag = **p; cur_entry->raw.p = *p; cur_entry->raw.len = len2; end2 = *p + len2; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9c2e36547e397806fdde28384b8ddcaf8c1f7bc0..fadd28eff2c81dc182b88b19b84b0d06e505149b 100755 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1,8 +1,14 @@ /* * X.509 certificate parsing and verification * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The ITU-T X.509 standard defines a certificate format for PKI. @@ -514,6 +539,12 @@ static int x509_get_basic_constraints( unsigned char **p, return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer + * overflow, which is an undefined behavior. */ + if( *max_pathlen == INT_MAX ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + (*max_pathlen)++; return( 0 ); @@ -1785,8 +1816,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 if( crt->serial.len == cur->serial.len && memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) { - if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) - return( 1 ); + return( 1 ); } cur = cur->next; diff --git a/library/x509_csr.c b/library/x509_csr.c index c8c08c87b23041acdf7989608e4e6922521380b1..663047d516c09c2ee6234ea856b356f3cfe9cad8 100755 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -1,8 +1,14 @@ /* * X.509 Certificate Signing Request (CSR) parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 61d7ba44a034e4e5a0ee09f1a4f768fa227ac5c6..5462e83fe096a8e98a7c66a7861c014a619c9c15 100755 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -1,8 +1,14 @@ /* * X.509 certificate writing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * References: @@ -74,39 +99,44 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) +void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, + int version ) { ctx->version = version; } -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ) +void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, + mbedtls_md_type_t md_alg ) { ctx->md_alg = md_alg; } -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ) +void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key ) { ctx->subject_key = key; } -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ) +void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key ) { ctx->issuer_key = key; } int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ) + const char *subject_name ) { return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); } int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ) + const char *issuer_name ) { return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name ); } -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ) +int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, + const mbedtls_mpi *serial ) { int ret; @@ -116,8 +146,9 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls return( 0 ); } -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after ) +int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, + const char *not_before, + const char *not_after ) { if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ) @@ -137,12 +168,12 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, int critical, const unsigned char *val, size_t val_len ) { - return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, - critical, val, val_len ); + return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, + critical, val, val_len ) ); } int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ) + int is_ca, int max_pathlen ) { int ret; unsigned char buf[9]; @@ -158,18 +189,21 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, { if( max_pathlen >= 0 ) { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, + max_pathlen ) ); } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) ); } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); - return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), - 0, buf + sizeof(buf) - len, len ); + return( + mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, + MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), + 0, buf + sizeof(buf) - len, len ) ); } #if defined(MBEDTLS_SHA1_C) @@ -181,7 +215,8 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct size_t len = 0; memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); @@ -191,11 +226,13 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) ); - return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + return mbedtls_x509write_crt_set_extension( ctx, + MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), + 0, buf + sizeof(buf) - len, len ); } int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) @@ -206,7 +243,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * size_t len = 0; memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); @@ -216,15 +254,19 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - - return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof( buf ) - len, len ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + + return mbedtls_x509write_crt_set_extension( + ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), + 0, buf + sizeof( buf ) - len, len ); } #endif /* MBEDTLS_SHA1_C */ @@ -271,8 +313,8 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, return( MBEDTLS_ERR_X509_INVALID_FORMAT ); ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), - 1, c, (size_t)ret ); + MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), + 1, c, (size_t)ret ); if( ret != 0 ) return( ret ); @@ -298,8 +340,8 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, return( ret ); ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), - 0, c, (size_t)ret ); + MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), + 0, c, (size_t)ret ); if( ret != 0 ) return( ret ); @@ -321,7 +363,8 @@ static int x509_write_time( unsigned char **p, unsigned char *start, (const unsigned char *) t + 2, size - 2 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, + MBEDTLS_ASN1_UTC_TIME ) ); } else { @@ -329,15 +372,17 @@ static int x509_write_time( unsigned char **p, unsigned char *start, (const unsigned char *) t, size ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, + MBEDTLS_ASN1_GENERALIZED_TIME ) ); } return( (int) len ); } -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret; const char *sig_oid; @@ -345,15 +390,14 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[SIGNATURE_MAX_SIZE]; - unsigned char tmp_buf[2048]; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; /* - * Prepare data to be signed in tmp_buf + * Prepare data to be signed at the end of the target buffer */ - c = tmp_buf + sizeof( tmp_buf ); + c = buf + size; /* Signature algorithm needed in TBS, and later for actual signature */ @@ -379,27 +423,36 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* Only for v3 */ if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_x509_write_extensions( &c, + buf, ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); } /* * SubjectPublicKeyInfo */ - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key, - tmp_buf, c - tmp_buf ) ); + MBEDTLS_ASN1_CHK_ADD( pub_len, + mbedtls_pk_write_pubkey_der( ctx->subject_key, + buf, c - buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_x509_write_names( &c, buf, + ctx->subject ) ); /* * Validity ::= SEQUENCE { @@ -408,32 +461,39 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, */ sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD( sub_len, + x509_write_time( &c, buf, ctx->not_after, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); - MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD( sub_len, + x509_write_time( &c, buf, ctx->not_before, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); /* * Issuer ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, + ctx->issuer ) ); /* * Signature ::= AlgorithmIdentifier */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf, - sig_oid, strlen( sig_oid ), 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_algorithm_identifier( &c, buf, + sig_oid, strlen( sig_oid ), 0 ) ); /* * Serial ::= INTEGER */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, + &ctx->serial ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } @@ -443,48 +503,67 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) { sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); + MBEDTLS_ASN1_CHK_ADD( sub_len, + mbedtls_asn1_write_int( &c, buf, ctx->version ) ); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_len( &c, buf, sub_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); /* * Make signature */ + + /* Compute hash of CRT. */ if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ) ) != 0 ) { return( ret ); } - if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 ) + if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, + hash, 0, sig, &sig_len, + f_rng, p_rng ) ) != 0 ) { return( ret ); } - /* - * Write data to output buffer - */ + /* Move CRT to the front of the buffer to have space + * for the signature. */ + memmove( buf, c, len ); + c = buf + len; + + /* Add signature at the end of the buffer, + * making sure that it doesn't underflow + * into the CRT buffer. */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, + MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c, sig_oid, sig_oid_len, sig, sig_len ) ); - if( len > (size_t)( c2 - buf ) ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + /* + * Memory layout after this step: + * + * buf c=buf+len c2 buf+size + * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm] + */ - c2 -= len; - memcpy( c2, c, len ); + /* Move raw CRT to just before the signature. */ + c = c2 - len; + memmove( c, buf, len ); len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); return( (int) len ); @@ -494,23 +573,23 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, #define PEM_END_CRT "-----END CERTIFICATE-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret; - unsigned char output_buf[4096]; - size_t olen = 0; + size_t olen; - if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf), + if( ( ret = mbedtls_x509write_crt_der( crt, buf, size, f_rng, p_rng ) ) < 0 ) { return( ret ); } if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT, - output_buf + sizeof(output_buf) - ret, - ret, buf, size, &olen ) ) != 0 ) + buf + size - ret, ret, + buf, size, &olen ) ) != 0 ) { return( ret ); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 7406a975423ac60b5b97d120ce173b19fdcee4d4..60cf12379f1f771a823bebe6387a5711939f0f64 100755 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -1,8 +1,14 @@ /* * X.509 Certificate Signing Request writing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* * References: @@ -54,6 +79,14 @@ #define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); @@ -160,71 +193,85 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, return( 0 ); } -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, + unsigned char *buf, + size_t size, + unsigned char *sig, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[SIGNATURE_MAX_SIZE]; - unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; - /* - * Prepare data to be signed in tmp_buf - */ - c = tmp_buf + sizeof( tmp_buf ); + /* Write the CSR backwards starting from the end of buf */ + c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf, + ctx->extensions ) ); if( len ) { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET ) ); - - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); - - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); + + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_oid( + &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, + MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, - tmp_buf, c - tmp_buf ) ); + buf, c - buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, + ctx->subject ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* - * Prepare signature + * Sign the written CSR data into the sig buffer + * Note: hash errors can happen only after an internal error */ ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); if( ret != 0 ) @@ -244,32 +291,68 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } /* - * Write data to output buffer + * Move the written CSR data to the start of buf to create space for + * writing the signature into buf. */ - c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, - sig_oid, sig_oid_len, sig, sig_len ) ); + memmove( buf, c, len ); - if( len > (size_t)( c2 - buf ) ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + /* + * Write sig and its OID into buf backwards from the end of buf. + * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len + * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. + */ + c2 = buf + size; + MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, + mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len, + sig, sig_len ) ); + /* + * Compact the space between the CSR data and signature by moving the + * CSR data to the start of the signature. + */ c2 -= len; - memcpy( c2, c, len ); + memmove( c2, buf, len ); + /* ASN encode the total size and tag the CSR data with it. */ len += sig_and_oid_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c2, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + + /* Zero the unused bytes at the start of buf */ + memset( buf, 0, c2 - buf); return( (int) len ); } +int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, + size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + unsigned char *sig; + + if( ( sig = mbedtls_calloc( 1, SIGNATURE_MAX_SIZE ) ) == NULL ) + { + return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + } + + ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng ); + + mbedtls_free( sig ); + + return( ret ); +} + #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" diff --git a/library/xtea.c b/library/xtea.c index a33707bc175af5497a883a00ef57d4f4d3cf8706..4e62817579b18a875eb460780f3aebcfa7975f32 100755 --- a/library/xtea.c +++ b/library/xtea.c @@ -1,8 +1,14 @@ /* * An 32-bit implementation of the XTEA algorithm * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/port/BUILD.gn b/port/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..e1c4ca67b26701c1603a676901905e15386c5d16 --- /dev/null +++ b/port/BUILD.gn @@ -0,0 +1,42 @@ +# +# Copyright (c) 2020 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import("//build/lite/config/component/lite_component.gni") + +if (ohos_build_type == "debug") { + config("tls_client") { + include_dirs = [ + "./include", + "//third_party/mbedtls/include", + "//utils/native/lite/include", + "//third_party/bounds_checking_function/include", + ] + } + + tls_client_src = [ + "src/tls_certificate.c", + "src/tls_client.c", + ] + + static_library("tls_client_static") { + sources = tls_client_src + deps = [ + "//base/hiviewdfx/hilog_lite/frameworks/featured:hilog_shared", + "//third_party/bounds_checking_function:libsec_shared", + "//third_party/mbedtls:mbedtls_gt", + ] + public_configs = [ ":tls_client" ] + } +} diff --git a/port/include/mbedtls_log.h b/port/include/mbedtls_log.h new file mode 100755 index 0000000000000000000000000000000000000000..0e56d46f1417f103dbbcc51d45270ab9b8fd77ca --- /dev/null +++ b/port/include/mbedtls_log.h @@ -0,0 +1,47 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_MBEDTLS_LOG_H +#define OHOS_MBEDTLS_LOG_H + +#include + +#include "hilog/log.h" + +#undef LOG_DOMAIN +#undef LOG_TAG +#define LOG_DOMAIN 0xD002B00 +#define LOG_TAG "Mbedtls" + +#define __FILENAME__ (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 : __FILE__) + +#ifndef OHOS_DEBUG +#define DECORATOR_HILOG(op, fmt, args...) \ + do { \ + op(LOG_CORE, fmt, ##args); \ + } while (0) +#else +#define DECORATOR_HILOG(op, fmt, args...) \ + do { \ + op(LOG_CORE, "{%s()-%s:%d} " fmt, __FUNCTION__, __FILENAME__, __LINE__, ##args); \ + } while (0) +#endif + +#define LOGD(fmt, ...) DECORATOR_HILOG(HILOG_DEBUG, fmt, ##__VA_ARGS__) +#define LOGI(fmt, ...) DECORATOR_HILOG(HILOG_INFO, fmt, ##__VA_ARGS__) +#define LOGW(fmt, ...) DECORATOR_HILOG(HILOG_WARN, fmt, ##__VA_ARGS__) +#define LOGE(fmt, ...) DECORATOR_HILOG(HILOG_ERROR, fmt, ##__VA_ARGS__) + +#endif // OHOS_MBEDTLS_LOG_H diff --git a/port/include/tls_certificate.h b/port/include/tls_certificate.h new file mode 100755 index 0000000000000000000000000000000000000000..946b90f20c672b5faf553bea7bb902a6ff7efee6 --- /dev/null +++ b/port/include/tls_certificate.h @@ -0,0 +1,24 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CERTIFICATE_H +#define MBEDTLS_CERTIFICATE_H +#include + +extern const char G_MBEDTLS_ROOT_CERTIFICATE[]; + +extern const size_t G_MBEDTLS_ROOT_CERTIFICATE_LEN; + +#endif diff --git a/port/include/tls_client.h b/port/include/tls_client.h new file mode 100755 index 0000000000000000000000000000000000000000..43e281277c8cafbf6ba7ae9cc281f4158bcf1b02 --- /dev/null +++ b/port/include/tls_client.h @@ -0,0 +1,51 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CLIENT_H +#define MBEDTLS_CLIENT_H + +#include "mbedtls/platform.h" +#include "mbedtls/net.h" +#include "mbedtls/ssl.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/certs.h" + +#define RET_ERROR -1; +#define RET_EOK 0 + +typedef struct MbedTLSSession { + char *host; + char *port; + + unsigned char *buffer; + size_t buffer_len; + + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_net_context server_fd; + mbedtls_x509_crt cacert; +} MbedTLSSession; + +int MbedtlsClientInit(MbedTLSSession *session, void *entropy, size_t entropyLen); +int MbedtlsClientClose(MbedTLSSession *session); +int MbedtlsClientContext(MbedTLSSession *session); +int MbedtlsClientConnect(MbedTLSSession *session); +int MbedtlsClientRead(MbedTLSSession *session, unsigned char *buf, size_t len); +int MbedtlsClientWrite(MbedTLSSession *session, const unsigned char *buf, size_t len); + +#endif diff --git a/port/src/tls_certificate.c b/port/src/tls_certificate.c new file mode 100755 index 0000000000000000000000000000000000000000..c7c8c0ff95b3d3741b20b59df537a2713799ec4e --- /dev/null +++ b/port/src/tls_certificate.c @@ -0,0 +1,65 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "mbedtls/certs.h" + +// huawei +const char G_MBEDTLS_ROOT_CERTIFICATE[] = +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIHeTCCBWGgAwIBAgIQf+qaN0l+0yGyi6R9UqGJTTANBgkqhkiG9w0BAQsFADCB\r\n" \ +"iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl\r\n" \ +"IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB\r\n" \ +"Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIw\r\n" \ +"MDcyMzExNTQxOVoXDTIxMDYwNDEwMDkxOVowgZYxCzAJBgNVBAYTAkNOMRIwEAYD\r\n" \ +"VQQIDAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMSUwIwYDVQQKDBxIdWF3\r\n" \ +"ZWkgVGVjaG5vbG9naWVzIENvLiwgTHRkMSIwIAYDVQQLDBlTZWN1cml0eSBFbmdp\r\n" \ +"bmVlcmluZyBEZXB0MRUwEwYDVQQDDAwqLmh1YXdlaS5jb20wggEiMA0GCSqGSIb3\r\n" \ +"DQEBAQUAA4IBDwAwggEKAoIBAQDNnJdX0ANjblDCxn5S8/IT6EQIDyz8W5+Zx4cX\r\n" \ +"S9bpm/1KWGw74FLnWkwJgtwVGKp8PHcoq9vh1QIl4eTHFKH+9MqswsYVv8ee0uwd\r\n" \ +"KfpyTrYTpSfXbDTWrP8Zyaxj2MeIurrqws7JTDADNMb5qVlyyypBKrbb/sdIyw4u\r\n" \ +"ANFt/L61C7oM3iLLYI+gINsT/cqi3HSYGkJze91taZuLySojN7iIR+Sh/YdyFdhe\r\n" \ +"Rzh9973+28ngTEg8ItE7DI+wkoobfiuFvujgymsMwhQYRoAdHZ2YCdbAp1WNpEbx\r\n" \ +"Ozkkykxlmrn+tKQE7NFZVM0XeTk3g2+hsze+3HQBfs6MFte1AgMBAAGjggLMMIIC\r\n" \ +"yDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFJ+KsbXxsd6C9Cd8vojN3qlDgaNL\r\n" \ +"MH4GCCsGAQUFBwEBBHIwcDA7BggrBgEFBQcwAoYvaHR0cDovL2NhY2VydC5hY3Rh\r\n" \ +"bGlzLml0L2NlcnRzL2FjdGFsaXMtYXV0aG92ZzMwMQYIKwYBBQUHMAGGJWh0dHA6\r\n" \ +"Ly9vY3NwMDkuYWN0YWxpcy5pdC9WQS9BVVRIT1YtRzMwIwYDVR0RBBwwGoIKaHVh\r\n" \ +"d2VpLmNvbYIMKi5odWF3ZWkuY29tMFEGA1UdIARKMEgwPAYGK4EfARMBMDIwMAYI\r\n" \ +"KwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMuaXQvYXJlYS1kb3dubG9hZDAI\r\n" \ +"BgZngQwBAgIwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEgGA1UdHwRB\r\n" \ +"MD8wPaA7oDmGN2h0dHA6Ly9jcmwwOS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVU\r\n" \ +"SE9WLUczL2dldExhc3RDUkwwHQYDVR0OBBYEFDVPUVcERFn/Ryc35St5qhpj8U9b\r\n" \ +"MA4GA1UdDwEB/wQEAwIFoDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AG9Tdqwx\r\n" \ +"8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABc3uPW30AAAQDAEcwRQIgRBop\r\n" \ +"JZ4QS5+KeGz/Y///rR1OaA28JS6Zc0NyrKaA4RsCIQCGbRSWEQ0uO3c4/2WwfYTD\r\n" \ +"/LzCuEl0Uze1Bno/O6oq6wB3AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+\r\n" \ +"IvDXAAABc3uPW3kAAAQDAEgwRgIhAOnnBWI9nDihrt3jE+9JG8P4pfrwAV+cGnRz\r\n" \ +"vKWfMrnEAiEAy1bp4C/uCF/PCh/DwAfeZtz1b2rv+lPUqStDqoiXWecwDQYJKoZI\r\n" \ +"hvcNAQELBQADggIBAHiBufoO96dgVGnloxVLfJq4CMzwKt7rutBUYpwNdc6bgflN\r\n" \ +"UJ80V07fzGcmDdV65arqrxTJD+ANNlgJqLxxhzhfdsqQPkmp4VEZFJN3jG3azU9f\r\n" \ +"lHPqYPTYcJczBauSTXqwgT1faUUkylKKbfiBM+j5iH3dpwdQjSRMvXRaA9RFfAED\r\n" \ +"Ncx68QzPcuMnDGOfm26wbA70YriOjaG9Xy1rmUyy1cknP7IRsucsVKhqmvJ2A+tc\r\n" \ +"3q/cEc4OACMk2+sV3VAx9EJb9Hg3sFPdrgxL6VX0jtKEB4f5Mkt/2JXDAPg29BUa\r\n" \ +"S8J5/RPgcN4ZuBiZA0eBwV3Keybfhtmva4Gns6flYU8P3gTqdc7m1YGRWPfXMgvI\r\n" \ +"QLuIbwPueeCJwCpe78YOY8jhKbSkPnv+gqXJT1nqzlajzdAl/8maX+GOphVCHdxO\r\n" \ +"4ij3Wa+MqYwp8ttHBqQJT0Vm925G2e9dax/4xmmtUbTEcsZbi5htAwV7/dfurmkh\r\n" \ +"sToGNWCeg+DHHzOTfzLdoY1gJqxbkPrdZJL5rwk7v69fXytSrXHpML45GPtavXGL\r\n" \ +"RDz5lZj2eabqnVEjzrSee98fcJDuHUcePM38/9yK7X2c1ynLjTzk1k3i7P2ahE2M\r\n" \ +"pk+d5mGlruCfcDLr0sFAV3gls+Wd/4/R6wWJyi5SXuM0XufB+Ghmp/cJIe43\r\n" \ +"-----END CERTIFICATE-----\r\n" \ +; + +const size_t G_MBEDTLS_ROOT_CERTIFICATE_LEN = sizeof(G_MBEDTLS_ROOT_CERTIFICATE); + diff --git a/port/src/tls_client.c b/port/src/tls_client.c new file mode 100755 index 0000000000000000000000000000000000000000..d2079f17b82134d1d25921b170a54c6ce347c8dd --- /dev/null +++ b/port/src/tls_client.c @@ -0,0 +1,197 @@ +/** + * Copyright (c) 2020 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "tls_client.h" + +#include +#include + +#include "securec.h" +#include "tls_certificate.h" +#include "mbedtls_log.h" + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +static void SslDebug(void *ctx, int level, const char *file, int line, const char *str) +{ + LOGD("%s:%04d: %s.", file, line, str); +} + +static int MbedtlsSslCertificateVerify(MbedTLSSession *session) +{ + if (session == NULL) { + return -RET_ERROR; + } + int ret = mbedtls_ssl_get_verify_result(&session->ssl); + if (ret != 0) { + LOGD("verify peer certificate fail..."); + (void)memset_s(session->buffer, session->buffer_len, 0x00, session->buffer_len); + mbedtls_x509_crt_verify_info((char *)session->buffer, session->buffer_len, " ! ", ret); + LOGD("verification info: %s.", session->buffer); + return -RET_ERROR; + } + return RET_EOK; +} + +int MbedtlsClientInit(MbedTLSSession *session, void *entropy, size_t entropyLen) +{ + if (session == NULL || entropy == NULL) { + return -RET_ERROR; + } + mbedtls_net_init(&session->server_fd); + mbedtls_ssl_init(&session->ssl); + mbedtls_ssl_config_init(&session->conf); + mbedtls_ctr_drbg_init(&session->ctr_drbg); + mbedtls_entropy_init(&session->entropy); + mbedtls_x509_crt_init(&session->cacert); + int ret = mbedtls_ctr_drbg_seed(&session->ctr_drbg, mbedtls_entropy_func, &session->entropy, + (unsigned char *)entropy, entropyLen); + if (ret != 0) { + LOGD("mbedtls_ctr_drbg_seed error, return -0x%x.", -ret); + return ret; + } + LOGD("mbedtls client struct init success..."); + return RET_EOK; +} + +int MbedtlsClientClose(MbedTLSSession *session) +{ + if (session == NULL) { + return -RET_ERROR; + } + mbedtls_ssl_close_notify(&session->ssl); + mbedtls_net_free(&session->server_fd); + mbedtls_x509_crt_free(&session->cacert); + mbedtls_entropy_free(&session->entropy); + mbedtls_ctr_drbg_free(&session->ctr_drbg); + mbedtls_ssl_config_free(&session->conf); + mbedtls_ssl_free(&session->ssl); + LOGD("MbedTLS connection close success."); + return RET_EOK; +} + +int MbedtlsClientContext(MbedTLSSession *session) +{ + if (session == NULL) { + return -RET_ERROR; + } + int ret = mbedtls_x509_crt_parse(&session->cacert, (const unsigned char *)G_MBEDTLS_ROOT_CERTIFICATE, + G_MBEDTLS_ROOT_CERTIFICATE_LEN); + if (ret < 0) { + LOGE("mbedtls_x509_crt_parse error, return -0x%x.", -ret); + return ret; + } + + LOGD("Loading the CA root certificate success..."); + + // Hostname set here should match CN in server certificate + if (session->host != NULL) { + ret = mbedtls_ssl_set_hostname(&session->ssl, session->host); + if (ret != 0) { + LOGD("mbedtls_ssl_set_hostname error, return -0x%x", -ret); + return ret; + } + } + + ret = mbedtls_ssl_config_defaults(&session->conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + if (ret != 0) { + LOGD("mbedtls_ssl_config_defaults error, return -0x%x.", -ret); + return ret; + } + + // If you want to verify the validity of the server certificate, + // you need to replace MBEDTLS_SSL_VERIFY_NONE with MBEDTLS_SSL_VERIFY_REQUIRED + mbedtls_ssl_conf_authmode(&session->conf, MBEDTLS_SSL_VERIFY_NONE); + mbedtls_ssl_conf_ca_chain(&session->conf, &session->cacert, NULL); + mbedtls_ssl_conf_rng(&session->conf, mbedtls_ctr_drbg_random, &session->ctr_drbg); + mbedtls_ssl_conf_dbg(&session->conf, SslDebug, NULL); + ret = mbedtls_ssl_setup(&session->ssl, &session->conf); + if (ret != 0) { + LOGD("mbedtls_ssl_setup error, return -0x%x.", -ret); + return ret; + } + LOGD("mbedtls client context init success..."); + + return RET_EOK; +} + +int MbedtlsClientConnect(MbedTLSSession *session) +{ + if (session == NULL) { + return -RET_ERROR; + } + LOGI("connect: host:%s, port: %s", session->host, session->port); + + int ret = mbedtls_net_connect(&session->server_fd, session->host, session->port, MBEDTLS_NET_PROTO_TCP); + if (ret != 0) { + LOGD("mbedtls_net_connect error, return -0x%x.", -ret); + return ret; + } + LOGD("Connected %s:%s fd:%d, success...", session->host, session->port, session->server_fd.fd); + + mbedtls_ssl_set_bio(&session->ssl, &session->server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); + LOGD("ssl state=%d", session->ssl.state); + + while ((ret = mbedtls_ssl_handshake(&session->ssl)) != 0) { + LOGD("mbedtls_ssl_handshake ret=0x%x.", -ret); + if (RET_EOK != MbedtlsSslCertificateVerify(session)) { + return -RET_ERROR; + } + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + LOGD("mbedtls_ssl_handshake error, return -0x%x.", -ret); + return ret; + } + } + + if (RET_EOK != MbedtlsSslCertificateVerify(session)) { + LOGD("Certificate verified err..."); + return -RET_ERROR; + } + + LOGD("Certificate verified success..."); + + return RET_EOK; +} + +int MbedtlsClientRead(MbedTLSSession *session, unsigned char *buf, size_t len) +{ + if (session == NULL || buf == NULL) { + return -RET_ERROR; + } + int ret = mbedtls_ssl_read(&session->ssl, (unsigned char *)buf, len); + if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + LOGD("MbedtlsClientRead data error, return -0x%x.", -ret); + } + return ret; +} + +int MbedtlsClientWrite(MbedTLSSession *session, const unsigned char *buf, size_t len) +{ + if (session == NULL || buf == NULL) { + return -RET_ERROR; + } + int ret = mbedtls_ssl_write(&session->ssl, (unsigned char *)buf, len); + if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + LOGD("MbedtlsClientWrite data error, return -0x%x.", -ret); + } + return ret; +} \ No newline at end of file diff --git a/programs/.gitignore b/programs/.gitignore old mode 100755 new mode 100644 diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/Makefile b/programs/Makefile old mode 100755 new mode 100644 diff --git a/programs/README.md b/programs/README.md old mode 100755 new mode 100644 diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 8242ea7c9e1ec759f7be643d766ac8324235edf5..8b44aaddbd1263bcefab5f31d4d4ede4dddf8e29 100755 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -1,8 +1,14 @@ /* * AES-256 file encryption program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* Enable definition of fileno() even when compiling with -std=c99. Must be @@ -76,7 +101,7 @@ int main( void ) mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C " "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -465,6 +490,6 @@ exit: mbedtls_aes_free( &aes_ctx ); mbedtls_md_free( &sha_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a5acf5b8bfd03724a70614e53ce50d9769f9cf6c..9c566e77e64e44b57c7192fc1d12c77f64e227f4 100755 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -2,8 +2,14 @@ * \brief Generic file encryption program using generic wrappers for configured * security. * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* Enable definition of fileno() even when compiling with -std=c99. Must be @@ -78,14 +103,15 @@ int main( void ) { mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else int main( int argc, char *argv[] ) { - int ret = 1, i, n; + int ret = 1, i; + unsigned n; int exit_code = MBEDTLS_EXIT_FAILURE; int mode; size_t keylen, ilen, olen; @@ -562,6 +588,6 @@ exit: mbedtls_cipher_free( &cipher_ctx ); mbedtls_md_free( &md_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 709a149e0e65fd8581769ec78903a01d0ea167ba..d6c5cf85d57cc7b2cd142f5faefe73bfac14c840 100755 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -1,8 +1,14 @@ /* * generic message digest layer demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -48,7 +73,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -203,7 +228,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } /* @@ -213,12 +238,12 @@ int main( int argc, char *argv[] ) if( md_info == NULL ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( mbedtls_md_setup( &md_ctx, md_info, 0 ) ) { mbedtls_fprintf( stderr, "Failed to initialize context.\n" ); - return( exit_code ); + mbedtls_exit( exit_code ); } ret = 0; @@ -237,6 +262,6 @@ int main( int argc, char *argv[] ) exit: mbedtls_md_free( &md_ctx ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 55a0c7e74b4ef82b47654fc42e52ed6584105a7b..ada025b41744e7d6c18c5f7e085070028cfa3448 100755 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -1,8 +1,14 @@ /* * Classic "Hello, world" demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -44,7 +69,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -58,7 +83,7 @@ int main( void ) mbedtls_printf( "\n MD5('%s') = ", str ); if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 ) - return( MBEDTLS_EXIT_FAILURE ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) mbedtls_printf( "%02x", digest[i] ); @@ -70,6 +95,6 @@ int main( void ) fflush( stdout ); getchar(); #endif - return( MBEDTLS_EXIT_SUCCESS ); + mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); } #endif /* MBEDTLS_MD5_C */ diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 86b260ca0306e68eb8f739ecdaf2afe52d88deb9..68f4b71ba1acb75793faebc8dc32730e25db8a87 100755 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -1,8 +1,14 @@ /* * Diffie-Hellman-Merkle key exchange (client side) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -68,7 +93,7 @@ int main( void ) "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -307,7 +332,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index bf5482ed0a039911873c8db422240e4cfb7aa2c1..fcfa5b9977d166fa2475871c8d75eadbc81cb0d3 100755 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -1,8 +1,14 @@ /* * Diffie-Hellman-Merkle key exchange (prime generation) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -45,7 +70,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_GENPRIME not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -91,7 +116,7 @@ int main( int argc, char **argv ) { usage: mbedtls_printf( USAGE ); - return( exit_code ); + goto exit; } for( i = 1; i < argc; i++ ) @@ -197,7 +222,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt old mode 100755 new mode 100644 diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c01177485346f4a8b5ca8bf01c0cf0d980e68b8d..5e008abfd290bc65389191d6a9c6e55185695856 100755 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -1,8 +1,14 @@ /* * Diffie-Hellman-Merkle key exchange (server side) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -68,7 +93,7 @@ int main( void ) "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -330,7 +355,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 9f849dd29d9adbc711c4ee40294599f920c77382..1c101390a81198a47494f2e989d11ec123f8dfe4 100755 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -1,8 +1,14 @@ /* * Example ECDHE with Curve25519 program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -45,7 +70,7 @@ int main( void ) "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -238,7 +263,7 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 9feb1609071428f1735ee4be64668fa5de5beec1..2479164a60b88010a9ee68e10bfcdbc20cf3e56f 100755 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -1,8 +1,14 @@ /* * Example ECDSA program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -66,7 +91,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else #if defined(VERBOSE) @@ -248,7 +273,7 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && ECPARAMS */ diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 23e4e145c6185c239f42f2c1e1e0592f6c6665d2..76ed6d758190652037630bacbb4bd1fe9e1001fc 100755 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -1,8 +1,14 @@ /* * Key generation application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -133,7 +158,7 @@ int main( void ) "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_PEM_WRITE_C" "not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -446,7 +471,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 79393099193bf2c5b36e9dde523c1249126b9bee..c6bd192eca7e030b9cad1c2f6e183ad4fcf6239e 100755 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -1,8 +1,14 @@ /* * Key reading application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -70,7 +95,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -311,6 +336,6 @@ cleanup: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 60964292b93830c9fe37dad78f43208de836ff79..afe024a34f75d0c56e27fa9be7d7bfb6971b35df 100755 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -1,8 +1,14 @@ /* * Key writing application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -94,7 +119,7 @@ int main( void ) { mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -436,6 +461,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index ecdcd329a19e354d133f6ab0cfb03fedb4248845..e7df64793cd514e16730a9b0f035dc87f899763c 100755 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -1,8 +1,14 @@ /* * Simple MPI demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -46,7 +71,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -112,6 +137,6 @@ cleanup: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index bf425079e2e10a3dccf703a9e0f1366293f17952..e53d6fd1f895f3b3881d2c2f0c985bb9a972c7fe 100755 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -1,8 +1,14 @@ /* * Public key-based simple decryption program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -56,7 +81,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -64,7 +89,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i, olen = 0; mbedtls_pk_context pk; @@ -171,7 +197,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a32b1476154dd1130770396de6c6595c8e24a1a8..4e359fd200c5da0546f375435ca54a3e9ad8e9e2 100755 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -1,8 +1,14 @@ /* * RSA simple data encryption program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -57,7 +82,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -176,7 +201,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index bdedca4c9724fb8af021b347161b28176e96eb9e..8b875b2d3af5e37f6332ae0bda99a36ee9269798 100755 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -1,8 +1,14 @@ /* * Public key-based signature creation program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -47,7 +72,7 @@ int main( void ) "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -184,7 +209,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index a6bfe3f29717ca336daf75b496a277597e2a8d62..5969488fc633c8330588b7ca1b4e445287ff7aaa 100755 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -1,8 +1,14 @@ /* * Public key-based signature verification program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -45,7 +70,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +172,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index ff71bd0553b69386ba18548dea92356d5447db55..3f8823dd9197f229a43978ee46f81b281126ec82 100755 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -1,8 +1,14 @@ /* * RSA simple decryption program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -55,7 +80,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -65,7 +90,7 @@ int main( int argc, char *argv[] ) FILE *f; int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - int c; + unsigned c; size_t i; mbedtls_rsa_context rsa; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; @@ -207,6 +232,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4a71c15dd177006aaf8990063b88ac8087703897..c206173ba38e695653bf3fa45c95f857992f1a89 100755 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -1,8 +1,14 @@ /* * RSA simple data encryption program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -55,7 +80,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -184,7 +209,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index d556c190218e667948d79a506e1e05d969b45e5c..7e08c057fb122958bda0319dab43f31ae0b34d80 100755 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -1,8 +1,14 @@ /* * Example RSA key generation program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -60,7 +85,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -186,7 +211,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt old mode 100755 new mode 100644 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt old mode 100755 new mode 100644 diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9bcd7a6270a66313e92b2a0d3df11777055c29cf..ea7e45067afaba16f9143cac854fab75da6636a7 100755 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -1,8 +1,14 @@ /* * RSA/SHA-256 signature creation program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -46,7 +71,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -188,7 +213,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 42209e27c1d9534da21467588a90b34b1fd62059..b5ab26ed8c414803763c6efb91680b624c657acc 100755 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -1,8 +1,14 @@ /* * RSASSA-PSS/SHA-256 signature creation program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -47,7 +72,7 @@ int main( void ) "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -175,7 +200,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 94f0ef9ce9c2cf674b7b85e3906047decc6b884f..809c43484d0c84da1e394974e2798c085249503b 100755 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -1,8 +1,14 @@ /* * RSA/SHA-256 signature verification program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -45,7 +70,7 @@ int main( void ) mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -59,7 +84,8 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret = 1, c; + int ret = 1; + unsigned c; int exit_code = MBEDTLS_EXIT_FAILURE; size_t i; mbedtls_rsa_context rsa; @@ -161,7 +187,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 148cd5110b036077070ecabdbdce97b67cffbc49..b67be4a1699c274483b71b95acfba8cec7de9318 100755 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -1,8 +1,14 @@ /* * RSASSA-PSS/SHA-256 signature verification program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -47,7 +72,7 @@ int main( void ) "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -152,7 +177,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 6ae63b725da2e49d786bdbd42e5a75baba2411c4..671df5bb98a4856aa19aeb53a4245b9a5a69e12b 100755 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -1,8 +1,14 @@ /** * \brief Use and generate multiple entropies calls into a file * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -47,7 +72,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -63,13 +88,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_entropy_init( &entropy ); @@ -99,6 +124,6 @@ cleanup: fclose( f ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 59df34b665a1199bce8a514893b0cad230c41f36..0eb1477eac3ab89534b20b49bde5a45d9ec64e3f 100755 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -1,8 +1,14 @@ /** * \brief Use and generate random data into a file via the CTR_DBRG based on AES * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -50,7 +75,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -69,13 +94,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_entropy_init( &entropy ); @@ -132,6 +157,6 @@ cleanup: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index 5ea52aec9bb2043c96386cc120f4385aecdd863e..6cfd0fa5add24418b5e3637f70527fbc4b412e31 100755 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -1,8 +1,14 @@ /** * \brief Generate random data into a file * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -48,7 +73,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -65,13 +90,13 @@ int main( int argc, char *argv[] ) if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s \n", argv[0] ); - return( exit_code ); + mbedtls_exit( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } mbedtls_havege_init( &hs ); @@ -104,6 +129,6 @@ int main( int argc, char *argv[] ) exit: mbedtls_havege_free( &hs ); fclose( f ); - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_HAVEGE_C */ diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 803920cde64261cf94bc60908724e78e816b788f..b3ef4f8e991eac998ba5dc8204de107c8f90f33f 100755 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -8,12 +8,13 @@ set(libs set(targets dtls_client dtls_server + mini_client ssl_client1 ssl_client2 - ssl_server ssl_fork_server ssl_mail_client - mini_client + ssl_server + ssl_server2 ) if(USE_PKCS11_HELPER_LIBRARY) @@ -30,28 +31,28 @@ target_link_libraries(dtls_client ${libs}) add_executable(dtls_server dtls_server.c) target_link_libraries(dtls_server ${libs}) +add_executable(mini_client mini_client.c) +target_link_libraries(mini_client ${libs}) + add_executable(ssl_client1 ssl_client1.c) target_link_libraries(ssl_client1 ${libs}) add_executable(ssl_client2 ssl_client2.c) -target_sources(ssl_client2 PUBLIC query_config.c) +target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) target_link_libraries(ssl_client2 ${libs}) -add_executable(ssl_server ssl_server.c) -target_link_libraries(ssl_server ${libs}) - -add_executable(ssl_server2 ssl_server2.c) -target_sources(ssl_server2 PUBLIC query_config.c) -target_link_libraries(ssl_server2 ${libs}) - add_executable(ssl_fork_server ssl_fork_server.c) target_link_libraries(ssl_fork_server ${libs}) add_executable(ssl_mail_client ssl_mail_client.c) target_link_libraries(ssl_mail_client ${libs}) -add_executable(mini_client mini_client.c) -target_link_libraries(mini_client ${libs}) +add_executable(ssl_server ssl_server.c) +target_link_libraries(ssl_server ${libs}) + +add_executable(ssl_server2 ssl_server2.c) +target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) +target_link_libraries(ssl_server2 ${libs}) if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 3ea2a680b618961904510b5f60363087126275c8..69d4f33921fb30a2bb80b2c0209c41e5453b84b9 100755 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -1,8 +1,14 @@ /* * Simple DTLS client demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -29,6 +54,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_exit exit @@ -48,7 +74,7 @@ int main( void ) "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -355,7 +381,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C && MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index bb32724780d0ceb94253cdf8581c27586aa73647..8339d9d11477e7e32530013087e67e70bcd309b5 100755 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -1,8 +1,14 @@ /* * Simple DTLS server demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -29,6 +54,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_time_t time_t @@ -61,7 +87,7 @@ int main( void ) "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or " "MBEDTLS_TIMING_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -430,7 +456,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C && diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 4b8140e683e1bbd5ba931ba317c68aa49b538935..3f2ab5a19d1d10e4e9be91a66f6b515143cf5a6b 100755 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -2,8 +2,14 @@ * Minimal SSL client, used for memory measurements. * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -60,7 +85,7 @@ int main( void ) mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -296,6 +321,6 @@ exit: mbedtls_x509_crt_free( &ca ); #endif - return( ret ); + mbedtls_exit( ret ); } #endif diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 37e4141e9be96873b0e9dcde577f279c09174dd4..798c9178f89e7c082c4dc71fdc07c09da9948f87 100755 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1,8 +1,14 @@ /* * Query Mbed TLS compile time configurations from config.h * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -714,6 +739,22 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ); + return( 0 ); + } +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ + +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) + if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND ); + return( 0 ); + } +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ + #if defined(MBEDTLS_TEST_NULL_ENTROPY) if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 ) { @@ -978,6 +1019,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECP_NIST_OPTIM */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( strcmp( "MBEDTLS_ECP_NO_INTERNAL_RNG", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_INTERNAL_RNG ); + return( 0 ); + } +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 ) { diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index b723243c9cb03be5573b17898ab9c5930beedbb5..bb07feb719139e5246f9418d3938deced495b6df 100755 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -1,8 +1,14 @@ /* * SSL client demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -51,7 +76,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -312,7 +337,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 13d0d1780342934176037fc66c1d81b8d9817695..4f26b575da54736e7c0198f873fa83a200180045 100755 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1,8 +1,14 @@ /* * SSL client with certificate authentication * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -48,7 +73,7 @@ int main( void ) mbedtls_printf("MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -259,7 +284,9 @@ int main( void ) #define USAGE_ECRESTART "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_name=%%s default: localhost\n" \ @@ -282,7 +309,8 @@ int main( void ) " skip_close_notify=%%d default: 0 (send close_notify)\n" \ "\n" \ USAGE_DTLS \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ USAGE_IO \ @@ -290,7 +318,8 @@ int main( void ) USAGE_PSK \ USAGE_ECJPAKE \ USAGE_ECRESTART \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -307,7 +336,8 @@ int main( void ) USAGE_CURVES \ USAGE_RECSPLIT \ USAGE_DHMLEN \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -594,7 +624,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) @@ -995,7 +1028,7 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - return query_config( q ); + mbedtls_exit( query_config( q ) ); } else if( strcmp( p, "skip_close_notify" ) == 0 ) { @@ -2168,7 +2201,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 80407e49aa452ea947be1d83ea922608d129b9e6..9713c3439fb9f1a1887039ca8088c511f323d5ad 100755 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -1,8 +1,14 @@ /* * SSL server demonstration program using fork() for handling multiple clients * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -54,14 +79,14 @@ int main( int argc, char *argv[] ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #elif defined(_WIN32) int main( void ) { mbedtls_printf("_WIN32 defined. This application requires fork() and signals " "to work correctly.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -416,7 +441,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 3163e2124cfe572d95156ab89bade9dc9c243341..d0e65e177370cea217164d069cd2f62f04f342a2 100755 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -1,8 +1,14 @@ /* * SSL client for SMTP servers * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* Enable definition of gethostname() even when compiling with -std=c99. Must @@ -24,6 +49,10 @@ * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#if defined(__NetBSD__) +#define _XOPEN_SOURCE 600 +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -56,7 +85,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -853,7 +882,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 0624d3363e3bfe0f00ec2d35d8aac8454bbfc43e..5e8737a829b9bfa07085b5d5dc8fa8dbf7c77b0c 100755 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -2,8 +2,14 @@ * SSL server demonstration program using pthread for handling multiple * clients. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -54,7 +79,7 @@ int main( void ) "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD " "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -524,7 +549,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 3e1d9a4e613574973bf354b58791959f374cd1cf..242680e902d28c2d3e91ed54db2df9b86417bc97 100755 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -1,8 +1,14 @@ /* * SSL server demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -52,7 +77,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -397,7 +422,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b429b2491a9dd0db388f973a1bd13e15f0d38901..31159661bdc01904f42dd7dd34d731a180ef48fd 100755 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1,8 +1,14 @@ /* * SSL client with options * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -49,7 +74,7 @@ int main( void ) mbedtls_printf("MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -366,7 +391,9 @@ int main( void ) #define USAGE_CURVES "" #endif -#define USAGE \ +/* USAGE is arbitrarily split to stay under the portable string literal + * length limit: 4095 bytes in C99. */ +#define USAGE1 \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ " server_addr=%%s default: (all interfaces)\n" \ @@ -387,7 +414,8 @@ int main( void ) USAGE_COOKIES \ USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ - "\n" \ + "\n" +#define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ @@ -398,7 +426,8 @@ int main( void ) "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ - "\n" \ + "\n" +#define USAGE3 \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ @@ -411,7 +440,8 @@ int main( void ) USAGE_EMS \ USAGE_ETM \ USAGE_CURVES \ - "\n" \ + "\n" +#define USAGE4 \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -1323,7 +1353,10 @@ int main( int argc, char *argv[] ) if( ret == 0 ) ret = 1; - mbedtls_printf( USAGE ); + mbedtls_printf( USAGE1 ); + mbedtls_printf( USAGE2 ); + mbedtls_printf( USAGE3 ); + mbedtls_printf( USAGE4 ); list = mbedtls_ssl_list_ciphersuites(); while( *list ) @@ -1773,7 +1806,7 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - return query_config( q ); + mbedtls_exit( query_config( q ) ); } else goto usage; @@ -3217,7 +3250,7 @@ exit: if( ret < 0 ) ret = 1; - return( ret ); + mbedtls_exit( ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 282ef58aaf39c2b3745c45f66147a339e442dfe5..5feb31773b1f9d52be6d01a69efdda0a815f8bb7 100755 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -28,7 +28,7 @@ add_executable(zeroize zeroize.c) target_link_libraries(zeroize ${libs}) add_executable(query_compile_time_config query_compile_time_config.c) -target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c) +target_sources(query_compile_time_config PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../ssl/query_config.c) target_link_libraries(query_compile_time_config ${libs}) install(TARGETS selftest benchmark udp_proxy query_compile_time_config diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 9c06d07b05740e325807c1f917e810245b1c8389..c24ace4a666ff096b8a1e829052077aa03424d60 100755 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1,8 +1,14 @@ /* * Benchmark demonstration program * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -43,7 +68,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_TIMING_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -155,6 +180,16 @@ do { \ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) +/* How much space to reserve for the title when printing heap usage results. + * Updated manually as the output of the following command: + * + * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | + * awk '{print length+2}' | sort -rn | head -n1 + * + * This computes the maximum length of a title +2 (because we appends "/s"). + * (If the value is too small, the only consequence is poor alignement.) */ +#define TITLE_SPACE 11 + #define MEMORY_MEASURE_INIT \ size_t max_used, max_blocks, max_bytes; \ size_t prv_used, prv_blocks; \ @@ -163,7 +198,8 @@ do { \ #define MEMORY_MEASURE_PRINT( title_len ) \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ - for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \ + ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ + while( ii-- ) mbedtls_printf( " " ); \ max_used -= prv_used; \ max_blocks -= prv_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ @@ -1000,7 +1036,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( 0 ); + mbedtls_exit( 0 ); } #endif /* MBEDTLS_TIMING_C */ diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index c65288404631c498afdb7aab5f47031d1009d4cb..0bd12656fefc8a06ee339c7abce68693e309dd05 100755 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -2,8 +2,14 @@ * This program is a dummy C++ program to ensure Mbed TLS library header files * can be included and built with a C++ compiler. * - * Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c index 17becf27f1a40a996bf48fccf089e15df06dd1ce..4cb23e39be37fcd518466d1d5daea98c9ccf6177 100755 --- a/programs/test/query_compile_time_config.c +++ b/programs/test/query_compile_time_config.c @@ -1,8 +1,14 @@ /* * Query the Mbed TLS compile time configuration * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index bd28e9a36899c5c0090fbb589e204c62533bb935..9bc9a9c6ba26540f4dfde6162f41b64f9b596095 100755 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -1,8 +1,14 @@ /* * Self-test demonstration program * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -500,7 +525,5 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - /* return() is here to prevent compiler warnings */ - return( MBEDTLS_EXIT_SUCCESS ); + mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); } - diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 4be0865d8668540dd605a2b6be78a5a81fbcd850..66ead4aac860e01e32c2c12a77799ad183958102 100755 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -1,8 +1,14 @@ /* * UDP proxy: emulate an unreliable UDP connexion for DTLS testing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ /* @@ -42,6 +67,7 @@ #define mbedtls_printf printf #define mbedtls_calloc calloc #define mbedtls_free free +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,7 +76,7 @@ int main( void ) { mbedtls_printf( "MBEDTLS_NET_C not defined.\n" ); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -978,7 +1004,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_NET_C */ diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 29033d5d17ddf14bb2182e839e09aea7e00d5427..6f68daf9070999e58c0763f8c3f346c6f1a19fc6 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -1,6 +1,48 @@ #!/bin/sh # -*-sh-basic-offset: 4-*- # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -u diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 29cc0ac3c113bce647b94cfbe1afe418559256d2..dbc394e35bea80788138f02c456ccdac1fac03a2 100755 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -4,15 +4,19 @@ * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that the code does not - * change often (as opposed to the library code) because the script sets a - * breakpoint at the last return statement in the main() function of this - * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_platform_zeroize() was not - * eliminated. + * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last + * return statement in the main() function of this program. The debugger + * facilities are then used to manually inspect the memory and verify that the + * call to mbedtls_platform_zeroize() was not eliminated. * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -26,7 +30,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -42,6 +65,7 @@ #else #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -72,14 +96,14 @@ int main( int argc, char** argv ) { mbedtls_printf( "This program takes exactly 1 agument\n" ); usage(); - return( exit_code ); + mbedtls_exit( exit_code ); } fp = fopen( argv[1], "r" ); if( fp == NULL ) { mbedtls_printf( "Could not open file '%s'\n", argv[1] ); - return( exit_code ); + mbedtls_exit( exit_code ); } while( ( c = fgetc( fp ) ) != EOF && p < end - 1 ) @@ -97,5 +121,5 @@ int main( int argc, char** argv ) fclose( fp ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); - return( exit_code ); + mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment! } diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index f184939266754f0e97b5ae8d7a1972ebcd8806fa..153b4fc308f8b5064b5017c0c49a779a689d02df 100755 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -1,8 +1,14 @@ /* * Convert PEM to DER * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -61,7 +86,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -290,6 +315,6 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */ diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 458280c989b18528fb5e54e8e52dbad43a546bc0..4ea9d329b730593d718b5cc8464cb9b06937dbda 100755 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -1,8 +1,14 @@ /* * Translate error code to error string * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -29,7 +54,9 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf +#define mbedtls_exit exit #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) @@ -48,7 +75,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else int main( int argc, char *argv[] ) @@ -59,7 +86,7 @@ int main( int argc, char *argv[] ) if( argc != 2 ) { mbedtls_printf( USAGE ); - return( 0 ); + mbedtls_exit( 0 ); } val = strtol( argv[1], &end, 10 ); @@ -87,6 +114,6 @@ int main( int argc, char *argv[] ) fflush( stdout ); getchar(); #endif - return( val ); + mbedtls_exit( val ); } #endif /* MBEDTLS_ERROR_C */ diff --git a/programs/wince_main.c b/programs/wince_main.c index 203a2ba456a5a9ac10c8ac51b5c842524a9730e6..511542a46917852e2024cff3b19171df1bc4b924 100755 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -1,8 +1,14 @@ /* * Windows CE console application entry point * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if defined(_WIN32_WCE) diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 84d62fe60554984f79d973496d892a05ab3be6e1..022e2e363ab643fba31d6e130f4a8d54d6ee0f25 100755 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -1,8 +1,14 @@ /* * Certificate reading application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -51,7 +76,7 @@ int main( void ) "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -493,7 +518,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index f3d915750fc07473e01885cbc2a41fa55171f282..c88050cde7f81d8e9730669d5850bd63125897e9 100755 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -1,8 +1,14 @@ /* * Certificate request generation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -46,7 +71,7 @@ int main( void ) "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -444,7 +469,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index c3e89bef5399c2406e408b6e6f31be7c61aeeb40..bccc3b7b438a34cdd2a2ff348e4f844dc8bcb26e 100755 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -1,8 +1,14 @@ /* * Certificate generation and signing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -47,7 +72,7 @@ int main( void ) "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_ERROR_C not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -811,7 +836,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 127320a138aad633f50d5d0b3976e56a48dcabdf..aa6f2855a3d16f9a48714bf2fa6b67970478fa94 100755 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -1,8 +1,14 @@ /* * CRL reading application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -42,7 +67,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +172,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 3bb4277fd9107bac0bd5f9dfed0aa50760c7a93a..03ec94374898cfe1dd5efc24131d98d217bc2dc3 100755 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -1,8 +1,14 @@ /* * Certificate request reading application * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -42,7 +67,7 @@ int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); - return( 0 ); + mbedtls_exit( 0 ); } #else @@ -147,7 +172,7 @@ exit: fflush( stdout ); getchar(); #endif - return( exit_code ); + mbedtls_exit( exit_code ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C && MBEDTLS_FS_IO */ diff --git a/scripts/abi_check.py b/scripts/abi_check.py index e19f2c0c660ab16cf0f829c64b4ccff98d059535..07c726a3e2388425e18dc0e7606b62dcc5b5a706 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,9 +1,5 @@ #!/usr/bin/env python3 """ -This file is part of Mbed TLS (https://tls.mbed.org) - -Copyright (c) 2018, Arm Limited, All Rights Reserved - Purpose This script is a small wrapper around the abi-compliance-checker and @@ -15,6 +11,48 @@ Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error while running the script. Note: must be run from Mbed TLS root. """ +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** + import os import sys import traceback @@ -29,7 +67,7 @@ from types import SimpleNamespace import xml.etree.ElementTree as ET -class AbiChecker(object): +class AbiChecker: """API and ABI checker.""" def __init__(self, old_version, new_version, configuration): diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index bebab103e1e45122a80513fd79f12c1862e7fdb8..f2f511a5612e688cfaedb72fc98d09118eeb8ed6 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -6,6 +6,48 @@ # # /!\ This must not be a Makefile target, as it would create a race condition # when multiple targets are invoked in the same parallel build. +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py new file mode 100755 index 0000000000000000000000000000000000000000..02bae25b70163d67b1385a4eda7a9b09f5869d35 --- /dev/null +++ b/scripts/assemble_changelog.py @@ -0,0 +1,530 @@ +#!/usr/bin/env python3 + +"""Assemble Mbed TLS change log entries into the change log file. + +Add changelog entries to the first level-2 section. +Create a new level-2 section for unreleased changes if needed. +Remove the input files unless --keep-entries is specified. + +In each level-3 section, entries are sorted in chronological order +(oldest first). From oldest to newest: +* Merged entry files are sorted according to their merge date (date of + the merge commit that brought the commit that created the file into + the target branch). +* Committed but unmerged entry files are sorted according to the date + of the commit that adds them. +* Uncommitted entry files are sorted according to their modification time. + +You must run this program from within a git working directory. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** + +import argparse +from collections import OrderedDict, namedtuple +import datetime +import functools +import glob +import os +import re +import subprocess +import sys + +class InputFormatError(Exception): + def __init__(self, filename, line_number, message, *args, **kwargs): + message = '{}:{}: {}'.format(filename, line_number, + message.format(*args, **kwargs)) + super().__init__(message) + +class CategoryParseError(Exception): + def __init__(self, line_offset, error_message): + self.line_offset = line_offset + self.error_message = error_message + super().__init__('{}: {}'.format(line_offset, error_message)) + +class LostContent(Exception): + def __init__(self, filename, line): + message = ('Lost content from {}: "{}"'.format(filename, line)) + super().__init__(message) + +# The category names we use in the changelog. +# If you edit this, update ChangeLog.d/README.md. +STANDARD_CATEGORIES = ( + b'API changes', + b'Default behavior changes', + b'Requirement changes', + b'New deprecations', + b'Removals', + b'Features', + b'Security', + b'Bugfix', + b'Changes', +) + +CategoryContent = namedtuple('CategoryContent', [ + 'name', 'title_line', # Title text and line number of the title + 'body', 'body_line', # Body text and starting line number of the body +]) + +class ChangelogFormat: + """Virtual class documenting how to write a changelog format class.""" + + @classmethod + def extract_top_version(cls, changelog_file_content): + """Split out the top version section. + + If the top version is already released, create a new top + version section for an unreleased version. + + Return ``(header, top_version_title, top_version_body, trailer)`` + where the "top version" is the existing top version section if it's + for unreleased changes, and a newly created section otherwise. + To assemble the changelog after modifying top_version_body, + concatenate the four pieces. + """ + raise NotImplementedError + + @classmethod + def version_title_text(cls, version_title): + """Return the text of a formatted version section title.""" + raise NotImplementedError + + @classmethod + def split_categories(cls, version_body): + """Split a changelog version section body into categories. + + Return a list of `CategoryContent` the name is category title + without any formatting. + """ + raise NotImplementedError + + @classmethod + def format_category(cls, title, body): + """Construct the text of a category section from its title and body.""" + raise NotImplementedError + +class TextChangelogFormat(ChangelogFormat): + """The traditional Mbed TLS changelog format.""" + + _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx' + @classmethod + def is_released_version(cls, title): + # Look for an incomplete release date + return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title) + + _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', + re.DOTALL) + @classmethod + def extract_top_version(cls, changelog_file_content): + """A version section starts with a line starting with '='.""" + m = re.search(cls._top_version_re, changelog_file_content) + top_version_start = m.start(1) + top_version_end = m.end(2) + top_version_title = m.group(1) + top_version_body = m.group(2) + if cls.is_released_version(top_version_title): + top_version_end = top_version_start + top_version_title = cls._unreleased_version_text + b'\n\n' + top_version_body = b'' + return (changelog_file_content[:top_version_start], + top_version_title, top_version_body, + changelog_file_content[top_version_end:]) + + @classmethod + def version_title_text(cls, version_title): + return re.sub(br'\n.*', version_title, re.DOTALL) + + _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE) + @classmethod + def split_categories(cls, version_body): + """A category title is a line with the title in column 0.""" + if not version_body: + return [] + title_matches = list(re.finditer(cls._category_title_re, version_body)) + if not title_matches or title_matches[0].start() != 0: + # There is junk before the first category. + raise CategoryParseError(0, 'Junk found where category expected') + title_starts = [m.start(1) for m in title_matches] + body_starts = [m.end(0) for m in title_matches] + body_ends = title_starts[1:] + [len(version_body)] + bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n' + for (body_start, body_end) in zip(body_starts, body_ends)] + title_lines = [version_body[:pos].count(b'\n') for pos in title_starts] + body_lines = [version_body[:pos].count(b'\n') for pos in body_starts] + return [CategoryContent(title_match.group(1), title_line, + body, body_line) + for title_match, title_line, body, body_line + in zip(title_matches, title_lines, bodies, body_lines)] + + @classmethod + def format_category(cls, title, body): + # `split_categories` ensures that each body ends with a newline. + # Make sure that there is additionally a blank line between categories. + if not body.endswith(b'\n\n'): + body += b'\n' + return title + b'\n' + body + +class ChangeLog: + """An Mbed TLS changelog. + + A changelog file consists of some header text followed by one or + more version sections. The version sections are in reverse + chronological order. Each version section consists of a title and a body. + + The body of a version section consists of zero or more category + subsections. Each category subsection consists of a title and a body. + + A changelog entry file has the same format as the body of a version section. + + A `ChangelogFormat` object defines the concrete syntax of the changelog. + Entry files must have the same format as the changelog file. + """ + + # Only accept dotted version numbers (e.g. "3.1", not "3"). + # Refuse ".x" in a version number where x is a letter: this indicates + # a version that is not yet released. Something like "3.1a" is accepted. + _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') + _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') + + def add_categories_from_text(self, filename, line_offset, + text, allow_unknown_category): + """Parse a version section or entry file.""" + try: + categories = self.format.split_categories(text) + except CategoryParseError as e: + raise InputFormatError(filename, line_offset + e.line_offset, + e.error_message) + for category in categories: + if not allow_unknown_category and \ + category.name not in self.categories: + raise InputFormatError(filename, + line_offset + category.title_line, + 'Unknown category: "{}"', + category.name.decode('utf8')) + self.categories[category.name] += category.body + + def __init__(self, input_stream, changelog_format): + """Create a changelog object. + + Populate the changelog object from the content of the file + input_stream. + """ + self.format = changelog_format + whole_file = input_stream.read() + (self.header, + self.top_version_title, top_version_body, + self.trailer) = self.format.extract_top_version(whole_file) + # Split the top version section into categories. + self.categories = OrderedDict() + for category in STANDARD_CATEGORIES: + self.categories[category] = b'' + offset = (self.header + self.top_version_title).count(b'\n') + 1 + self.add_categories_from_text(input_stream.name, offset, + top_version_body, True) + + def add_file(self, input_stream): + """Add changelog entries from a file. + """ + self.add_categories_from_text(input_stream.name, 1, + input_stream.read(), False) + + def write(self, filename): + """Write the changelog to the specified file. + """ + with open(filename, 'wb') as out: + out.write(self.header) + out.write(self.top_version_title) + for title, body in self.categories.items(): + if not body: + continue + out.write(self.format.format_category(title, body)) + out.write(self.trailer) + + +@functools.total_ordering +class EntryFileSortKey: + """This classes defines an ordering on changelog entry files: older < newer. + + * Merged entry files are sorted according to their merge date (date of + the merge commit that brought the commit that created the file into + the target branch). + * Committed but unmerged entry files are sorted according to the date + of the commit that adds them. + * Uncommitted entry files are sorted according to their modification time. + + This class assumes that the file is in a git working directory with + the target branch checked out. + """ + + # Categories of files. A lower number is considered older. + MERGED = 0 + COMMITTED = 1 + LOCAL = 2 + + @staticmethod + def creation_hash(filename): + """Return the git commit id at which the given file was created. + + Return None if the file was never checked into git. + """ + hashes = subprocess.check_output(['git', 'log', '--format=%H', + '--follow', + '--', filename]) + m = re.search(b'(.+)$', hashes) + if not m: + # The git output is empty. This means that the file was + # never checked in. + return None + # The last commit in the log is the oldest one, which is when the + # file was created. + return m.group(0) + + @staticmethod + def list_merges(some_hash, target, *options): + """List merge commits from some_hash to target. + + Pass options to git to select which commits are included. + """ + text = subprocess.check_output(['git', 'rev-list', + '--merges', *options, + b'..'.join([some_hash, target])]) + return text.rstrip(b'\n').split(b'\n') + + @classmethod + def merge_hash(cls, some_hash): + """Return the git commit id at which the given commit was merged. + + Return None if the given commit was never merged. + """ + target = b'HEAD' + # List the merges from some_hash to the target in two ways. + # The ancestry list is the ones that are both descendants of + # some_hash and ancestors of the target. + ancestry = frozenset(cls.list_merges(some_hash, target, + '--ancestry-path')) + # The first_parents list only contains merges that are directly + # on the target branch. We want it in reverse order (oldest first). + first_parents = cls.list_merges(some_hash, target, + '--first-parent', '--reverse') + # Look for the oldest merge commit that's both on the direct path + # and directly on the target branch. That's the place where some_hash + # was merged on the target branch. See + # https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit + for commit in first_parents: + if commit in ancestry: + return commit + return None + + @staticmethod + def commit_timestamp(commit_id): + """Return the timestamp of the given commit.""" + text = subprocess.check_output(['git', 'show', '-s', + '--format=%ct', + commit_id]) + return datetime.datetime.utcfromtimestamp(int(text)) + + @staticmethod + def file_timestamp(filename): + """Return the modification timestamp of the given file.""" + mtime = os.stat(filename).st_mtime + return datetime.datetime.fromtimestamp(mtime) + + def __init__(self, filename): + """Determine position of the file in the changelog entry order. + + This constructor returns an object that can be used with comparison + operators, with `sort` and `sorted`, etc. Older entries are sorted + before newer entries. + """ + self.filename = filename + creation_hash = self.creation_hash(filename) + if not creation_hash: + self.category = self.LOCAL + self.datetime = self.file_timestamp(filename) + return + merge_hash = self.merge_hash(creation_hash) + if not merge_hash: + self.category = self.COMMITTED + self.datetime = self.commit_timestamp(creation_hash) + return + self.category = self.MERGED + self.datetime = self.commit_timestamp(merge_hash) + + def sort_key(self): + """"Return a concrete sort key for this entry file sort key object. + + ``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``. + """ + return (self.category, self.datetime, self.filename) + + def __eq__(self, other): + return self.sort_key() == other.sort_key() + + def __lt__(self, other): + return self.sort_key() < other.sort_key() + + +def check_output(generated_output_file, main_input_file, merged_files): + """Make sanity checks on the generated output. + + The intent of these sanity checks is to have reasonable confidence + that no content has been lost. + + The sanity check is that every line that is present in an input file + is also present in an output file. This is not perfect but good enough + for now. + """ + generated_output = set(open(generated_output_file, 'rb')) + for line in open(main_input_file, 'rb'): + if line not in generated_output: + raise LostContent('original file', line) + for merged_file in merged_files: + for line in open(merged_file, 'rb'): + if line not in generated_output: + raise LostContent(merged_file, line) + +def finish_output(changelog, output_file, input_file, merged_files): + """Write the changelog to the output file. + + The input file and the list of merged files are used only for sanity + checks on the output. + """ + if os.path.exists(output_file) and not os.path.isfile(output_file): + # The output is a non-regular file (e.g. pipe). Write to it directly. + output_temp = output_file + else: + # The output is a regular file. Write to a temporary file, + # then move it into place atomically. + output_temp = output_file + '.tmp' + changelog.write(output_temp) + check_output(output_temp, input_file, merged_files) + if output_temp != output_file: + os.rename(output_temp, output_file) + +def remove_merged_entries(files_to_remove): + for filename in files_to_remove: + os.remove(filename) + +def list_files_to_merge(options): + """List the entry files to merge, oldest first. + + "Oldest" is defined by `EntryFileSortKey`. + """ + files_to_merge = glob.glob(os.path.join(options.dir, '*.txt')) + files_to_merge.sort(key=EntryFileSortKey) + return files_to_merge + +def merge_entries(options): + """Merge changelog entries into the changelog file. + + Read the changelog file from options.input. + Read entries to merge from the directory options.dir. + Write the new changelog to options.output. + Remove the merged entries if options.keep_entries is false. + """ + with open(options.input, 'rb') as input_file: + changelog = ChangeLog(input_file, TextChangelogFormat) + files_to_merge = list_files_to_merge(options) + if not files_to_merge: + sys.stderr.write('There are no pending changelog entries.\n') + return + for filename in files_to_merge: + with open(filename, 'rb') as input_file: + changelog.add_file(input_file) + finish_output(changelog, options.output, options.input, files_to_merge) + if not options.keep_entries: + remove_merged_entries(files_to_merge) + +def show_file_timestamps(options): + """List the files to merge and their timestamp. + + This is only intended for debugging purposes. + """ + files = list_files_to_merge(options) + for filename in files: + ts = EntryFileSortKey(filename) + print(ts.category, ts.datetime, filename) + +def set_defaults(options): + """Add default values for missing options.""" + output_file = getattr(options, 'output', None) + if output_file is None: + options.output = options.input + if getattr(options, 'keep_entries', None) is None: + options.keep_entries = (output_file is not None) + +def main(): + """Command line entry point.""" + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('--dir', '-d', metavar='DIR', + default='ChangeLog.d', + help='Directory to read entries from' + ' (default: ChangeLog.d)') + parser.add_argument('--input', '-i', metavar='FILE', + default='ChangeLog', + help='Existing changelog file to read from and augment' + ' (default: ChangeLog)') + parser.add_argument('--keep-entries', + action='store_true', dest='keep_entries', default=None, + help='Keep the files containing entries' + ' (default: remove them if --output/-o is not specified)') + parser.add_argument('--no-keep-entries', + action='store_false', dest='keep_entries', + help='Remove the files containing entries after they are merged' + ' (default: remove them if --output/-o is not specified)') + parser.add_argument('--output', '-o', metavar='FILE', + help='Output changelog file' + ' (default: overwrite the input)') + parser.add_argument('--list-files-only', + action='store_true', + help=('Only list the files that would be processed ' + '(with some debugging information)')) + options = parser.parse_args() + set_defaults(options) + if options.list_files_only: + show_file_timestamps(options) + return + merge_entries(options) + +if __name__ == '__main__': + main() diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index c39a86a5e726d5381200450c9c08bf8faecf163a..5ac117f8087ebda6d2bcd76f6aeba21f0d56fa0e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,8 +1,46 @@ #!/bin/bash # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/scripts/config.pl b/scripts/config.pl index c2be0ba56c22f97cfeeb3ccfd59de6517d2eded8..e5cc69756ff099a39a074365f817ceee96867b14 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -1,8 +1,46 @@ #!/usr/bin/env perl # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -19,30 +57,17 @@ # # The following options are disabled instead of enabled with "full". # -# MBEDTLS_TEST_NULL_ENTROPY -# MBEDTLS_DEPRECATED_REMOVED -# MBEDTLS_HAVE_SSE2 -# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -# MBEDTLS_ECP_DP_M221_ENABLED -# MBEDTLS_ECP_DP_M383_ENABLED -# MBEDTLS_ECP_DP_M511_ENABLED -# MBEDTLS_MEMORY_BACKTRACE -# MBEDTLS_MEMORY_BUFFER_ALLOC_C -# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -# MBEDTLS_NO_PLATFORM_ENTROPY -# MBEDTLS_REMOVE_ARC4_CIPHERSUITES -# MBEDTLS_REMOVE_3DES_CIPHERSUITES -# MBEDTLS_SSL_HW_RECORD_ACCEL -# MBEDTLS_RSA_NO_CRT -# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -# - this could be enabled if the respective tests were adapted -# MBEDTLS_ZLIB_SUPPORT -# MBEDTLS_PKCS11_C -# MBEDTLS_NO_UDBL_DIVISION -# MBEDTLS_NO_64BIT_MULTIPLICATION -# and any symbol beginning _ALT +# * Options that require additional build dependencies or unusual hardware. +# * Options that make testing less effective. +# * Options that are incompatible with other options, or more generally that +# interact with other parts of the code in such a way that a bulk enabling +# is not a good way to test them. +# * Options that remove features. # +# The baremetal configuration excludes options that require a library or +# operating system feature that is typically not present on bare metal +# systems. Features that are excluded from "full" won't be in "baremetal" +# either. use warnings; use strict; @@ -83,53 +108,57 @@ Options EOU my @excluded = qw( -MBEDTLS_TEST_NULL_ENTROPY +MBEDTLS_CTR_DRBG_USE_128_BIT_KEY MBEDTLS_DEPRECATED_REMOVED +MBEDTLS_DEPRECATED_WARNING +MBEDTLS_ECP_NO_INTERNAL_RNG MBEDTLS_HAVE_SSE2 -MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -MBEDTLS_ECP_DP_M221_ENABLED -MBEDTLS_ECP_DP_M383_ENABLED -MBEDTLS_ECP_DP_M511_ENABLED -MBEDTLS_MEMORY_DEBUG MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C +MBEDTLS_MEMORY_DEBUG +MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY -MBEDTLS_RSA_NO_CRT -MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_NO_UDBL_DIVISION +MBEDTLS_PKCS11_C +MBEDTLS_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_REMOVE_3DES_CIPHERSUITES +MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_RSA_NO_CRT MBEDTLS_SSL_HW_RECORD_ACCEL -MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN +MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND +MBEDTLS_TEST_NULL_ENTROPY MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_ZLIB_SUPPORT -MBEDTLS_PKCS11_C -MBEDTLS_NO_UDBL_DIVISION -MBEDTLS_NO_64BIT_MULTIPLICATION _ALT\s*$ ); # Things that should be disabled in "baremetal" my @excluded_baremetal = qw( -MBEDTLS_NET_C -MBEDTLS_TIMING_C -MBEDTLS_FS_IO MBEDTLS_ENTROPY_NV_SEED +MBEDTLS_FS_IO +MBEDTLS_HAVEGE_C MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME_DATE -MBEDTLS_DEPRECATED_WARNING -MBEDTLS_HAVEGE_C -MBEDTLS_THREADING_C -MBEDTLS_THREADING_PTHREAD MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C -MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_NET_C MBEDTLS_PLATFORM_FPRINTF_ALT +MBEDTLS_PLATFORM_NV_SEED_ALT +MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_THREADING_C +MBEDTLS_THREADING_PTHREAD +MBEDTLS_TIMING_C ); -# Things that should be enabled in "full" even if they match @excluded +# Things that should be enabled in "full" even if they match @excluded. +# Platform ALTs enable global variables that allow configuring the behavior +# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT +# which requires the application to provide relevant functions like +# non-platform ALTs. my @non_excluded = qw( -PLATFORM_[A-Z0-9]+_ALT +PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT ); # Things that should be enabled in "baremetal" diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index a08742c83bb73270e26acd3276aa18b60a75dd0c..162d93b45c4592da58477c7a3ffb4c809d31e8d8 100755 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -1,8 +1,14 @@ /* * Error message information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 064da4c388ffe702a273db2d97d38da21f7c26d7..dc91d83ed66c730f98f0ea3b99caf926c0db2113 100755 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -1,8 +1,14 @@ /* * Query Mbed TLS compile time configurations from config.h * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of Mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt old mode 100755 new mode 100644 diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 767eda1c74698b4c49514b5ac9a23bec900b5513..68868b77556aeb2ea06fc7575b651bee7a0a017a 100755 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -1,8 +1,14 @@ /* * Version feature information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -16,7 +22,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 1db7ee42a46b7620dc017735175030a5b6a93c07..1a44494344c9e23f289c22de2cf61a3572129485 100755 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -18,10 +18,11 @@ x64 - + + - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -70,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -99,7 +100,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -119,7 +120,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -143,7 +144,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 773b58a331856715da0804274c5cf255a98a1d26..b0105bdf96059dfc6f59fac78000def21aea132a 100755 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -21,7 +21,7 @@ {46CF2D25-6A36-4189-B59C-E4815388E554} Win32Proj - mbedTLS + mbedTLS @@ -45,7 +45,6 @@ false true Unicode - Windows7.1SDK @@ -85,7 +84,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include CompileAsC @@ -100,7 +99,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include CompileAsC @@ -117,7 +116,7 @@ MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include @@ -135,7 +134,7 @@ MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include diff --git a/scripts/data_files/vs2010-sln-template.sln b/scripts/data_files/vs2010-sln-template.sln old mode 100755 new mode 100644 diff --git a/scripts/data_files/vs6-app-template.dsp b/scripts/data_files/vs6-app-template.dsp old mode 100755 new mode 100644 diff --git a/scripts/data_files/vs6-main-template.dsp b/scripts/data_files/vs6-main-template.dsp old mode 100755 new mode 100644 diff --git a/scripts/data_files/vs6-workspace-template.dsw b/scripts/data_files/vs6-workspace-template.dsw old mode 100755 new mode 100644 diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 94a04cf7ecb0589fa70dec6b3418499e54be09c8..097f36bac9b8c4638efec0125b56b43702d7c0e8 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -6,6 +6,48 @@ # Usage (preferably on a 32-bit platform): # cmake -D CMAKE_BUILD_TYPE=Release . # scripts/ecc-heap.sh | tee ecc-heap.log +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci old mode 100755 new mode 100644 diff --git a/scripts/footprint.sh b/scripts/footprint.sh index c08ef1c9025c64b545f82d51a98753ee1fbf7f2d..461d6e40dd7215f23caab9fe416beea5a0d794d2 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,8 +1,46 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0c1f7e16ece5d4f3bcb0e61e76c1ba1a9c17f2b7..a2ff4f60cf88d0ce5c9a706aa84bf677d9f57df3 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -4,6 +4,48 @@ # # Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, # or generate_errors.pl include_dir data_dir error_file +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; @@ -48,12 +90,16 @@ close(FORMAT_FILE); $/ = $line_separator; my @files = <$include_dir/*.h>; +my @necessary_include_files; my @matches; foreach my $file (@files) { open(FILE, "$file"); my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, ); push(@matches, @grep_res); close FILE; + my $include_name = $file; + $include_name =~ s!.*/!!; + push @necessary_include_files, $include_name if @grep_res; } my $ll_old_define = ""; @@ -63,10 +109,10 @@ my $ll_code_check = ""; my $hl_code_check = ""; my $headers = ""; +my %included_headers; my %error_codes_seen; - foreach my $line (@matches) { next if ($line =~ /compat-1.2.h/); @@ -97,11 +143,12 @@ foreach my $line (@matches) my $include_name = $module_name; $include_name =~ tr/A-Z/a-z/; - $include_name = "" if ($include_name eq "asn1"); # Fix faulty ones $include_name = "net_sockets" if ($module_name eq "NET"); + $included_headers{"${include_name}.h"} = $module_name; + my $found_ll = grep $_ eq $module_name, @low_level_modules; my $found_hl = grep $_ eq $module_name, @high_level_modules; if (!$found_ll && !$found_hl) @@ -205,3 +252,15 @@ $error_format =~ s/HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!"; print ERROR_FILE $error_format; close(ERROR_FILE); + +my $errors = 0; +for my $include_name (@necessary_include_files) +{ + if (not $included_headers{$include_name}) + { + print STDERR "The header file \"$include_name\" defines error codes but has not been included!\n"; + ++$errors; + } +} + +exit !!$errors; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 1bd82ca2a7c9ce6576df99f40b3ddc5395cd85aa..3a83620be5fbf3d495c0591c93dfc93b891875ea 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,5 +1,46 @@ #!/usr/bin/env perl # +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index f15e03a3585354eebd776c4ea9f5e926c0aa457b..8d7b316b12c51260998982d30fda4d24025720e1 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -15,6 +15,48 @@ # function by using the template in scripts/data_files/query_config.fmt. # # Usage: ./scripts/generate_query_config.pl without arguments +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 99139767491915ad7f3678b1c42c6fc39a73c61b..6979f942a9fc73cf30f95ed1d697f4fd8c18e3ed 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -5,6 +5,48 @@ # # Must be run from mbedTLS root or scripts directory. # Takes no argument. +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; @@ -93,10 +135,10 @@ sub gen_app { $path =~ s!/!\\!g; (my $appname = $path) =~ s/.*\\//; - my $srcs = "\n \r"; + my $srcs = ""; if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { - $srcs .= "\n \r"; + $srcs .= "\r\n "; } my $content = $template; diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index 4e3342a2ca73b376738ef3835dd6954f3f1184f5..2dc422227dd1e9290010eec893c93e5aeaa7aefe 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -1,6 +1,48 @@ #!/usr/bin/env perl # Parse a massif.out.xxx file and output peak total memory usage +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; diff --git a/scripts/memory.sh b/scripts/memory.sh index 3dad2899c78f2a24a77caf22db3bced79722da10..8f8dcd7162e12dcdca622e8e0c82732a50598440 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -5,6 +5,48 @@ # # Use different build options for measuring executable size and memory usage, # since for memory we want debug information. +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 04edc38126e424435732c5dd04507fdeddda6c0e..a39a3d97db4ece4e40d80561cf57618742d99238 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -2,9 +2,47 @@ # output_env.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -13,6 +51,7 @@ # This includes: # - architecture of the system # - type and version of the operating system +# - version of make and cmake # - version of armcc, clang, gcc-arm and gcc compilers # - version of libc, clang, asan and valgrind if installed # - version of gnuTLS and OpenSSL @@ -71,6 +110,12 @@ echo echo "** Tool Versions:" echo +print_version "make" "--version" "" "head -n 1" +echo + +print_version "cmake" "--version" "" "head -n 1" +echo + if [ "${RUN_ARMCC:-1}" -ne 0 ]; then : "${ARMC5_CC:=armcc}" print_version "$ARMC5_CC" "--vsn" "" "head -n 2" @@ -105,6 +150,9 @@ echo print_version "python" "--version" "" "head -n 1" echo +print_version "python3" "--version" "" "head -n 1" +echo + # Find the installed version of Pylint. Installed as a distro package this can # be pylint3 and as a PEP egg, pylint. In test scripts We prefer pylint over # pylint3 diff --git a/scripts/rename.pl b/scripts/rename.pl index fb428098c82508eea98c169e33b7f36aebbc231c..3f47bf2f02b44901e3985756660596566a281d3c 100755 --- a/scripts/rename.pl +++ b/scripts/rename.pl @@ -1,8 +1,46 @@ #!/usr/bin/env perl # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci old mode 100755 new mode 100644 diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index df9450e14fcb885b722761ef283d1b502e0944e7..427e33b1862c0003a55988a434f1e164f7960be3 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -2,6 +2,48 @@ # Temporarily (de)ignore Makefiles generated by CMake to allow easier # git development +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** IGNORE="" diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat new file mode 100755 index 0000000000000000000000000000000000000000..e41993101d0c7d6e14b9b4182538b9aaa6fdc4c0 --- /dev/null +++ b/scripts/windows_msbuild.bat @@ -0,0 +1,20 @@ +@rem Build and test Mbed TLS with Visual Studio using msbuild. +@rem Usage: windows_msbuild [RETARGET] +@rem RETARGET: version of Visual Studio to emulate +@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset + +@rem These parameters are hard-coded for now. +set "arch=x64" & @rem "x86" or "x64" +set "cfg=Release" & @rem "Debug" or "Release" +set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" + +if not "%~1"=="" set "retarget=,PlatformToolset=%1" + +@rem If the %USERPROFILE%\Source directory exists, then running +@rem vcvarsall.bat will silently change the directory to that directory. +@rem Setting the VSCMD_START_DIR environment variable causes it to change +@rem to that directory instead. +set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010" + +"%vcvarsall%" x64 && ^ +msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln diff --git a/tests/.gitignore b/tests/.gitignore old mode 100755 new mode 100644 diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile old mode 100755 new mode 100644 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt old mode 100755 new mode 100644 diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt old mode 100755 new mode 100644 diff --git a/tests/Makefile b/tests/Makefile old mode 100755 new mode 100644 diff --git a/tests/compat.sh b/tests/compat.sh index 54bc0b7d14c8572f4a2a0c09a0a6878ab68d2a5e..7796bd2faf6ded26d833fcd81b0120a0983a203e 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -2,9 +2,47 @@ # compat.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -896,7 +934,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then @@ -945,39 +983,29 @@ setup_arguments() ;; "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" + O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key" if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; "PSK") # give RSA-PSK-capable server a RSA cert # (should be a separate type, but harder to close with openssl) - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; esac } @@ -1219,7 +1247,7 @@ run_client() { cp $CLI_OUT c-cli-${TESTS}.log echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then + if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat c-srv-${TESTS}.log echo " ! ===================================================" diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h index ed74eda63aec4e598694aa6b1ec06b88d047d474..988e1225cf2123eccc9d81627a2995af3b471f12 100755 --- a/tests/configs/config-wrapper-malloc-0-null.h +++ b/tests/configs/config-wrapper-malloc-0-null.h @@ -2,8 +2,14 @@ * Used for testing. */ /* - * Copyright (C) 2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. @@ -17,7 +23,26 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #ifndef MBEDTLS_CONFIG_H diff --git a/tests/data_files/.gitignore b/tests/data_files/.gitignore old mode 100755 new mode 100644 diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 669b406cae4b190ed87ac51a04d53fd0cf43c485..a4d124c9c838dd48933fb55f471dec4ab7cddaca 100755 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -202,6 +202,10 @@ server5-ss-forgeca.crt: server5.key $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ all_final += server5-ss-forgeca.crt +server5-tricky-ip-san.crt: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ +all_final += server5-tricky-ip-san.crt + server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt @@ -999,7 +1003,10 @@ server1.v1.der.openssl: server1.v1.crt.openssl crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ -server1_all: crl.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl +crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf + $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl # server2* diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 6f54ed0c1cea064dea8693f3c190d0318e589d67..d07241a2c6b0c5971accaf196fc391279eb21f6e 100755 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -111,7 +111,7 @@ Signing CA in parentheses (same meaning as certificates). - crl-ec-sha*.pem: (2) server6.crt - crl-future.pem: (2) server6.crt + unknown - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown -- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown +- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem - crt_cat_*.pem: (1+2) concatenations in various orders: ec = crl-ec-sha256.pem, ecfut = crl-future.pem diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/bitstring-in-dn.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_example_multi.crt b/tests/data_files/cert_example_multi.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_example_multi_nocn.crt b/tests/data_files/cert_example_multi_nocn.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_example_wildcard.crt b/tests/data_files/cert_example_wildcard.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_md2.crt b/tests/data_files/cert_md2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_md4.crt b/tests/data_files/cert_md4.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_md5.crt b/tests/data_files/cert_md5.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_sha1.crt b/tests/data_files/cert_sha1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_sha224.crt b/tests/data_files/cert_sha224.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_sha256.crt b/tests/data_files/cert_sha256.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_sha384.crt b/tests/data_files/cert_sha384.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_sha512.crt b/tests/data_files/cert_sha512.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cert_v1_with_ext.crt b/tests/data_files/cert_v1_with_ext.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa-sha1.crt b/tests/data_files/cli-rsa-sha1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa-sha256.crt b/tests/data_files/cli-rsa-sha256.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa-sha256.crt.der b/tests/data_files/cli-rsa-sha256.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa-sha256.key.der b/tests/data_files/cli-rsa-sha256.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa.key b/tests/data_files/cli-rsa.key old mode 100755 new mode 100644 diff --git a/tests/data_files/cli-rsa.key.der b/tests/data_files/cli-rsa.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/cli.opensslconf b/tests/data_files/cli.opensslconf old mode 100755 new mode 100644 diff --git a/tests/data_files/cli2.crt b/tests/data_files/cli2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/cli2.crt.der b/tests/data_files/cli2.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/cli2.key b/tests/data_files/cli2.key old mode 100755 new mode 100644 diff --git a/tests/data_files/cli2.key.der b/tests/data_files/cli2.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/crl-ec-sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/crl-ec-sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/crl-ec-sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-future.pem b/tests/data_files/crl-future.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-futureRevocationDate.pem b/tests/data_files/crl-futureRevocationDate.pem new file mode 100755 index 0000000000000000000000000000000000000000..f147a8f800d07238973138e517e0a21770fd7fa4 --- /dev/null +++ b/tests/data_files/crl-futureRevocationDate.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTI4MTIzMDIzMDAw +MFoXDTI5MTIzMDIzMDAwMFowKDASAgEBFw0yOTAxMDExMjQ0MDdaMBICAQMXDTI5 +MDEwMTEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKbL1mDpzCbLJmRZKM2KHPvK +ijS4UMnanzzYpLAwom1NI69v2fE1/EfiXv0empE6mFqnLwOG4ZP8fECfxjMXO2Ee +VhxYiRjly6q9hfIUk1e+N9ct8unNnLEBvf6Syfy9+FSO3Q/ahljpYlXsXxg62WXl +9xp5b5Ok+/0sCv0eL5uFQKXQa8hS9dZo6py7jvFDQC+wVau1mXjQW85iXMLm7vik +4lR+kfZloeq1jIbsx8cdMi32YVt7uccaqoFcjtrdrWfGmi0wvlDc8K5J0l4tIxZY +9P+T4fzSgQLdqGZ3xADheEaGTRVL/5oe5L4zRH32BZONMFCijv+j1SpWLxHE8cM= +-----END X509 CRL----- diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/crl-idp.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/crl-idpnc.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha1-badsign.pem b/tests/data_files/crl-rsa-pss-sha1-badsign.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha1.pem b/tests/data_files/crl-rsa-pss-sha1.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha224.pem b/tests/data_files/crl-rsa-pss-sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha256.pem b/tests/data_files/crl-rsa-pss-sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha384.pem b/tests/data_files/crl-rsa-pss-sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl-rsa-pss-sha512.pem b/tests/data_files/crl-rsa-pss-sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_cat_ecfut-rsa.pem b/tests/data_files/crl_cat_ecfut-rsa.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_cat_rsabadpem-ec.pem b/tests/data_files/crl_cat_rsabadpem-ec.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_expired.pem b/tests/data_files/crl_expired.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_md2.pem b/tests/data_files/crl_md2.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_md4.pem b/tests/data_files/crl_md4.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_md5.pem b/tests/data_files/crl_md5.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_sha1.pem b/tests/data_files/crl_sha1.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_sha224.pem b/tests/data_files/crl_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_sha256.pem b/tests/data_files/crl_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_sha384.pem b/tests/data_files/crl_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crl_sha512.pem b/tests/data_files/crl_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/crt_cat_rsaexp-ec.pem b/tests/data_files/crt_cat_rsaexp-ec.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dh.1000.pem b/tests/data_files/dh.1000.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dh.optlen.pem b/tests/data_files/dh.optlen.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dhparams.pem b/tests/data_files/dhparams.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/00.crt b/tests/data_files/dir-maxpath/00.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/00.key b/tests/data_files/dir-maxpath/00.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/01.crt b/tests/data_files/dir-maxpath/01.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/01.key b/tests/data_files/dir-maxpath/01.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/02.crt b/tests/data_files/dir-maxpath/02.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/02.key b/tests/data_files/dir-maxpath/02.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/03.crt b/tests/data_files/dir-maxpath/03.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/03.key b/tests/data_files/dir-maxpath/03.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/04.crt b/tests/data_files/dir-maxpath/04.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/04.key b/tests/data_files/dir-maxpath/04.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/05.crt b/tests/data_files/dir-maxpath/05.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/05.key b/tests/data_files/dir-maxpath/05.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/06.crt b/tests/data_files/dir-maxpath/06.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/06.key b/tests/data_files/dir-maxpath/06.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/07.crt b/tests/data_files/dir-maxpath/07.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/07.key b/tests/data_files/dir-maxpath/07.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/08.crt b/tests/data_files/dir-maxpath/08.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/08.key b/tests/data_files/dir-maxpath/08.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/09.crt b/tests/data_files/dir-maxpath/09.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/09.key b/tests/data_files/dir-maxpath/09.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/10.crt b/tests/data_files/dir-maxpath/10.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/10.key b/tests/data_files/dir-maxpath/10.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/11.crt b/tests/data_files/dir-maxpath/11.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/11.key b/tests/data_files/dir-maxpath/11.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/12.crt b/tests/data_files/dir-maxpath/12.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/12.key b/tests/data_files/dir-maxpath/12.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/13.crt b/tests/data_files/dir-maxpath/13.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/13.key b/tests/data_files/dir-maxpath/13.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/14.crt b/tests/data_files/dir-maxpath/14.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/14.key b/tests/data_files/dir-maxpath/14.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/15.crt b/tests/data_files/dir-maxpath/15.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/15.key b/tests/data_files/dir-maxpath/15.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/16.crt b/tests/data_files/dir-maxpath/16.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/16.key b/tests/data_files/dir-maxpath/16.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/17.crt b/tests/data_files/dir-maxpath/17.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/17.key b/tests/data_files/dir-maxpath/17.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/18.crt b/tests/data_files/dir-maxpath/18.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/18.key b/tests/data_files/dir-maxpath/18.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/19.crt b/tests/data_files/dir-maxpath/19.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/19.key b/tests/data_files/dir-maxpath/19.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/20.crt b/tests/data_files/dir-maxpath/20.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/20.key b/tests/data_files/dir-maxpath/20.key old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/Readme.txt b/tests/data_files/dir-maxpath/Readme.txt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c00.pem b/tests/data_files/dir-maxpath/c00.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c01.pem b/tests/data_files/dir-maxpath/c01.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c02.pem b/tests/data_files/dir-maxpath/c02.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c03.pem b/tests/data_files/dir-maxpath/c03.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c04.pem b/tests/data_files/dir-maxpath/c04.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c05.pem b/tests/data_files/dir-maxpath/c05.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c06.pem b/tests/data_files/dir-maxpath/c06.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c07.pem b/tests/data_files/dir-maxpath/c07.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c08.pem b/tests/data_files/dir-maxpath/c08.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c09.pem b/tests/data_files/dir-maxpath/c09.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c10.pem b/tests/data_files/dir-maxpath/c10.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c11.pem b/tests/data_files/dir-maxpath/c11.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c12.pem b/tests/data_files/dir-maxpath/c12.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c13.pem b/tests/data_files/dir-maxpath/c13.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c14.pem b/tests/data_files/dir-maxpath/c14.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c15.pem b/tests/data_files/dir-maxpath/c15.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c16.pem b/tests/data_files/dir-maxpath/c16.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c17.pem b/tests/data_files/dir-maxpath/c17.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c18.pem b/tests/data_files/dir-maxpath/c18.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c19.pem b/tests/data_files/dir-maxpath/c19.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/c20.pem b/tests/data_files/dir-maxpath/c20.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/int.opensslconf b/tests/data_files/dir-maxpath/int.opensslconf old mode 100755 new mode 100644 diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 22f3bf548e451cec25dffea8cbb7c9e75ad02144..49ec1f8e2dc89349467b77f03a3e35a94b267c02 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,4 +1,46 @@ #!/bin/sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/tests/data_files/dir1/test-ca.crt b/tests/data_files/dir1/test-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir2/test-ca.crt b/tests/data_files/dir2/test-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir2/test-ca2.crt b/tests/data_files/dir2/test-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir3/Readme b/tests/data_files/dir3/Readme old mode 100755 new mode 100644 diff --git a/tests/data_files/dir3/test-ca.crt b/tests/data_files/dir3/test-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir3/test-ca2.crt b/tests/data_files/dir3/test-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/Readme b/tests/data_files/dir4/Readme old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert11.crt b/tests/data_files/dir4/cert11.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert12.crt b/tests/data_files/dir4/cert12.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert13.crt b/tests/data_files/dir4/cert13.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert14.crt b/tests/data_files/dir4/cert14.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert21.crt b/tests/data_files/dir4/cert21.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert22.crt b/tests/data_files/dir4/cert22.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert23.crt b/tests/data_files/dir4/cert23.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert31.crt b/tests/data_files/dir4/cert31.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert32.crt b/tests/data_files/dir4/cert32.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert33.crt b/tests/data_files/dir4/cert33.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert34.crt b/tests/data_files/dir4/cert34.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert41.crt b/tests/data_files/dir4/cert41.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert42.crt b/tests/data_files/dir4/cert42.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert43.crt b/tests/data_files/dir4/cert43.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert44.crt b/tests/data_files/dir4/cert44.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert45.crt b/tests/data_files/dir4/cert45.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert51.crt b/tests/data_files/dir4/cert51.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert52.crt b/tests/data_files/dir4/cert52.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert53.crt b/tests/data_files/dir4/cert53.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert54.crt b/tests/data_files/dir4/cert54.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert61.crt b/tests/data_files/dir4/cert61.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert62.crt b/tests/data_files/dir4/cert62.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert63.crt b/tests/data_files/dir4/cert63.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert71.crt b/tests/data_files/dir4/cert71.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert72.crt b/tests/data_files/dir4/cert72.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert73.crt b/tests/data_files/dir4/cert73.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert74.crt b/tests/data_files/dir4/cert74.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert81.crt b/tests/data_files/dir4/cert81.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert82.crt b/tests/data_files/dir4/cert82.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert83.crt b/tests/data_files/dir4/cert83.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert91.crt b/tests/data_files/dir4/cert91.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/dir4/cert92.crt b/tests/data_files/dir4/cert92.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_224_prv.pem b/tests/data_files/ec_224_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_224_pub.pem b/tests/data_files/ec_224_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_256_long_prv.pem b/tests/data_files/ec_256_long_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_256_prv.pem b/tests/data_files/ec_256_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_256_pub.pem b/tests/data_files/ec_256_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_384_prv.pem b/tests/data_files/ec_384_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_384_pub.pem b/tests/data_files/ec_384_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_521_prv.pem b/tests/data_files/ec_521_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_521_pub.pem b/tests/data_files/ec_521_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_521_short_prv.pem b/tests/data_files/ec_521_short_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp256_prv.pem b/tests/data_files/ec_bp256_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp256_pub.pem b/tests/data_files/ec_bp256_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp384_prv.pem b/tests/data_files/ec_bp384_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp384_pub.pem b/tests/data_files/ec_bp384_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp512_prv.pem b/tests/data_files/ec_bp512_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_bp512_pub.pem b/tests/data_files/ec_bp512_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8.der b/tests/data_files/ec_prv.pk8.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8.pem b/tests/data_files/ec_prv.pk8.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8.pw.der b/tests/data_files/ec_prv.pk8.pw.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8.pw.pem b/tests/data_files/ec_prv.pk8.pw.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8nopub.der b/tests/data_files/ec_prv.pk8nopub.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8nopub.pem b/tests/data_files/ec_prv.pk8nopub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8nopubparam.der b/tests/data_files/ec_prv.pk8nopubparam.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8nopubparam.pem b/tests/data_files/ec_prv.pk8nopubparam.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8param.der b/tests/data_files/ec_prv.pk8param.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.pk8param.pem b/tests/data_files/ec_prv.pk8param.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.sec1.der b/tests/data_files/ec_prv.sec1.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.sec1.pem b/tests/data_files/ec_prv.sec1.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.sec1.pw.pem b/tests/data_files/ec_prv.sec1.pw.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_prv.specdom.der b/tests/data_files/ec_prv.specdom.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_pub.der b/tests/data_files/ec_pub.der old mode 100755 new mode 100644 diff --git a/tests/data_files/ec_pub.pem b/tests/data_files/ec_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/enco-ca-prstr.pem b/tests/data_files/enco-ca-prstr.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/enco-cert-utf8str.pem b/tests/data_files/enco-cert-utf8str.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/format_gen.key b/tests/data_files/format_gen.key old mode 100755 new mode 100644 diff --git a/tests/data_files/format_gen.pub b/tests/data_files/format_gen.pub old mode 100755 new mode 100644 diff --git a/tests/data_files/format_pkcs12.fmt b/tests/data_files/format_pkcs12.fmt old mode 100755 new mode 100644 diff --git a/tests/data_files/format_rsa.key b/tests/data_files/format_rsa.key old mode 100755 new mode 100644 diff --git a/tests/data_files/hash_file_1 b/tests/data_files/hash_file_1 old mode 100755 new mode 100644 diff --git a/tests/data_files/hash_file_2 b/tests/data_files/hash_file_2 old mode 100755 new mode 100644 diff --git a/tests/data_files/hash_file_3 b/tests/data_files/hash_file_3 old mode 100755 new mode 100644 diff --git a/tests/data_files/hash_file_4 b/tests/data_files/hash_file_4 old mode 100755 new mode 100644 diff --git a/tests/data_files/hash_file_5 b/tests/data_files/hash_file_5 old mode 100755 new mode 100644 diff --git a/tests/data_files/keyUsage.decipherOnly.crt b/tests/data_files/keyUsage.decipherOnly.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/mpi_10 b/tests/data_files/mpi_10 old mode 100755 new mode 100644 diff --git a/tests/data_files/mpi_too_big b/tests/data_files/mpi_too_big old mode 100755 new mode 100644 diff --git a/tests/data_files/passwd.psk b/tests/data_files/passwd.psk old mode 100755 new mode 100644 diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index d0ec13705e0d48f8e9bad91dbed70384f5f9ec59..4d0d0033a4bfff6e375c2a3e3a50179271a92c5e 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,4 +1,47 @@ #!/usr/bin/env perl +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** + use strict; use warnings; diff --git a/tests/data_files/rsa4096_prv.pem b/tests/data_files/rsa4096_prv.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa4096_pub.pem b/tests/data_files/rsa4096_pub.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa512.key b/tests/data_files/rsa512.key old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa521.key b/tests/data_files/rsa521.key old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa522.key b/tests/data_files/rsa522.key old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa528.key b/tests/data_files/rsa528.key old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_3des.pem b/tests/data_files/rsa_pkcs1_1024_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_aes128.pem b/tests/data_files/rsa_pkcs1_1024_aes128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_aes192.pem b/tests/data_files/rsa_pkcs1_1024_aes192.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_aes256.pem b/tests/data_files/rsa_pkcs1_1024_aes256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_1024_des.pem b/tests/data_files/rsa_pkcs1_1024_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_3des.pem b/tests/data_files/rsa_pkcs1_2048_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_aes128.pem b/tests/data_files/rsa_pkcs1_2048_aes128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_aes192.pem b/tests/data_files/rsa_pkcs1_2048_aes192.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_aes256.pem b/tests/data_files/rsa_pkcs1_2048_aes256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_clear.pem b/tests/data_files/rsa_pkcs1_2048_clear.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_des.pem b/tests/data_files/rsa_pkcs1_2048_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_public.der b/tests/data_files/rsa_pkcs1_2048_public.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_2048_public.pem b/tests/data_files/rsa_pkcs1_2048_public.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_3des.pem b/tests/data_files/rsa_pkcs1_4096_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_aes128.pem b/tests/data_files/rsa_pkcs1_4096_aes128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_aes192.pem b/tests/data_files/rsa_pkcs1_4096_aes192.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_aes256.pem b/tests/data_files/rsa_pkcs1_4096_aes256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_clear.pem b/tests/data_files/rsa_pkcs1_4096_clear.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs1_4096_des.pem b/tests/data_files/rsa_pkcs1_4096_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_1024_public.der b/tests/data_files/rsa_pkcs8_1024_public.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_2048_public.der b/tests/data_files/rsa_pkcs8_2048_public.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_2048_public.pem b/tests/data_files/rsa_pkcs8_2048_public.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der old mode 100755 new mode 100644 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/secp521r1_prv.der b/tests/data_files/secp521r1_prv.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/server1-ms.req.sha256 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1-nospace.crt b/tests/data_files/server1-nospace.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1-v1.crt b/tests/data_files/server1-v1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.cert_type.crt b/tests/data_files/server1.cert_type.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.cert_type.crt.openssl.v3_ext b/tests/data_files/server1.cert_type.crt.openssl.v3_ext old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.crt b/tests/data_files/server1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.crt.der b/tests/data_files/server1.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.crt.openssl.v3_ext b/tests/data_files/server1.crt.openssl.v3_ext old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.csr b/tests/data_files/server1.csr old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.der b/tests/data_files/server1.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/server1.ext_ku.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.key b/tests/data_files/server1.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.key_usage.crt.openssl.v3_ext b/tests/data_files/server1.key_usage.crt.openssl.v3_ext old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.pubkey b/tests/data_files/server1.pubkey old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.cert_type_empty b/tests/data_files/server1.req.cert_type_empty old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.key_usage_empty b/tests/data_files/server1.req.key_usage_empty old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.md4 b/tests/data_files/server1.req.md4 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.md5 b/tests/data_files/server1.req.md5 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.sha1 b/tests/data_files/server1.req.sha1 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.sha224 b/tests/data_files/server1.req.sha224 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.sha256 b/tests/data_files/server1.req.sha256 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.sha384 b/tests/data_files/server1.req.sha384 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.req.sha512 b/tests/data_files/server1.req.sha512 old mode 100755 new mode 100644 diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server10.key b/tests/data_files/server10.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem old mode 100755 new mode 100644 diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1_ca.crt b/tests/data_files/server1_ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server1_csr.opensslconf b/tests/data_files/server1_csr.opensslconf old mode 100755 new mode 100644 diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/server1_pathlen_int_max-1.crt new file mode 100755 index 0000000000000000000000000000000000000000..4944844d7db39c5d249ba4c76a224cf3d6513312 --- /dev/null +++ b/tests/data_files/server1_pathlen_int_max-1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o1YwVDASBgNVHRMECzAJAQH/AgR////+MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs +Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG +9w0BAQUFAAOCAQEAfuvq7FomQTSJmGInVwQjQddgoXpnmCZ97TpVq7jHLCFADowQ +jeiAsxmD8mwAQqw/By0U2PSmQcS7Vrn7Le0nFKNRYYrtpx5rsTFJzS/tQsgCe0Pf +zhiBgD1Dhw6PWAPmy+JlvhJF7REmFsM8KHQd0xSvJzB1gLN9FVlnd87C73bdDJZQ +Zdn977+Sn5anAFGHDWeKo8GYaYGnPBQqkX0Q2EKWR7yrwcKMogOevxELogB0jRj3 +L+nBpz7mO2J6XQ85ip+tLWAGCEHo0omAIQorAoCSqtLiaz47HxOdNK0hnM7V5k8P +05AVhxDa3WqZ9FmMaDc8j8XqmOgKYVMC4/WS0g== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/server1_pathlen_int_max.crt new file mode 100755 index 0000000000000000000000000000000000000000..517e0d678a79599f67cb1ca19e5336fa4f3c42ac --- /dev/null +++ b/tests/data_files/server1_pathlen_int_max.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o1YwVDASBgNVHRMECzAJAQH/AgR/////MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs +Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG +9w0BAQUFAAOCAQEAe5jPPMyWrKYGljJH2uh1gEh7KoYhmGIUfYu5A8Z2ou04yFZh +LDyWJnkE/qpNaIw3kPuoyGBTtADYzttPvxretUmaMyteOQe8DK/mmr8vl+gb54ZP +2jUE+R27Jp5GSGfl20LNVTBkKJloSyDaVzPI3ozje2lAsXsil8NTKbVJtfjZ9un+ +mGrpywSV7RpZC2PznGFdqQehwwnOscz0cVeMQqGcMRH3D5Bk2SjVexCaPu47QSyE +fNm6cATiNHjw/2dg5Aue7e4K+R6le+xY3Qy85Fq/lKDeMmbrJRrNyJ9lblCeihUd +qhkAEPelpaq5ZRM6cYJQoo0Ak64j4svjOZeF0g== +-----END CERTIFICATE----- diff --git a/tests/data_files/server2-badsign.crt b/tests/data_files/server2-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2-sha256.crt b/tests/data_files/server2-sha256.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2-sha256.crt.der b/tests/data_files/server2-sha256.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server2-v1-chain.crt b/tests/data_files/server2-v1-chain.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2-v1.crt b/tests/data_files/server2-v1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.crt b/tests/data_files/server2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.crt.der b/tests/data_files/server2.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.der b/tests/data_files/server2.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.key b/tests/data_files/server2.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.key.der b/tests/data_files/server2.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.ku-ds.crt b/tests/data_files/server2.ku-ds.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.ku-ds_ke.crt b/tests/data_files/server2.ku-ds_ke.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.ku-ka.crt b/tests/data_files/server2.ku-ka.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server2.ku-ke.crt b/tests/data_files/server2.ku-ke.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server3.key b/tests/data_files/server3.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server4.key b/tests/data_files/server4.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der1a.crt b/tests/data_files/server5-der1a.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der1b.crt b/tests/data_files/server5-der1b.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der2.crt b/tests/data_files/server5-der2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der8.crt b/tests/data_files/server5-der8.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-der9.crt b/tests/data_files/server5-der9.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-expired.crt b/tests/data_files/server5-expired.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-future.crt b/tests/data_files/server5-future.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-selfsigned.crt b/tests/data_files/server5-selfsigned.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-sha1.crt b/tests/data_files/server5-sha1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-sha224.crt b/tests/data_files/server5-sha224.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-sha384.crt b/tests/data_files/server5-sha384.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-sha512.crt b/tests/data_files/server5-sha512.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-ss-expired.crt b/tests/data_files/server5-ss-expired.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5-tricky-ip-san.crt b/tests/data_files/server5-tricky-ip-san.crt new file mode 100755 index 0000000000000000000000000000000000000000..135830fbecd4f22dd7085063e64a430cfb45dc54 --- /dev/null +++ b/tests/data_files/server5-tricky-ip-san.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCATygAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBTQU4w +HhcNMjAwNzIzMTAyNzQ2WhcNMzAwNzIxMTAyNzQ2WjBBMQswCQYDVQQGEwJVSzER +MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBT +QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5 +BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oyUw +IzAhBgNVHREEGjAYhwRhYmNkhxBhYmNkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC +A0gAMEUCIFDc8ZALA/9Zv7dZTWrZOOp/dgPAEJRT+h68nD6KF+XyAiEAs1QqugOo +Dwru0DSEmpYkmj1Keunpd0VopM0joC1cc5A= +-----END CERTIFICATE----- diff --git a/tests/data_files/server5.crt b/tests/data_files/server5.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.eku-cli.crt b/tests/data_files/server5.eku-cli.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.eku-cs.crt b/tests/data_files/server5.eku-cs.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.eku-cs_any.crt b/tests/data_files/server5.eku-cs_any.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.eku-srv.crt b/tests/data_files/server5.eku-srv.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.eku-srv_cli.crt b/tests/data_files/server5.eku-srv_cli.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.key b/tests/data_files/server5.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.key.der b/tests/data_files/server5.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.ku-ds.crt b/tests/data_files/server5.ku-ds.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.ku-ka.crt b/tests/data_files/server5.ku-ka.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.ku-ke.crt b/tests/data_files/server5.ku-ke.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.sha1 b/tests/data_files/server5.req.sha1 old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.sha224 b/tests/data_files/server5.req.sha224 old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.sha256 b/tests/data_files/server5.req.sha256 old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.sha384 b/tests/data_files/server5.req.sha384 old mode 100755 new mode 100644 diff --git a/tests/data_files/server5.req.sha512 b/tests/data_files/server5.req.sha512 old mode 100755 new mode 100644 diff --git a/tests/data_files/server6-ss-child.crt b/tests/data_files/server6-ss-child.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server6.key b/tests/data_files/server6.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7.key b/tests/data_files/server7.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_all_space.crt b/tests/data_files/server7_all_space.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_int-ca_ca2.crt b/tests/data_files/server7_int-ca_ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_pem_space.crt b/tests/data_files/server7_pem_space.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server7_trailing_space.crt b/tests/data_files/server7_trailing_space.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server8.key b/tests/data_files/server8.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-bad-mgfhash.crt b/tests/data_files/server9-bad-mgfhash.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-bad-saltlen.crt b/tests/data_files/server9-bad-saltlen.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-badsign.crt b/tests/data_files/server9-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-defaults.crt b/tests/data_files/server9-defaults.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-sha224.crt b/tests/data_files/server9-sha224.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-sha256.crt b/tests/data_files/server9-sha256.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-sha384.crt b/tests/data_files/server9-sha384.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-sha512.crt b/tests/data_files/server9-sha512.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9-with-ca.crt b/tests/data_files/server9-with-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.crt b/tests/data_files/server9.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.key b/tests/data_files/server9.key old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.req.sha1 b/tests/data_files/server9.req.sha1 old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.req.sha224 b/tests/data_files/server9.req.sha224 old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.req.sha256 b/tests/data_files/server9.req.sha256 old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.req.sha384 b/tests/data_files/server9.req.sha384 old mode 100755 new mode 100644 diff --git a/tests/data_files/server9.req.sha512 b/tests/data_files/server9.req.sha512 old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-alt-good.crt b/tests/data_files/test-ca-alt-good.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-alt.crt b/tests/data_files/test-ca-alt.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-alt.csr b/tests/data_files/test-ca-alt.csr old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-alt.key b/tests/data_files/test-ca-alt.key old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-good-alt.crt b/tests/data_files/test-ca-good-alt.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-sha1.crt b/tests/data_files/test-ca-sha1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-sha1.crt.der b/tests/data_files/test-ca-sha1.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-sha256.crt b/tests/data_files/test-ca-sha256.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-sha256.crt.der b/tests/data_files/test-ca-sha256.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca-v1.crt b/tests/data_files/test-ca-v1.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/test-ca.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.der b/tests/data_files/test-ca.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.key b/tests/data_files/test-ca.key old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.key.der b/tests/data_files/test-ca.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index f66b39e3ce943895e406074fc47f59ccf20de2b7..3f8d8f558974c79af4d712cf59abf5769eaeb1ee 100755 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -26,3 +26,7 @@ issuingDistributionPoint=@idpdata [idpdata] fullname=URI:http://pki.example.com/ + +# these IPs are the ascii values for 'abcd' and 'abcd.example.com' +[tricky_ip_san] +subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d diff --git a/tests/data_files/test-ca.server1.db b/tests/data_files/test-ca.server1.db old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca.server1.future-crl.db b/tests/data_files/test-ca.server1.future-crl.db new file mode 100755 index 0000000000000000000000000000000000000000..763aa1219d9f99d23981430cbf20129794c08e9e --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.db @@ -0,0 +1,2 @@ +R 210212144406Z 290101124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1 +R 210212144400Z 290101124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA diff --git a/tests/data_files/test-ca.server1.future-crl.opensslconf b/tests/data_files/test-ca.server1.future-crl.opensslconf new file mode 100755 index 0000000000000000000000000000000000000000..e9ce7543a5b60cccaf72e7fefcc84227fdb8eadd --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.opensslconf @@ -0,0 +1,18 @@ + [ ca ] + default_ca = test-ca + + [ test-ca ] + certificate = test-ca.crt + private_key = test-ca.key + serial = test-ca.server1.serial + default_md = sha1 + default_startdate = 110212144406Z + default_enddate = 210212144406Z + new_certs_dir = ./ + database = ./test-ca.server1.future-crl.db + policy = policy_match + + [policy_match] + countryName = supplied + organizationName = supplied + commonName = supplied diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf index 4a5072eae9c940b7804fcd95ec92c765eb4a4149..209b0fffa2258e946801e11edb4b12b7b1866c34 100755 --- a/tests/data_files/test-ca.server1.opensslconf +++ b/tests/data_files/test-ca.server1.opensslconf @@ -1,6 +1,6 @@ [ ca ] default_ca = test-ca - + [ test-ca ] certificate = test-ca.crt private_key = test-ca.key diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.key b/tests/data_files/test-ca2.key old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.key.der b/tests/data_files/test-ca2.key.der old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.key.enc b/tests/data_files/test-ca2.key.enc old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.ku-crl.crt b/tests/data_files/test-ca2.ku-crl.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.ku-crt.crt b/tests/data_files/test-ca2.ku-crt.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.ku-crt_crl.crt b/tests/data_files/test-ca2.ku-crt_crl.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2.ku-ds.crt b/tests/data_files/test-ca2.ku-ds.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca_printable.crt b/tests/data_files/test-ca_printable.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca_uppercase.crt b/tests/data_files/test-ca_uppercase.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-ca_utf8.crt b/tests/data_files/test-ca_utf8.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca.key b/tests/data_files/test-int-ca.key old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca2.key b/tests/data_files/test-int-ca2.key old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca3.crt b/tests/data_files/test-int-ca3.crt old mode 100755 new mode 100644 diff --git a/tests/data_files/test-int-ca3.key b/tests/data_files/test-int-ca3.key old mode 100755 new mode 100644 diff --git a/tests/git-scripts/README.md b/tests/git-scripts/README.md old mode 100755 new mode 100644 diff --git a/tests/git-scripts/pre-commit.sh b/tests/git-scripts/pre-commit.sh new file mode 100755 index 0000000000000000000000000000000000000000..fac10ccfbefd8e5675e4f06d57b12bc4aaa42ce3 --- /dev/null +++ b/tests/git-scripts/pre-commit.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +# pre-commit.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** + +# Purpose +# +# This script does quick sanity checks before commiting: +# - check that generated files are up-to-date. +# +# It is meant to be called as a git pre-commit hook, see README.md. +# +# From the git sample pre-commit hook: +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. + +set -eu + +tests/scripts/check-generated-files.sh diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 86edf5a305c969df0a3a21e66c1a23c47a802c86..4435e583139353939e549787e4e466ea4d6e2b6a 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -1,9 +1,47 @@ #!/bin/sh # pre-push.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -32,18 +70,4 @@ echo "URL is $URL" set -eu -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh -run_test ./tests/scripts/check-files.py -run_test ./tests/scripts/doxygen.sh +tests/scripts/all.sh -q -k 'check_*' diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index dd8f510dd6cb3f77811715281186e8bd6607a045..1184119e7e41462172fb45bec72d0bff5939963b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2,9 +2,47 @@ # all.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** @@ -118,8 +156,17 @@ pre_initialize_variables () { MEMORY=0 FORCE=0 + QUIET=0 KEEP_GOING=0 + # Seed value used with the --release-test option. + # + # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if + # both values are kept in sync. If you change the value here because it + # breaks some tests, you'll definitely want to change it in + # basic-build-test.sh as well. + RELEASE_SEED=1 + # Default commands, can be overridden by the environment : ${OPENSSL:="openssl"} : ${OPENSSL_LEGACY:="$OPENSSL"} @@ -131,6 +178,7 @@ pre_initialize_variables () { : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} + : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then @@ -189,9 +237,13 @@ Special options: --list-components List components supported on this platform and exit. General options: + -q|--quiet Only output component names, and errors if any. -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. + --arm-none-eabi-gcc-prefix= + Prefix for a cross-compiler for arm-none-eabi + (default: "${ARM_NONE_EABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). --except Exclude the COMPONENTs listed on the command line, instead of running only those. @@ -199,9 +251,10 @@ General options: --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). --no-memory No additional memory tests (default). + --no-quiet Print full ouput from components. --out-of-source-dir= Directory used for CMake out-of-source build tests. --random-seed Use a random seed value for randomized tests (default). - -r|--release-test Run this script in release mode. This fixes the seed value to 1. + -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. -s|--seed Integer seed value to use for this test run. Tool path options: @@ -265,6 +318,11 @@ msg() else current_section="$1" fi + + if [ $QUIET -eq 1 ]; then + return + fi + echo "" echo "******************************************************************" echo "* $current_section " @@ -276,9 +334,13 @@ armc6_build_test() { FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" + msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-xc -std=c99' make lib + + msg "size: ARM Compiler 6 ($FLAGS)" + "$ARMC6_FROMELF" -z library/*.o + make clean } @@ -312,6 +374,7 @@ pre_parse_command_line () { while [ $# -gt 0 ]; do case "$1" in + --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; @@ -330,12 +393,14 @@ pre_parse_command_line () { --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; + --no-quiet) QUIET=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --quiet|-q) QUIET=1;; --random-seed) unset SEED;; - --release-test|-r) SEED=1;; + --release-test|-r) SEED=$RELEASE_SEED;; --seed|-s) shift; SEED="$1";; -*) echo >&2 "Unknown option: $1" @@ -415,7 +480,7 @@ pre_setup_keep_going () { failure_summary="$failure_summary $text" failure_count=$((failure_count + 1)) - echo "${start_red}^^^^$text^^^^${end_color}" + echo "${start_red}^^^^$text^^^^${end_color}" >&2 fi } make () { @@ -461,7 +526,23 @@ not() { ! "$@" } +pre_setup_quiet_redirect () { + if [ $QUIET -ne 1 ]; then + redirect_out () { + "$@" + } + else + redirect_out () { + "$@" >/dev/null + } + fi +} + pre_print_configuration () { + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -511,7 +592,7 @@ pre_check_tools () { esac case " $RUN_COMPONENTS " in - *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";; esac case " $RUN_COMPONENTS " in @@ -526,11 +607,19 @@ pre_check_tools () { *_armcc*) ARMC5_CC="$ARMC5_BIN_DIR/armcc" ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf" ARMC6_CC="$ARMC6_BIN_DIR/armclang" ARMC6_AR="$ARMC6_BIN_DIR/armar" - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \ + "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac + # past this point, no call to check_tool, only printing output + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: output_env.sh" case $RUN_COMPONENTS in *_armcc*) @@ -573,8 +662,20 @@ component_check_doxy_blocks () { } component_check_files () { - msg "test: check-files.py" # < 1s - record_status tests/scripts/check-files.py + msg "Check: file sanity checks (permissions, encodings)" # < 1s + record_status tests/scripts/check_files.py +} + +component_check_changelog () { + msg "Check: changelog entries" # < 1s + rm -f ChangeLog.new + record_status scripts/assemble_changelog.py -o ChangeLog.new + if [ -e ChangeLog.new ]; then + # Show the diff for information. It isn't an error if the diff is + # non-empty. + diff -u ChangeLog ChangeLog.new || true + rm ChangeLog.new + fi } component_check_names () { @@ -618,7 +719,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest + if_build_succeeded programs/test/selftest } component_test_default_cmake_gcc_asan () { @@ -629,6 +730,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh @@ -645,6 +749,9 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test + msg "test: selftest (ASan build)" # ~ 10s + if_build_succeeded programs/test/selftest + msg "test: ssl-opt.sh (full config, ASan build)" if_build_succeeded tests/ssl-opt.sh @@ -757,6 +864,110 @@ component_test_rsa_no_crt () { if_build_succeeded tests/compat.sh -t RSA } +component_test_no_ctr_drbg () { + msg "build: Full minus CTR_DRBG" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_CTR_DRBG_C + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: no CTR_DRBG" + make test + + # no ssl-opt.sh/compat.sh as they all depend on CTR_DRBG so far +} + +component_test_no_hmac_drbg () { + msg "build: Full minus HMAC_DRBG" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_HMAC_DRBG_C + scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: no HMAC_DRBG" + make test + + # No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far, + # so there's little value in running those lengthy tests here. +} + +component_test_no_drbg_all_hashes () { + # this tests the internal ECP DRBG using a KDF based on SHA-512 + msg "build: Default minus DRBGs" + scripts/config.pl unset MBEDTLS_CTR_DRBG_C + scripts/config.pl unset MBEDTLS_HMAC_DRBG_C + scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: Default minus DRBGs" + make test + + # no SSL tests as they all depend on having a DRBG +} + +component_test_no_drbg_no_sha512 () { + # this tests the internal ECP DRBG using a KDF based on SHA-256 + msg "build: Default minus DRBGs minus SHA-512" + scripts/config.pl unset MBEDTLS_CTR_DRBG_C + scripts/config.pl unset MBEDTLS_HMAC_DRBG_C + scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + scripts/config.pl unset MBEDTLS_SHA512_C + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: Default minus DRBGs minus SHA-512" + make test + + # no SSL tests as they all depend on having a DRBG +} + +component_test_ecp_no_internal_rng () { + msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" + scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG + scripts/config.pl unset MBEDTLS_CTR_DRBG_C + scripts/config.pl unset MBEDTLS_HMAC_DRBG_C + scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" + make test + + # no SSL tests as they all depend on having a DRBG +} + +component_test_ecp_restartable_no_internal_rng () { + msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" + scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG + scripts/config.pl set MBEDTLS_ECP_RESTARTABLE + scripts/config.pl unset MBEDTLS_CTR_DRBG_C + scripts/config.pl unset MBEDTLS_HMAC_DRBG_C + scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" + make test + + # no SSL tests as they all depend on having a DRBG +} + component_test_small_ssl_out_content_len () { msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 @@ -818,24 +1029,72 @@ component_test_full_cmake_clang () { if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } -component_build_deprecated () { - msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s +component_test_memsan_constant_flow () { + # This tests both (1) accesses to undefined memory, and (2) branches or + # memory access depending on secret values. To distinguish between those: + # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? + # - or alternatively, change the build type to MemSanDbg, which enables + # origin tracking and nicer stack traces (which are useful for debugging + # anyway), and check if the origin was TEST_CF_SECRET() or something else. + msg "build: cmake MSan (clang), full config with constant flow testing" scripts/config.pl full - scripts/config.pl set MBEDTLS_DEPRECATED_WARNING - # Build with -O -Wextra to catch a maximum of issues. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm + CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . + make - msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s - # No cleanup, just tweak the configuration and rebuild - make clean - scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + msg "test: main suites (Msan + constant flow)" + make test +} + +component_test_valgrind_constant_flow () { + # This tests both (1) everything that valgrind's memcheck usually checks + # (heap buffer overflows, use of uninitialized memory, use-after-free, + # etc.) and (2) branches or memory access depending on secret values, + # which will be reported as uninitialized memory. To distinguish between + # secret and actually uninitialized: + # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? + # - or alternatively, build with debug info and manually run the offending + # test suite with valgrind --track-origins=yes, then check if the origin + # was TEST_CF_SECRET() or something else. + msg "build: cmake release GCC, full config with constant flow testing" + scripts/config.pl full + scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + cmake -D CMAKE_BUILD_TYPE:String=Release . + make + + # this only shows a summary of the results (how many of each type) + # details are left in Testing//DynamicAnalysis.xml + msg "test: main suites (valgrind + constant flow)" + make memcheck +} + +component_test_default_no_deprecated () { + # Test that removing the deprecated features from the default + # configuration leaves something consistent. + msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED - # Build with -O -Wextra to catch a maximum of issues. - make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs - make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s + make test } +component_test_full_deprecated_warning () { + # Test that there is nothing deprecated in the full configuration. + # A deprecated feature would trigger a warning (made fatal) from + # MBEDTLS_DEPRECATED_WARNING. + msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED + scripts/config.pl set MBEDTLS_DEPRECATED_WARNING + # There are currently no tests for any deprecated feature. + # If some are added, 'make test' would trigger warnings here. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' + + msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s + make test +} component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min @@ -886,6 +1145,7 @@ component_test_check_params_without_platform () { scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -915,6 +1175,7 @@ component_test_no_platform () { scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_FS_IO # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, @@ -929,6 +1190,7 @@ component_build_no_std_function () { scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' } @@ -1013,6 +1275,7 @@ component_test_null_entropy () { scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_HAVEGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . @@ -1022,6 +1285,16 @@ component_test_null_entropy () { make test } +component_test_no_date_time () { + msg "build: default config without MBEDTLS_HAVE_TIME_DATE" + scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE + CC=gcc cmake + make + + msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" + make test +} + component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" scripts/config.pl set MBEDTLS_PLATFORM_MEMORY @@ -1095,7 +1368,7 @@ test_build_opt () { info=$1 cc=$2; shift 2 for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror" + make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 @@ -1226,45 +1499,63 @@ component_test_no_64bit_multiplication () { } component_build_arm_none_eabi_gcc () { - msg "build: arm-none-eabi-gcc, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.pl baremetal - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.pl baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o +} + +component_build_arm_none_eabi_gcc_m0plus () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s + scripts/config.pl baremetal + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + + msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" + ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + msg "build: ${ARM_NONE_EABI_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.pl baremetal scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } component_build_armcc () { - msg "build: ARM Compiler 5, make" + msg "build: ARM Compiler 5" scripts/config.pl baremetal - make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + + msg "size: ARM Compiler 5" + "$ARMC5_FROMELF" -z library/*.o + make clean # ARM Compiler 6 - Target ARMv7-A @@ -1409,15 +1700,6 @@ component_test_zeroize () { unset gdb_disable_aslr } -support_check_python_files () { - # Find the installed version of Pylint. Installed as a distro package this can - # be pylint3 and as a PEP egg, pylint. - if type pylint >/dev/null 2>/dev/null || type pylint3 >/dev/null 2>/dev/null; then - true; - else - false; - fi -} component_check_python_files () { msg "Lint: Python scripts" record_status tests/scripts/check-python-files.sh @@ -1425,7 +1707,10 @@ component_check_python_files () { component_check_generate_test_code () { msg "uint test: generate_test_code.py" - record_status ./tests/scripts/test_generate_test_code.py + # unittest writes out mundane stuff like number or tests run on stderr. + # Our convention is to reserve stderr for actual errors, and write + # harmless info on stdout so it can be suppress with --quiet. + record_status ./tests/scripts/test_generate_test_code.py 2>&1 } ################################################################ @@ -1451,8 +1736,17 @@ run_component () { # The cleanup function will restore it. cp -p "$CONFIG_H" "$CONFIG_BAK" current_component="$1" - "$@" + + # Run the component code. + if [ $QUIET -eq 1 ]; then + # msg() is silenced, so just print the component name here + echo "${current_component#component_}" + fi + redirect_out "$@" + + # Restore the build tree to a clean state. cleanup + unset current_component } # Preliminary setup @@ -1469,6 +1763,7 @@ else "$@" } fi +pre_setup_quiet_redirect pre_print_configuration pre_check_tools cleanup diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 8990dfbea6609752f8ee21e8224dee5589c87d50..b8f624256a6aac4552f91390d3b8b16fccd8a65f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,9 +2,47 @@ # basic-build-tests.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -43,6 +81,14 @@ fi : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} +# Used to make ssl-opt.sh deterministic. +# +# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept +# in sync. If you change the value here because it breaks some tests, you'll +# definitely want to change it in all.sh as well. +: ${SEED:=1} +export SEED + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # we just export the variables they require export OPENSSL_CMD="$OPENSSL" @@ -67,7 +113,6 @@ export CFLAGS=' --coverage -g3 -O0 ' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make -j @@ -75,15 +120,19 @@ make -j TEST_OUTPUT=out_${PPID} cd tests -# Step 2a - Unit Tests +if [ ! -f "seedfile" ]; then + dd if=/dev/urandom of="seedfile" bs=64 count=1 +fi + +# Step 2a - Unit Tests (keep going even if some tests fail) perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT echo -# Step 2b - System Tests +# Step 2b - System Tests (keep going even if some tests fail) sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo -# Step 2c - Compatibility tests +# Step 2c - Compatibility tests (keep going even if some tests fail) sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ tee compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_LEGACY" \ @@ -100,7 +149,15 @@ echo # Step 3 - Process the coverage report cd .. -make lcov |tee tests/cov-$TEST_OUTPUT +{ + make lcov + echo SUCCESS +} | tee tests/cov-$TEST_OUTPUT + +if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then + echo >&2 "Fatal: 'make lcov' failed" + exit 2 +fi # Step 4 - Summarise the test report @@ -192,10 +249,12 @@ echo # Step 4e - Coverage echo "Coverage" -LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') -LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') -FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') -FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +LINES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') +LINES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') +FUNCS_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') +FUNCS_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +BRANCHES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* branches)$/\1/p') +BRANCHES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) branches)$/\1/p') LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" @@ -203,11 +262,14 @@ LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10)) FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL)) FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))" +BRANCHES_PERCENT=$((1000*$BRANCHES_TESTED/$BRANCHES_TOTAL)) +BRANCHES_PERCENT="$(($BRANCHES_PERCENT/10)).$(($BRANCHES_PERCENT-($BRANCHES_PERCENT/10)*10))" + echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%" echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" +echo "Branches Tested : $BRANCHES_TESTED of $BRANCHES_TOTAL $BRANCHES_PERCENT%" echo - rm unit-test-$TEST_OUTPUT rm sys-test-$TEST_OUTPUT rm compat-test-$TEST_OUTPUT @@ -220,3 +282,7 @@ make clean if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi + +if [ $TOTAL_FAIL -ne 0 ]; then + exit 1 +fi diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 49676999274e36b70d6d90b834fe23b58779bd8e..a8aff0b93c1559b6663d415b32d0dc5bce767825 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -7,6 +7,48 @@ # sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen - # but that would warn about any undocumented item, while our goal is to find # items that are documented, but not marked as such by mistake. +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 065ea33a2a1f3e573856b9826b3f06645e4304c4..8c7300e7a94873dda863c85164d6c61c308baded 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,8 +1,46 @@ #! /usr/bin/env sh -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2018, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -10,11 +48,29 @@ set -eu +if [ $# -ne 0 ] && [ "$1" = "--help" ]; then + cat <&2 exit 1 fi +UPDATE= +if [ $# -ne 0 ] && [ "$1" = "-u" ]; then + shift + UPDATE='y' +fi + check() { SCRIPT=$1 @@ -40,9 +96,15 @@ check() for FILE in $FILES; do if ! diff $FILE $FILE.bak >/dev/null 2>&1; then echo "'$FILE' was either modified or deleted by '$SCRIPT'" - exit 1 + if [ -z "$UPDATE" ]; then + exit 1 + fi + fi + if [ -z "$UPDATE" ]; then + mv $FILE.bak $FILE + else + rm $FILE.bak fi - mv $FILE.bak $FILE if [ -d $TO_CHECK ]; then # Create a grep regular expression that we can check against the @@ -59,7 +121,9 @@ check() # Check if there are any new files if ls -1 $TO_CHECK | grep -v "$PATTERN" >/dev/null 2>&1; then echo "Files were created by '$SCRIPT'" - exit 1 + if [ -z "$UPDATE" ]; then + exit 1 + fi fi fi } diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 90ecfd2726280524f23ae435314cffe07919bbbb..5f3b5a719740e07c4cd3866bd196fbdc2f72aa30 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -1,8 +1,46 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 6b864d264a928d443463b601729fe19a705756f2..82890914379e5dfcf3342c1faf555bc0418bf384 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,23 +1,56 @@ #! /usr/bin/env sh -# This file is part of Mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2018, Arm Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose: # # Run 'pylint' on Python files for programming errors and helps enforcing # PEP8 coding standards. -# Find the installed version of Pylint. Installed as a distro package this can -# be pylint3 and as a PEP egg, pylint. We prefer pylint over pylint3 -if type pylint >/dev/null 2>/dev/null; then - PYLINT=pylint -elif type pylint3 >/dev/null 2>/dev/null; then - PYLINT=pylint3 +if type python3 >/dev/null 2>/dev/null; then + PYTHON=python3 else - echo 'Pylint was not found.' - exit 1 + PYTHON=python fi -$PYLINT -j 2 scripts/*.py tests/scripts/*.py +$PYTHON -m pylint -j 2 scripts/*.py tests/scripts/*.py diff --git a/tests/scripts/check-files.py b/tests/scripts/check_files.py similarity index 51% rename from tests/scripts/check-files.py rename to tests/scripts/check_files.py index 255bed8b93a4ae3d05a176fa4049d20df322c4b6..2e04650216dd1475e5a755feef0ed30eb3ecce97 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check_files.py @@ -1,7 +1,46 @@ #!/usr/bin/env python3 -# This file is part of Mbed TLS (https://tls.mbed.org) -# Copyright (c) 2018, Arm Limited, All Rights Reserved +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** """ This script checks the current state of the source code for minor issues, @@ -14,43 +53,76 @@ import os import argparse import logging import codecs +import re +import subprocess import sys -class FileIssueTracker(object): +class FileIssueTracker: """Base class for file-wide issue tracking. To implement a checker that processes a file as a whole, inherit from this class and implement `check_file_for_issue` and define ``heading``. - ``files_exemptions``: files whose name ends with a string in this set + ``suffix_exemptions``: files whose name ends with a string in this set will not be checked. + ``path_exemptions``: files whose path (relative to the root of the source + tree) matches this regular expression will not be checked. This can be + ``None`` to match no path. Paths are normalized and converted to ``/`` + separators before matching. + ``heading``: human-readable description of the issue """ - files_exemptions = frozenset() + suffix_exemptions = frozenset() + path_exemptions = None # heading must be defined in derived classes. # pylint: disable=no-member def __init__(self): self.files_with_issues = {} + @staticmethod + def normalize_path(filepath): + """Normalize ``filepath`` with / as the directory separator.""" + filepath = os.path.normpath(filepath) + # On Windows, we may have backslashes to separate directories. + # We need slashes to match exemption lists. + seps = os.path.sep + if os.path.altsep is not None: + seps += os.path.altsep + return '/'.join(filepath.split(seps)) + def should_check_file(self, filepath): - for files_exemption in self.files_exemptions: + """Whether the given file name should be checked. + + Files whose name ends with a string listed in ``self.suffix_exemptions`` + or whose path matches ``self.path_exemptions`` will not be checked. + """ + for files_exemption in self.suffix_exemptions: if filepath.endswith(files_exemption): return False + if self.path_exemptions and \ + re.match(self.path_exemptions, self.normalize_path(filepath)): + return False return True def check_file_for_issue(self, filepath): + """Check the specified file for the issue that this class is for. + + Subclasses must implement this method. + """ raise NotImplementedError def record_issue(self, filepath, line_number): + """Record that an issue was found at the specified location.""" if filepath not in self.files_with_issues.keys(): self.files_with_issues[filepath] = [] self.files_with_issues[filepath].append(line_number) def output_file_issues(self, logger): + """Log all the locations where the issue was found.""" if self.files_with_issues.values(): logger.info(self.heading) for filename, lines in sorted(self.files_with_issues.items()): @@ -62,6 +134,17 @@ class FileIssueTracker(object): logger.info(filename) logger.info("") +BINARY_FILE_PATH_RE_LIST = [ + r'docs/.*\.pdf\Z', + r'programs/fuzz/corpuses/[^.]+\Z', + r'tests/data_files/[^.]+\Z', + r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z', + r'tests/data_files/.*\.req\.[^/]+\Z', + r'tests/data_files/.*malformed[^/]+\Z', + r'tests/data_files/format_pkcs12\.fmt\Z', +] +BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST)) + class LineIssueTracker(FileIssueTracker): """Base class for line-by-line issue tracking. @@ -69,7 +152,14 @@ class LineIssueTracker(FileIssueTracker): this class and implement `line_with_issue`. """ + # Exclude binary files. + path_exemptions = BINARY_FILE_PATH_RE + def issue_with_line(self, line, filepath): + """Check the specified line for the issue that this class is for. + + Subclasses must implement this method. + """ raise NotImplementedError def check_file_line(self, filepath, line, line_number): @@ -77,10 +167,20 @@ class LineIssueTracker(FileIssueTracker): self.record_issue(filepath, line_number) def check_file_for_issue(self, filepath): + """Check the lines of the specified file. + + Subclasses must implement the ``issue_with_line`` method. + """ with open(filepath, "rb") as f: for i, line in enumerate(iter(f.readline, b"")): self.check_file_line(filepath, line, i + 1) + +def is_windows_file(filepath): + _root, ext = os.path.splitext(filepath) + return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj') + + class PermissionIssueTracker(FileIssueTracker): """Track files with bad permissions. @@ -101,9 +201,18 @@ class EndOfFileNewlineIssueTracker(FileIssueTracker): heading = "Missing newline at end of file:" + path_exemptions = BINARY_FILE_PATH_RE + def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: - if not f.read().endswith(b"\n"): + try: + f.seek(-1, 2) + except OSError: + # This script only works on regular files. If we can't seek + # 1 before the end, it means that this position is before + # the beginning of the file, i.e. that the file is empty. + return + if f.read(1) != b"\n": self.files_with_issues[filepath] = None @@ -113,26 +222,48 @@ class Utf8BomIssueTracker(FileIssueTracker): heading = "UTF-8 BOM present:" + suffix_exemptions = frozenset([".vcxproj", ".sln"]) + path_exemptions = BINARY_FILE_PATH_RE + def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: if f.read().startswith(codecs.BOM_UTF8): self.files_with_issues[filepath] = None -class LineEndingIssueTracker(LineIssueTracker): +class UnixLineEndingIssueTracker(LineIssueTracker): """Track files with non-Unix line endings (i.e. files with CR).""" - heading = "Non Unix line endings:" + heading = "Non-Unix line endings:" + + def should_check_file(self, filepath): + if not super().should_check_file(filepath): + return False + return not is_windows_file(filepath) def issue_with_line(self, line, _filepath): return b"\r" in line +class WindowsLineEndingIssueTracker(LineIssueTracker): + """Track files with non-Windows line endings (i.e. CR or LF not in CRLF).""" + + heading = "Non-Windows line endings:" + + def should_check_file(self, filepath): + if not super().should_check_file(filepath): + return False + return is_windows_file(filepath) + + def issue_with_line(self, line, _filepath): + return not line.endswith(b"\r\n") or b"\r" in line[:-2] + + class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" heading = "Trailing whitespace:" - files_exemptions = frozenset(".md") + suffix_exemptions = frozenset([".dsp", ".md"]) def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() @@ -142,9 +273,11 @@ class TabIssueTracker(LineIssueTracker): """Track lines with tabs.""" heading = "Tabs present:" - files_exemptions = frozenset([ - "Makefile", - "generate_visualc_files.pl", + suffix_exemptions = frozenset([ + ".pem", # some openssl dumps have tabs + ".sln", + "/Makefile", + "/generate_visualc_files.pl", ]) def issue_with_line(self, line, _filepath): @@ -169,7 +302,7 @@ class MergeArtifactIssueTracker(LineIssueTracker): return False -class IntegrityChecker(object): +class IntegrityChecker: """Sanity-check files under the current directory.""" def __init__(self, log_file): @@ -179,20 +312,12 @@ class IntegrityChecker(object): self.check_repo_path() self.logger = None self.setup_logger(log_file) - self.files_to_check = ( - ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", - "Makefile", "CMakeLists.txt", "ChangeLog" - ) - self.excluded_directories = ['.git', 'mbed-os'] - self.excluded_paths = list(map(os.path.normpath, [ - 'cov-int', - 'examples', - ])) self.issues_to_check = [ PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), Utf8BomIssueTracker(), - LineEndingIssueTracker(), + UnixLineEndingIssueTracker(), + WindowsLineEndingIssueTracker(), TrailingWhitespaceIssueTracker(), TabIssueTracker(), MergeArtifactIssueTracker(), @@ -213,23 +338,22 @@ class IntegrityChecker(object): console = logging.StreamHandler() self.logger.addHandler(console) - def prune_branch(self, root, d): - if d in self.excluded_directories: - return True - if os.path.normpath(os.path.join(root, d)) in self.excluded_paths: - return True - return False + @staticmethod + def collect_files(): + bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) + bytes_filepaths = bytes_output.split(b'\0')[:-1] + ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) + # Prepend './' to files in the top-level directory so that + # something like `'/Makefile' in fp` matches in the top-level + # directory as well as in subdirectories. + return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp) + for fp in ascii_filepaths] def check_files(self): - for root, dirs, files in os.walk("."): - dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) - for filename in sorted(files): - filepath = os.path.join(root, filename) - if not filepath.endswith(self.files_to_check): - continue - for issue_to_check in self.issues_to_check: - if issue_to_check.should_check_file(filepath): - issue_to_check.check_file_for_issue(filepath) + for issue_to_check in self.issues_to_check: + for filepath in self.collect_files(): + if issue_to_check.should_check_file(filepath): + issue_to_check.check_file_for_issue(filepath) def output_issues(self): integrity_return_code = 0 diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index ddc90c580a58eb0d3eb46b16d54fc455acc8e3d0..0673430f8d483d698651221eea9f2dc4e1bc733f 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -2,7 +2,47 @@ # curves.pl # -# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index f57e7ed88d9f347b306af06cbe0e93b83845b1df..dcaec8c34e299f0c288aab7ebf6597674852230e 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -2,7 +2,47 @@ # depends-hashes.pl # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 97a43e881b4ad3cde37eaf8800846ea310ecd8a2..b5a932e8304cf82e0565b3b27bc60368a7010c63 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -2,7 +2,47 @@ # depends-pkalgs.pl # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index e7758c9e8815634938dd831532a91bc1c1fb9f0f..a249bc7e4e130c5725571ad806594fc692a75177 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -1,6 +1,48 @@ #!/bin/sh # Make sure the doxygen documentation builds without warnings +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # Abort on errors (and uninitiliased variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 3c074be19f915e70a579a4d36673708ba8ea1fac..9ed0372a9b8291d931987e7f8d5b1c5b13801efe 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -3,6 +3,48 @@ # Based on NIST CTR_DRBG.rsp validation file # Only uses AES-256-CTR cases that use a Derivation function # and concats nonce and personalization for initialization. +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 03809cb946a4b6beec9381e04ba5cfa88097d423..0b4613dbff198d402ea2c0e8e1e41dd2f27ff0df 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -2,6 +2,48 @@ # # Based on NIST gcmDecryptxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 29ec677da15a5d85adbd0782da743898b1d08c2d..5962a3c1e4761ba704e93cb9375af5898d8a2d10 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -2,6 +2,48 @@ # # Based on NIST gcmEncryptIntIVxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 110cb4b07e48bd7cc7408c5bf84384377f60c96b..c17559ca51daff9eeaf678bebc6d1dd471b82a21 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,5 +1,46 @@ #!/usr/bin/env perl # +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index cbc2f5906271cdc4567e6c8e881107bf38cc64f8..22bea9d2be8fdbe7f42a481fef62be9e73219c10 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -7,6 +7,48 @@ # Usage: generate-afl-tests.sh # - should be the path to one of the test suite files # such as 'test_suite_mpi.data' +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # Abort on errors set -e diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 1fff09992c0372f0f7e1b638c401c19623507bd1..f452b3767a8f4cba48d3cac0592a00b35e80e165 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -1,8 +1,14 @@ #!/usr/bin/env python3 # Test suites code generator. # -# Copyright (C) 2018, Arm Limited, All Rights Reserved -# SPDX-License-Identifier: Apache-2.0 +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. @@ -16,7 +22,26 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# This file is part of Mbed TLS (https://tls.mbed.org) +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** """ This script is a key part of Mbed TLS test suites framework. For @@ -208,7 +233,7 @@ class GeneratorInputError(Exception): pass -class FileWrapper(io.FileIO, object): +class FileWrapper(io.FileIO): """ This class extends built-in io.FileIO class with attribute line_no, that indicates line number for the line that is read. @@ -402,8 +427,7 @@ def parse_dependencies(inp_str): :param inp_str: Input string with macros delimited by ':'. :return: list of dependencies """ - dependencies = [dep for dep in map(validate_dependency, - inp_str.split(':'))] + dependencies = list(map(validate_dependency, inp_str.split(':'))) return dependencies diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 3bf7ae34faa94af9ed7ca80803c7056531009d39..47da6636027f0c80963befb6bf6babe54bf9fa23 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -2,7 +2,47 @@ # key-exchanges.pl # -# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index 21c25b33ec747913e4906d418c692c583ea62400..4e47fd40cf5884977739ff2b6fa49421ffda8683 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -1,4 +1,46 @@ #!/usr/bin/env perl +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index cc9c54fad62c8a5f0e355605ce1d850c67365450..d01e5b630cd1768d9d327b75fdddc2f967d43bdb 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -5,6 +5,48 @@ # Outputs the line count of the file to stdout. # # Usage: list-identifiers.sh [ -i | --internal ] +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 3c84adba63a239d67bfdd43c6d91d232ea9e1b31..cb61c4fd4737d16709d7eff14b8a1469f8d13ce2 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -1,4 +1,46 @@ #!/bin/sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 930722c1bb8aa17053956e3dc5b03226c9c4a054..de6a85dc9a117101864e87c5dda4082c419a6213 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -1,4 +1,46 @@ #!/bin/sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** set -eu diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 8f24435bfef396f01fc05a9cf71b65bb67b91ec5..f7c6a8ac3ee7199a09e635e19ef25fdd320f1ef8 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -1,7 +1,15 @@ +#!/usr/bin/env python3 + # Greentea host test script for Mbed TLS on-target test suite testing. # -# Copyright (C) 2018, Arm Limited, All Rights Reserved -# SPDX-License-Identifier: Apache-2.0 +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. @@ -15,7 +23,26 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# This file is part of Mbed TLS (https://tls.mbed.org) +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** """ @@ -46,7 +73,7 @@ class TestDataParserError(Exception): pass -class TestDataParser(object): +class TestDataParser: """ Parses test name, dependencies, test function name and test parameters from the data file. @@ -260,7 +287,7 @@ class MbedTlsTest(BaseHostTest): data_bytes += bytearray(dependencies) data_bytes += bytearray([function_id, len(parameters)]) for typ, param in parameters: - if typ == 'int' or typ == 'exp': + if typ in ('int', 'exp'): i = int(param, 0) data_bytes += b'I' if typ == 'int' else b'E' self.align_32bit(data_bytes) diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 431e59211540c4339fb6384557c39809613a2f0a..51b0c03c2a4a130f0b7e1e381e906e33ae7ee545 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -7,6 +7,48 @@ # an unbounded way, those functions should use interation instead. # # Typical usage: scripts/recursion.pl library/*.c +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index d06badd236e1c7af91621f0fd4f4c35534630b4e..23c6d2231e7208e29e16055b602e9d146eb56dfc 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -2,9 +2,47 @@ # run-test-suites.pl # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** =head1 SYNOPSIS diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 11cbf1b1bc4f9e6db4c433f04aa7ddf91150da88..6b198960c975dd9cd6748bb739d5c6ee9893eee4 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -4,6 +4,48 @@ # Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1 # DATA: hex-encoded data to send to the server # RESPONSE: regexp that must match the server's response +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** use warnings; use strict; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 80d5f38751b40c6fc400fba6d57d7c02557e0d0d..a8bfa6e904fbf6c0fd635946e1573126eafba022 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -2,9 +2,47 @@ # test-ref-configs.pl # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index 6d7113e18bee53c2a9010f3e7df278bdbf63cde5..e64d26dac3a41266c37ce66a29812d6676c8a9f3 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -1,8 +1,14 @@ #!/usr/bin/env python3 # Unit test for generate_test_code.py # -# Copyright (C) 2018, Arm Limited, All Rights Reserved -# SPDX-License-Identifier: Apache-2.0 +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. @@ -16,7 +22,26 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# This file is part of Mbed TLS (https://tls.mbed.org) +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** """ Unit tests for generate_test_code.py @@ -294,7 +319,7 @@ class GenDispatch(TestCase): self.assertEqual(code, expected) -class StringIOWrapper(StringIO, object): +class StringIOWrapper(StringIO): """ file like class to mock file object in tests. """ @@ -1127,9 +1152,8 @@ Diffie-Hellman selftest dhm_selftest: """ stream = StringIOWrapper('test_suite_ut.function', data) - tests = [(name, test_function, dependencies, args) - for name, test_function, dependencies, args in - parse_test_data(stream)] + # List of (name, function_name, dependencies, args) + tests = list(parse_test_data(stream)) test1, test2, test3, test4 = tests self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1') self.assertEqual(test1[1], 'dhm_do_dhm') @@ -1170,9 +1194,8 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" """ stream = StringIOWrapper('test_suite_ut.function', data) - tests = [(name, function_name, dependencies, args) - for name, function_name, dependencies, args in - parse_test_data(stream)] + # List of (name, function_name, dependencies, args) + tests = list(parse_test_data(stream)) test1, test2 = tests self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1') self.assertEqual(test1[1], 'dhm_do_dhm') diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c929c88a0f90743c484fa7e3df7dfdd2b901efd9..a7536c40642c455ad1e97251d121cf99b8c583bb 100755 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,46 @@ # test_zeroize.gdb # -# This file is part of Mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2018, Arm Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -31,19 +69,13 @@ # the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. -# -# WARNING: There does not seem to be a mechanism in GDB scripts to set a -# breakpoint at the end of a function (probably because there are a lot of -# complications as function can have multiple exit points, etc). Therefore, it -# was necessary to hard-code the line number of the breakpoint in the zeroize.c -# test app. The assumption is that zeroize.c is a simple test app that does not -# change often (as opposed to the actual library code), so the breakpoint line -# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:100 + +search GDB_BREAK_HERE +break $_ set args ./programs/test/zeroize.c run diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 9866ca7da82f129060521db960fcee799582a0f7..df32bc58674dc4d4a1aba9d517ed992ac892b352 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -2,9 +2,47 @@ # travis-log-failure.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 24c861661ba0f3cbd639dfc63b725fa34bd4877b..af6b0af8ba07eefc507c3bcf9018a584d6bb1b74 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2,9 +2,47 @@ # ssl-opt.sh # -# This file is part of mbed TLS (https://tls.mbed.org) +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Copyright (c) 2016, ARM Limited, All Rights Reserved +# This file is provided under the Apache License 2.0, or the +# GNU General Public License v2.0 or later. +# +# ********** +# Apache License 2.0: +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ********** +# +# ********** +# GNU General Public License v2.0 or later: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# ********** # # Purpose # @@ -365,7 +403,7 @@ fail() { fi echo " ! outputs saved to o-XXX-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then + if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat o-srv-${TESTS}.log echo " ! ========================================================" @@ -581,6 +619,19 @@ run_test() { return fi + # update DTLS variable + detect_dtls "$SRV_CMD" + + # if the test uses DTLS but no custom proxy, add a simple proxy + # as it provides timing info that's useful to debug failures + if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then + PXY_CMD="$P_PXY" + case " $SRV_CMD " in + *' server_addr=::1 '*) + PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; + esac + fi + # fix client port if [ -n "$PXY_CMD" ]; then CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) @@ -588,9 +639,6 @@ run_test() { CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) fi - # update DTLS variable - detect_dtls "$SRV_CMD" - # prepend valgrind to our commands if active if [ "$MEMCHECK" -gt 0 ]; then if is_polar "$SRV_CMD"; then @@ -607,19 +655,19 @@ run_test() { # run the commands if [ -n "$PXY_CMD" ]; then - echo "$PXY_CMD" > $PXY_OUT + printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT $PXY_CMD >> $PXY_OUT 2>&1 & PXY_PID=$! wait_proxy_start "$PXY_PORT" "$PXY_PID" fi check_osrv_dtls - echo "$SRV_CMD" > $SRV_OUT + printf "# $NAME\n$SRV_CMD\n" > $SRV_OUT provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! wait_server_start "$SRV_PORT" "$SRV_PID" - echo "$CLI_CMD" > $CLI_OUT + printf "# $NAME\n$CLI_CMD\n" > $CLI_OUT eval "$CLI_CMD" >> $CLI_OUT 2>&1 & wait_client_done diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ccd4d425529ab73afe80a06c646f6647505b9c3c..4f46ea967db1ac3b6dd5b47524e9a4efaf8218bc 100755 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -46,6 +46,52 @@ typedef UINT32 uint32_t; #include #endif +/* + * Define the two macros + * + * #define TEST_CF_SECRET(ptr, size) + * #define TEST_CF_PUBLIC(ptr, size) + * + * that can be used in tests to mark a memory area as secret (no branch or + * memory access should depend on it) or public (default, only needs to be + * marked explicitly when it was derived from secret data). + * + * Arguments: + * - ptr: a pointer to the memory area to be marked + * - size: the size in bytes of the memory area + * + * Implementation: + * The basic idea is that of ctgrind : we can + * re-use tools that were designed for checking use of uninitialized memory. + * This file contains two implementations: one based on MemorySanitizer, the + * other on valgrind's memcheck. If none of them is enabled, dummy macros that + * do nothing are defined for convenience. + */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) +#include + +/* Use macros to avoid messing up with origin tracking */ +#define TEST_CF_SECRET __msan_allocated_memory +// void __msan_allocated_memory(const volatile void* data, size_t size); +#define TEST_CF_PUBLIC __msan_unpoison +// void __msan_unpoison(const volatile void *a, size_t size); + +#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) +#include + +#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED +// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) +#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED +// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) + +#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || + MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ + +#define TEST_CF_SECRET(ptr, size) +#define TEST_CF_PUBLIC(ptr, size) + +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ + /* Type for Hex parameters */ typedef struct data_tag { @@ -229,6 +275,40 @@ typedef enum mbedtls_exit( 1 ); \ } +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER( arg ) \ + ( ! __builtin_types_compatible_p( __typeof__( arg ), \ + __typeof__( &( arg )[0] ) ) ) +#else +/* On platforms where we don't know how to implement this check, + * omit it. Oh well, a non-portable check is better than nothing. */ +#define IS_ARRAY_NOT_POINTER( arg ) 1 +#endif + +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR( const_expr ) \ + ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ + ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) + +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) +/** Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +#define ARRAY_LENGTH( array ) \ + ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ + ARRAY_LENGTH_UNSAFE( array ) ) ) + /* * 32-bit integer manipulation macros (big endian) */ @@ -357,49 +437,56 @@ void mbedtls_param_failed( const char *failure_condition, #endif #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) -static int redirect_output( FILE** out_stream, const char* path ) +static int redirect_output( FILE* out_stream, const char* path ) { - int stdout_fd = dup( fileno( *out_stream ) ); + int out_fd, dup_fd; + FILE* path_stream; + + out_fd = fileno( out_stream ); + dup_fd = dup( out_fd ); - if( stdout_fd == -1 ) + if( dup_fd == -1 ) { - return -1; + return( -1 ); } - fflush( *out_stream ); - fclose( *out_stream ); - *out_stream = fopen( path, "w" ); + path_stream = fopen( path, "w" ); + if( path_stream == NULL ) + { + close( dup_fd ); + return( -1 ); + } - if( *out_stream == NULL ) + fflush( out_stream ); + if( dup2( fileno( path_stream ), out_fd ) == -1 ) { - close( stdout_fd ); - return -1; + close( dup_fd ); + fclose( path_stream ); + return( -1 ); } - return stdout_fd; + fclose( path_stream ); + return( dup_fd ); } -static int restore_output( FILE** out_stream, int old_fd ) +static int restore_output( FILE* out_stream, int dup_fd ) { - fflush( *out_stream ); - fclose( *out_stream ); + int out_fd = fileno( out_stream ); - *out_stream = fdopen( old_fd, "w" ); - if( *out_stream == NULL ) + fflush( out_stream ); + if( dup2( dup_fd, out_fd ) == -1 ) { - return -1; + close( out_fd ); + close( dup_fd ); + return( -1 ); } - return 0; -} - -static void close_output( FILE* out_stream ) -{ - fclose( out_stream ); + close( dup_fd ); + return( 0 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ -int unhexify( unsigned char *obuf, const char *ibuf ) +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; @@ -433,7 +520,7 @@ int unhexify( unsigned char *obuf, const char *ibuf ) return len; } -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +void mbedtls_test_hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) { unsigned char l, h; @@ -499,7 +586,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - (void) unhexify( obuf, ibuf ); + (void) mbedtls_test_unhexify( obuf, ibuf ); return( obuf ); } @@ -515,7 +602,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) */ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) { -#if !defined(__OpenBSD__) +#if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; if( rng_state != NULL ) @@ -528,7 +615,7 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) rng_state = NULL; arc4random_buf( output, len ); -#endif /* !OpenBSD */ +#endif /* !OpenBSD && !NetBSD */ return( 0 ); } diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 26a7be443c1ad10dfe29e3fd79cac55dec5260ae..ca51e7b2850c52669a184c9940a724e6248ccc9c 100755 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,7 +277,8 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = unhexify( (unsigned char *) val, val ); + *int_params_store = mbedtls_test_unhexify( + (unsigned char *) val, val ); *out++ = val; *out++ = (char *)(int_params_store++); } @@ -385,15 +386,16 @@ int execute_tests( int argc , const char ** argv ) const char *default_filename = "DATA_FILE"; const char *test_filename = NULL; const char **test_files = NULL; - int testfile_count = 0; + size_t testfile_count = 0; int option_verbose = 0; - int function_id = 0; + size_t function_id = 0; /* Other Local variables */ int arg_index = 1; const char *next_arg; - int testfile_index, ret, i, cnt; - int total_errors = 0, total_tests = 0, total_skipped = 0; + size_t testfile_index, i, cnt; + int ret; + unsigned total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; char buf[5000]; char *params[50]; @@ -473,8 +475,9 @@ int execute_tests( int argc , const char ** argv ) testfile_index < testfile_count; testfile_index++ ) { - int unmet_dep_count = 0; + size_t unmet_dep_count = 0; int unmet_dependencies[20]; + int missing_unmet_dependencies = 0; test_filename = test_files[ testfile_index ]; @@ -495,6 +498,7 @@ int execute_tests( int argc , const char ** argv ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; + missing_unmet_dependencies = 0; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -520,8 +524,16 @@ int execute_tests( int argc , const char ** argv ) int dep_id = strtol( params[i], NULL, 10 ); if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED ) { - unmet_dependencies[unmet_dep_count] = dep_id; - unmet_dep_count++; + if( unmet_dep_count < + ARRAY_LENGTH( unmet_dependencies ) ) + { + unmet_dependencies[unmet_dep_count] = dep_id; + unmet_dep_count++; + } + else + { + missing_unmet_dependencies = 1; + } } } @@ -543,7 +555,7 @@ int execute_tests( int argc , const char ** argv ) */ if( !option_verbose ) { - stdout_fd = redirect_output( &stdout, "/dev/null" ); + stdout_fd = redirect_output( stdout, "/dev/null" ); if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ @@ -552,7 +564,7 @@ int execute_tests( int argc , const char ** argv ) } #endif /* __unix__ || __APPLE__ __MACH__ */ - function_id = strtol( params[0], NULL, 10 ); + function_id = strtoul( params[0], NULL, 10 ); if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS ) { ret = convert_params( cnt - 1, params + 1, int_params ); @@ -563,7 +575,7 @@ int execute_tests( int argc , const char ** argv ) } #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( !option_verbose && restore_output( &stdout, stdout_fd ) ) + if( !option_verbose && restore_output( stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ exit( 1 ); @@ -590,11 +602,14 @@ int execute_tests( int argc , const char ** argv ) mbedtls_fprintf( stdout, "%d ", unmet_dependencies[i] ); } + if( missing_unmet_dependencies ) + mbedtls_fprintf( stdout, "..." ); } mbedtls_fprintf( stdout, "\n" ); fflush( stdout ); unmet_dep_count = 0; + missing_unmet_dependencies = 0; } else if( ret == DISPATCH_TEST_SUCCESS ) { @@ -641,8 +656,8 @@ int execute_tests( int argc , const char ** argv ) else mbedtls_fprintf( stdout, "FAILED" ); - mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n", - total_tests - total_errors, total_tests, total_skipped ); + mbedtls_fprintf( stdout, " (%u / %u tests (%u skipped))\n", + total_tests - total_errors, total_tests, total_skipped ); #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -652,10 +667,5 @@ int execute_tests( int argc , const char ** argv ) mbedtls_memory_buffer_alloc_free(); #endif -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( stdout_fd != -1 ) - close_output( stdout ); -#endif /* __unix__ || __APPLE__ __MACH__ */ - return( total_errors != 0 ); } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 1f4180de340b8e5708f26677e7d506089948fadb..f516d2caa12db19f8017b0145086e148bcddc767 100755 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -15,10 +15,14 @@ * Test suite file : $test_case_file * Test suite data : $test_case_data_file * - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +#if !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 1 // for fileno() from +#endif +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include #else @@ -174,7 +178,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params) * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int dispatch_test( int func_idx, void ** params ) +int dispatch_test( size_t func_idx, void ** params ) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; @@ -205,7 +209,7 @@ int dispatch_test( int func_idx, void ** params ) * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int check_test( int func_idx ) +int check_test( size_t func_idx ) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index 89835d2bffc5b6a9d1ab891f0a9780913bfb8626..dce4e8d929e371ffd595b0357003f40c0970960f 100755 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -75,7 +75,7 @@ uint8_t receive_byte() c[1] = greentea_getc(); c[2] = '\0'; - TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 ); return( byte ); } @@ -101,7 +101,7 @@ uint32_t receive_uint32() }; const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2], c_be[3], c_be[0], c_be[1], '\0' }; - TEST_HELPER_ASSERT( unhexify( (uint8_t*)&value, c ) != 8 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 ); return( value ); } diff --git a/tests/suites/test_suite_aes.cbc.data b/tests/suites/test_suite_aes.cbc.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aes.cfb.data b/tests/suites/test_suite_aes.cfb.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aes.ecb.data b/tests/suites/test_suite_aes.ecb.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index da8c1e9359482c83de5e353cf87652115b839006..3374a07e423341ea448a2eddadc4d04becbecc7e 100755 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -313,51 +313,39 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ -void aes_encrypt_ofb( int fragment_size, char *hex_key_string, - char *hex_iv_string, char *hex_src_string, - char *hex_dst_string ) +void aes_encrypt_ofb( int fragment_size, data_t *key_str, + data_t *iv_str, data_t *src_str, + char *expected_output_string) { - unsigned char key_str[32]; - unsigned char iv_str[16]; - unsigned char src_str[64]; - unsigned char dst_str[64]; unsigned char output[32]; + unsigned char output_string[65]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; - int key_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); + memset( output_string, 0x00, sizeof( output_string ) ); mbedtls_aes_init( &ctx ); - TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) ); - TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) ); - TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); - TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) ); + TEST_ASSERT( (size_t)fragment_size < sizeof( output ) ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - in_buffer_len = unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); - src_str_next = src_str; + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, + key_str->len * 8 ) == 0 ); + in_buffer_len = src_str->len; + src_str_next = src_str->x; while( in_buffer_len > 0 ) { TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, - iv_str, src_str_next, output ) == 0 ); + iv_str->x, src_str_next, output ) == 0 ); - hexify( dst_str, output, fragment_size ); - TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, + mbedtls_test_hexify( output_string, output, fragment_size ); + TEST_ASSERT( strncmp( (char *) output_string, expected_output_string, ( 2 * fragment_size ) ) == 0 ); in_buffer_len -= fragment_size; - hex_dst_string += ( fragment_size * 2 ); + expected_output_string += ( fragment_size * 2 ); src_str_next += fragment_size; if( in_buffer_len < fragment_size ) diff --git a/tests/suites/test_suite_aes.ofb.data b/tests/suites/test_suite_aes.ofb.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aes.xts.data b/tests/suites/test_suite_aes.xts.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_arc4.data b/tests/suites/test_suite_arc4.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 7e35f154b55c97a857a4783ed22a8f230bce2508..d08c39dc66b511e45ff78592d22f66680d29a5c1 100755 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -206,35 +206,28 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, +void aria_encrypt_ecb( data_t *key_str, data_t *src_str, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len, i; + size_t i; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) + TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) - == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, + output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -245,35 +238,28 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, +void aria_decrypt_ecb( data_t *key_str, data_t *src_str, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len, i; + size_t i; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) + TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) - == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, + output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -284,36 +270,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, - iv_str, src_str, output ) - == cbc_result ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, + src_str->len, iv_str->x, src_str->x, + output ) == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -324,36 +299,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, - iv_str, src_str, output ) - == cbc_result ); + mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, + src_str->len, iv_str->x, src_str->x, + output ) == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -364,36 +328,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, - data_len, &iv_offset, iv_str, - src_str, output ) + src_str->len, &iv_offset, + iv_str->x, src_str->x, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -403,36 +356,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, - data_len, &iv_offset, iv_str, - src_str, output ) + src_str->len, &iv_offset, + iv_str->x, src_str->x, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -442,36 +384,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ -void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, - blk, src_str, output ) + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, + iv_str->x, blk, src_str->x, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -481,36 +412,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ -void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, - blk, src_str, output ) + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, + iv_str->x, blk, src_str->x, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 16f9f8e3ba10c878c4e4b51277d9fbb51d606ac1..a04583b7ee2ce3ec135232329121b92a27ae8f99 100755 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -192,64 +192,51 @@ exit: /* BEGIN_CASE */ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, - char *key_hex, char *msg_hex, - char *source_address_hex, char *frame_counter_hex, - int sec_level, char *add_hex, - char *result_hex, int output_ret ) + data_t *key, data_t *msg, + data_t *source_address, data_t *frame_counter, + int sec_level, data_t *add, + data_t *expected_result, int output_ret ) { - unsigned char key[32]; - unsigned char msg[50]; unsigned char iv[13]; - unsigned char add[32]; unsigned char result[50]; - unsigned char source_address[8]; - unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, result_len, source_address_len, frame_counter_len, tag_len; + size_t i, iv_len, tag_len; int ret; mbedtls_ccm_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); - memset( add, 0x00, sizeof( add ) ); memset( result, 0x00, sizeof( result ) ); - memset( source_address, 0x00, sizeof( source_address ) ); - memset( frame_counter, 0x00, sizeof( frame_counter ) ); - - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; else tag_len = 1 << ( sec_level % 4 + 1); - for( i = 0; i < source_address_len; i++ ) - iv[i] = source_address[i]; + for( i = 0; i < source_address->len; i++ ) + iv[i] = source_address->x[i]; - for( i = 0; i < frame_counter_len; i++ ) - iv[source_address_len + i] = frame_counter[i]; + for( i = 0; i < frame_counter->len; i++ ) + iv[source_address->len + i] = frame_counter->x[i]; - iv[source_address_len + frame_counter_len] = sec_level; + iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, + key->x, key->len * 8 ) == 0 ); - ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, - add, add_len, msg, msg, msg + msg_len, tag_len ); + ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, + add->x, add->len, msg->x, + result, result + msg->len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( msg, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( result, + expected_result->x, expected_result->len ) == 0 ); /* Check we didn't write past the end */ - TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 ); + TEST_ASSERT( result[expected_result->len] == 0 && + result[expected_result->len + 1] == 0 ); exit: mbedtls_ccm_free( &ctx ); @@ -258,69 +245,51 @@ exit: /* BEGIN_CASE */ void mbedtls_ccm_star_auth_decrypt( int cipher_id, - char *key_hex, char *msg_hex, - char *source_address_hex, char *frame_counter_hex, - int sec_level, char *add_hex, - char *result_hex, int output_ret ) + data_t *key, data_t *msg, + data_t *source_address, data_t *frame_counter, + int sec_level, data_t *add, + data_t *expected_result, int output_ret ) { - unsigned char key[32]; - unsigned char msg[50]; unsigned char iv[13]; - unsigned char add[32]; - unsigned char tag[16]; unsigned char result[50]; - unsigned char source_address[8]; - unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, tag_len, result_len, source_address_len, frame_counter_len; + size_t i, iv_len, tag_len; int ret; mbedtls_ccm_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); - memset( add, 0x00, sizeof( add ) ); - memset( result, 0x00, sizeof( result ) ); - memset( source_address, 0x00, sizeof( source_address ) ); - memset( frame_counter, 0x00, sizeof( frame_counter ) ); - memset( tag, 0x00, sizeof( tag ) ); - - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); + memset( result, '+', sizeof( result ) ); if( sec_level % 4 == 0) tag_len = 0; else tag_len = 1 << ( sec_level % 4 + 1); - for( i = 0; i < source_address_len; i++ ) - iv[i] = source_address[i]; + for( i = 0; i < source_address->len; i++ ) + iv[i] = source_address->x[i]; - for( i = 0; i < frame_counter_len; i++ ) - iv[source_address_len + i] = frame_counter[i]; + for( i = 0; i < frame_counter->len; i++ ) + iv[source_address->len + i] = frame_counter->x[i]; - iv[source_address_len + frame_counter_len] = sec_level; + iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); - msg_len -= tag_len; - memcpy( tag, msg + msg_len, tag_len ); - - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); - ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, - add, add_len, msg, msg, msg + msg_len, tag_len ); + ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len, + add->x, add->len, msg->x, result, + msg->x + msg->len - tag_len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( msg, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( result, expected_result->x, + expected_result->len ) == 0 ); /* Check we didn't write past the end (where the original tag is) */ - TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 ); + TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) ); + TEST_ASSERT( result[msg->len] == '+' ); + TEST_ASSERT( result[msg->len + 1] == '+' ); exit: mbedtls_ccm_free( &ctx ); diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 49b389c7f0cb2503694ceb7ade5eac011155d422..afe24183a30f9a16b5b9322a779f5bcb0ff58fca 100755 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -8,60 +8,55 @@ */ /* BEGIN_CASE */ -void chacha20_crypt( char *hex_key_string, - char *hex_nonce_string, +void chacha20_crypt( data_t *key_str, + data_t *nonce_str, int counter, - char *hex_src_string, - char *hex_dst_string ) + data_t *src_str, + data_t *expected_output_str ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char src_str[375]; /* max size of binary input */ - unsigned char dst_str[751]; /* hex expansion of the above */ - unsigned char output[751]; - size_t key_len; - size_t nonce_len; - size_t src_len; - size_t dst_len; + unsigned char output[375]; mbedtls_chacha20_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); - memset( dst_str, 0x00, sizeof( dst_str ) ); - memset( output, 0x00, sizeof( output ) ); + /* + * Buffers to store the ASCII string representation of output and + * expected_output_str. + */ + unsigned char output_string[751] = { '\0' }; + unsigned char expected_output_string[751] = { '\0' }; - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - src_len = unhexify( src_str, hex_src_string ); - dst_len = unhexify( dst_str, hex_dst_string ); + memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( src_len == dst_len ); - TEST_ASSERT( key_len == 32U ); - TEST_ASSERT( nonce_len == 12U ); + TEST_ASSERT( src_str->len == expected_output_str->len ); + TEST_ASSERT( key_str->len == 32U ); + TEST_ASSERT( nonce_str->len == 12U ); /* * Test the integrated API */ - TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 ); - hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( expected_output_string, + expected_output_str->x, + expected_output_str->len); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); /* * Test the streaming API */ mbedtls_chacha20_init( &ctx ); - TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str->x ) == 0 ); - TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 ); - hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); /* * Test the streaming API again, piecewise @@ -69,14 +64,16 @@ void chacha20_crypt( char *hex_key_string, /* Don't free/init the context nor set the key again, * in order to test that starts() does the right thing. */ - TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str->x, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1, + src_str->x + 1, output + 1 ) == 0 ); - hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); mbedtls_chacha20_free( &ctx ); } diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 8e56bf69a334b911e5f62ee84b7c84d3a0cef03e..96128e4ec35d7304ebf297a4f7d3cb024e540583 100755 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -8,53 +8,27 @@ */ /* BEGIN_CASE */ -void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string ) +void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char aad_str[12]; /* max size of test data so far */ - unsigned char input_str[265]; /* max size of binary input/output so far */ - unsigned char output_str[265]; unsigned char output[265]; - unsigned char mac_str[16]; /* size set by the standard */ unsigned char mac[16]; /* size set by the standard */ - size_t input_len; - size_t output_len; - size_t aad_len; - size_t key_len; - size_t nonce_len; - size_t mac_len; mbedtls_chachapoly_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( aad_str, 0x00, sizeof( aad_str ) ); - memset( input_str, 0x00, sizeof( input_str ) ); - memset( output_str, 0x00, sizeof( output_str ) ); - memset( mac_str, 0x00, sizeof( mac_str ) ); - - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); - - TEST_ASSERT( key_len == 32 ); - TEST_ASSERT( nonce_len == 12 ); - TEST_ASSERT( mac_len == 16 ); + TEST_ASSERT( key_str->len == 32 ); + TEST_ASSERT( nonce_str->len == 12 ); + TEST_ASSERT( mac_str->len == 16 ); mbedtls_chachapoly_init( &ctx ); - TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, - input_len, nonce_str, - aad_str, aad_len, - input_str, output, mac ) == 0 ); + input_str->len, nonce_str->x, + aad_str->x, aad_str->len, + input_str->x, output, mac ) == 0 ); - TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); - TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 ); + TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); + TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 ); exit: mbedtls_chachapoly_free( &ctx ); @@ -62,55 +36,29 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp ) +void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char aad_str[12]; /* max size of test data so far */ - unsigned char input_str[265]; /* max size of binary input/output so far */ - unsigned char output_str[265]; unsigned char output[265]; - unsigned char mac_str[16]; /* size set by the standard */ - size_t input_len; - size_t output_len; - size_t aad_len; - size_t key_len; - size_t nonce_len; - size_t mac_len; int ret; mbedtls_chachapoly_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( aad_str, 0x00, sizeof( aad_str ) ); - memset( input_str, 0x00, sizeof( input_str ) ); - memset( output_str, 0x00, sizeof( output_str ) ); - memset( mac_str, 0x00, sizeof( mac_str ) ); - - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); - - TEST_ASSERT( key_len == 32 ); - TEST_ASSERT( nonce_len == 12 ); - TEST_ASSERT( mac_len == 16 ); + TEST_ASSERT( key_str->len == 32 ); + TEST_ASSERT( nonce_str->len == 12 ); + TEST_ASSERT( mac_str->len == 16 ); mbedtls_chachapoly_init( &ctx ); - TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); ret = mbedtls_chachapoly_auth_decrypt( &ctx, - input_len, nonce_str, - aad_str, aad_len, - mac_str, input_str, output ); + input_str->len, nonce_str->x, + aad_str->x, aad_str->len, + mac_str->x, input_str->x, output ); TEST_ASSERT( ret == ret_exp ); if( ret_exp == 0 ) { - TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); + TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.ccm.data b/tests/suites/test_suite_cipher.ccm.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 02bf5f7ee10adb56ceea32a07e064a1fdef80bcb..d57e408c49d0e72ab30929ad8af025faa3c4b38b 100755 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1062,48 +1062,33 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ -void test_vec_crypt( int cipher_id, int operation, char *hex_key, - char *hex_iv, char *hex_input, char *hex_result, - int finish_result ) +void test_vec_crypt( int cipher_id, int operation, data_t *key, + data_t *iv, data_t *input, data_t *result, + int finish_result ) { - unsigned char key[50]; - unsigned char input[16]; - unsigned char result[16]; - unsigned char iv[16]; - size_t key_len, iv_len, inputlen, resultlen; mbedtls_cipher_context_t ctx; unsigned char output[32]; size_t outlen; mbedtls_cipher_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( input, 0x00, sizeof( input ) ); - memset( result, 0x00, sizeof( result ) ); memset( output, 0x00, sizeof( output ) ); - memset( iv, 0x00, sizeof( iv ) ); /* Prepare context */ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, mbedtls_cipher_info_from_type( cipher_id ) ) ); - key_len = unhexify( key, hex_key ); - inputlen = unhexify( input, hex_input ); - resultlen = unhexify( result, hex_result ); - - TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); - iv_len = unhexify( iv, hex_iv ); - - TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, - iv_len, input, inputlen, + TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL, + iv->len, input->x, input->len, output, &outlen ) ); - TEST_ASSERT( resultlen == outlen ); + TEST_ASSERT( result->len == outlen ); /* check plaintext only if everything went fine */ if( 0 == finish_result ) - TEST_ASSERT( 0 == memcmp( output, result, outlen ) ); + TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) ); exit: mbedtls_cipher_free( &ctx ); diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.null.data b/tests/suites/test_suite_cipher.null.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_des.data b/tests/suites/test_suite_des.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 1a33d8175cf73773f8608b3871aab192031bb345..32d41e62303d62433b66634de5c02c459d39edbe 100755 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -340,7 +340,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ -void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, +void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z, int enable, int max_ops, int min_restart, int max_restart ) { int ret; @@ -348,10 +348,6 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, unsigned char buf[1000]; const unsigned char *vbuf; size_t len; - unsigned char z[MBEDTLS_ECP_MAX_BYTES]; - size_t z_len; - unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES]; - unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; rnd_buf_info rnd_info_A, rnd_info_B; int cnt_restart; mbedtls_ecp_group grp; @@ -360,13 +356,11 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - z_len = unhexify( z, z_str ); + rnd_info_A.buf = dA->x; + rnd_info_A.length = dA->len; - rnd_info_A.buf = rnd_buf_A; - rnd_info_A.length = unhexify( rnd_buf_A, dA_str ); - - rnd_info_B.buf = rnd_buf_B; - rnd_info_B.length = unhexify( rnd_buf_B, dB_str ); + rnd_info_B.buf = dB->x; + rnd_info_B.length = dB->len; /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure * in every configuration, therefore we load it separately. */ @@ -436,8 +430,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); - TEST_ASSERT( len == z_len ); - TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + TEST_ASSERT( len == z->len ); + TEST_ASSERT( memcmp( buf, z->x, len ) == 0 ); /* client computes shared secret */ memset( buf, 0, sizeof( buf ) ); @@ -453,8 +447,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); - TEST_ASSERT( len == z_len ); - TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + TEST_ASSERT( len == z->len ); + TEST_ASSERT( memcmp( buf, z->x, len ) == 0 ); exit: mbedtls_ecp_group_free( &grp ); diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 2844beaa51a148ce3ebd5eb2c440ffd82f37497b..7b1718fb2eaded28f8b754297785c5bda69965d2 100755 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -433,33 +433,26 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ -void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, +void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig, int max_ops, int min_restart, int max_restart ) { mbedtls_ecdsa_context ctx; mbedtls_ecdsa_restart_ctx rs_ctx; - unsigned char hash[64]; - unsigned char sig[200]; - unsigned char pk[65]; - size_t sig_len, hash_len, pk_len; int ret, cnt_restart; mbedtls_ecdsa_init( &ctx ); mbedtls_ecdsa_restart_init( &rs_ctx ); - hash_len = unhexify(hash, h_str); - sig_len = unhexify(sig, s_str); - pk_len = unhexify(pk, k_str); - TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 ); + TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, + pk->x, pk->len ) == 0 ); mbedtls_ecp_set_max_ops( max_ops ); cnt_restart = 0; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -467,29 +460,31 @@ void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, TEST_ASSERT( cnt_restart <= max_restart ); /* try modifying r */ - sig[10]++; + + TEST_ASSERT( sig->len > 10 ); + sig->x[10]++; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[10]--; + sig->x[10]--; /* try modifying s */ - sig[sig_len - 1]++; + sig->x[sig->len - 1]++; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[sig_len - 1]--; + sig->x[sig->len - 1]--; /* Do we leak memory when aborting an operation? * This test only makes sense when we actually restart */ if( min_restart > 0 ) { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } @@ -501,7 +496,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ void ecdsa_write_restart( int id, char *d_str, int md_alg, - char *msg, char *sig_str, + char *msg, data_t *sig_check, int max_ops, int min_restart, int max_restart ) { int ret, cnt_restart; @@ -509,19 +504,16 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, mbedtls_ecdsa_context ctx; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; - size_t hlen, slen, slen_check; + size_t hlen, slen; const mbedtls_md_info_t *md_info; mbedtls_ecdsa_restart_init( &rs_ctx ); mbedtls_ecdsa_init( &ctx ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0, sizeof( sig ) ); - memset( sig_check, 0, sizeof( sig_check ) ); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); @@ -541,8 +533,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( slen == slen_check ); - TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + TEST_ASSERT( slen == sig_check->len ); + TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 30d5ec6f1e9def441fc69275fd7e34488917554e..2c25cd7c4d3238f7355aaed15d9554ce36b5594d 100755 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -336,6 +336,14 @@ ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07" +ECP point multiplication rng fail secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF" + +ECP point multiplication rng fail Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660" + ECP test vectors secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 0b2e0299151644208178f43dacec0344b79e293c..850b77cecda680d74f8766c56c12e70ea9c11262 100755 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -674,6 +674,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_test_mul_rng( int id, data_t * d_hex) +{ + mbedtls_ecp_group grp; + mbedtls_mpi d; + mbedtls_ecp_point Q; + + mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); + mbedtls_ecp_point_init( &Q ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) + == MBEDTLS_ERR_ECP_RANDOM_FAILED ); + +exit: + mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d ); + mbedtls_ecp_point_free( &Q ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_fast_mod( int id, char * N_str ) { diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index cf197323b04f5604a901790fa1940b58db46da13..889d3bca7ebe99319f304002172c9db5c9617e9b 100755 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/md.h" #include "string.h" /* diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.camellia.data b/tests/suites/test_suite_gcm.camellia.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hkdf.data b/tests/suites/test_suite_hkdf.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 3e8720734e4b483c39029d53006daa861f1a7699..ddd64fae4d8eafdd429b0d8896dce0d9e7700821 100755 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -9,37 +9,36 @@ */ /* BEGIN_CASE */ -void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, - char *hex_info_string, char *hex_okm_string ) +void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, + data_t *expected_okm ) { int ret; - size_t ikm_len, salt_len, info_len, okm_len; - unsigned char ikm[128] = { '\0' }; - unsigned char salt[128] = { '\0' }; - unsigned char info[128] = { '\0' }; - unsigned char expected_okm[128] = { '\0' }; unsigned char okm[128] = { '\0' }; /* - * okm_hex is the string representation of okm, - * so its size is twice the size of okm, and an extra null-termination. + * okm_string and expected_okm_string are the ASCII string representations + * of km and expected_okm, so their size should be twice the size of + * okm and expected_okm, and an extra null-termination. */ - unsigned char okm_hex[257] = { '\0' }; + unsigned char okm_string[257] = { '\0' }; + unsigned char expected_okm_string[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); - ikm_len = unhexify( ikm, hex_ikm_string ); - salt_len = unhexify( salt, hex_salt_string ); - info_len = unhexify( info, hex_info_string ); - okm_len = unhexify( expected_okm, hex_okm_string ); + TEST_ASSERT( expected_okm->len <= sizeof( okm ) ); - ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm, - okm_len); + ret = mbedtls_hkdf( md, salt->x, salt->len, ikm->x, ikm->len, + info->x, info->len, okm, expected_okm->len ); TEST_ASSERT( ret == 0 ); - // Run hexify on it so that it looks nicer if the assertion fails - hexify( okm_hex, okm, okm_len ); - TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); + /* + * Run mbedtls_test_hexify on okm and expected_okm so that it looks nicer + * if the assertion fails. + */ + mbedtls_test_hexify( okm_string, okm, expected_okm->len ); + mbedtls_test_hexify( expected_okm_string, + expected_okm->x, expected_okm->len ); + TEST_ASSERT( !strcmp( (char *)okm_string, (char *)expected_okm_string ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index 9c34ea619545afbcfc6aa40324bff6b9ccb32b9c..6a810520f44a88f1cc9cd5681db9d78b76eb873f 100755 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -242,42 +242,31 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_nist_kw_wrap( int cipher_id, int mode, - char *key_hex, char *msg_hex, - char *result_hex ) +void mbedtls_nist_kw_wrap( int cipher_id, int mode, data_t *key, data_t *msg, + data_t *expected_result ) { - unsigned char key[32]; - unsigned char msg[512]; unsigned char result[528]; - unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, output_len, result_len, i, padlen; + size_t result_len, i, padlen; mbedtls_nist_kw_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); - output_len = sizeof( result ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 ) - == 0 ); + TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, + key->x, key->len * 8, 1 ) == 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len, - result, &output_len, sizeof( result ) ) == 0 ); + TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg->x, msg->len, + result, &result_len, sizeof( result ) ) == 0 ); - TEST_ASSERT( output_len == result_len ); + TEST_ASSERT( result_len == expected_result->len ); - TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 ); - padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0; + padlen = ( msg->len % 8 != 0 ) ? 8 - (msg->len % 8 ) : 0; /* Check that the function didn't write beyond the end of the buffer. */ - for( i = msg_len + 8 + padlen; i < sizeof( result ); i++ ) + for( i = msg->len + 8 + padlen; i < sizeof( result ); i++ ) { TEST_ASSERT( result[i] == '+' ); } @@ -288,47 +277,35 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_nist_kw_unwrap( int cipher_id, int mode, - char *key_hex, char *msg_hex, - char *result_hex, int expected_ret ) +void mbedtls_nist_kw_unwrap( int cipher_id, int mode, data_t *key, data_t *msg, + data_t *expected_result, int expected_ret ) { - unsigned char key[32]; - unsigned char msg[528]; unsigned char result[528]; - unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, output_len, result_len, i; + size_t result_len, i; mbedtls_nist_kw_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - memset( expected_result, 0x00, sizeof( expected_result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); - output_len = sizeof( result ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 ) - == 0 ); + TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, + key->x, key->len * 8, 0 ) == 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len, - result, &output_len, sizeof( result ) ) == expected_ret ); + TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg->x, msg->len, + result, &result_len, sizeof( result ) ) == expected_ret ); if( expected_ret == 0 ) { - TEST_ASSERT( output_len == result_len ); - TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 ); + TEST_ASSERT( result_len == expected_result->len ); + TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 ); } else { - TEST_ASSERT( output_len == 0 ); + TEST_ASSERT( result_len == 0 ); } /* Check that the function didn't write beyond the end of the buffer. */ - for( i = msg_len - 8; i < sizeof( result ); i++ ) + for( i = msg->len - 8; i < sizeof( result ); i++ ) { TEST_ASSERT( result[i] == '+' ); } diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b57fe19fa101e2f3b063079055986632bc4a03dc..18f5ef8ebbb7229bcb2a3b394b5667e12689bdef 100755 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -679,7 +679,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, char *QX_str, char *QY_str, - int md_alg, char *msg, char *sig_str, + int md_alg, char *msg, data_t *sig_check, int max_ops, int min_restart, int max_restart ) { int ret, cnt_restart; @@ -687,8 +687,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, mbedtls_pk_context prv, pub; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; - size_t hlen, slen, slen_check; + size_t hlen, slen; const mbedtls_md_info_t *md_info; mbedtls_pk_restart_init( &rs_ctx ); @@ -696,7 +695,6 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, mbedtls_pk_init( &pub ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0, sizeof( sig ) ); - memset( sig_check, 0, sizeof( sig_check ) ); TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); @@ -706,8 +704,6 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); - md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); @@ -726,8 +722,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( slen == slen_check ); - TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + TEST_ASSERT( slen == sig_check->len ); + TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 066bb39425ae3e63233509240fc98eed8f0ecfbf..44617d98ef9455f05d2ae8677d9f9ada1f5d5e6e 100755 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -9,29 +9,22 @@ */ /* BEGIN_CASE */ -void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string ) +void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) { - unsigned char src_str[375]; /* max size of binary input */ - unsigned char key[32]; /* size set by the standard */ unsigned char mac[16]; /* size set by the standard */ unsigned char mac_str[33]; /* hex expansion of the above */ - size_t src_len; mbedtls_poly1305_context ctx; - memset( src_str, 0x00, sizeof( src_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - memset( key, 0x00, sizeof( key ) ); memset( mac, 0x00, sizeof( mac ) ); - src_len = unhexify( src_str, hex_src_string ); - unhexify( key, hex_key_string ); - /* * Test the integrated API */ - TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x, + src_str->len, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -39,13 +32,13 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src */ mbedtls_poly1305_init( &ctx ); - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, src_len ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, src_str->len ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -54,33 +47,33 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src /* Don't free/init the context, in order to test that starts() does the * right thing. */ - if( src_len >= 1 ) + if( src_str->len >= 1 ) { - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, src_str->len - 1 ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } /* * Again with more pieces */ - if( src_len >= 2 ) + if( src_str->len >= 2 ) { - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 2, src_len - 2 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 2, src_str->len - 2 ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d4acc2de2530dae25665562356a3eb370ecfd1b2..9a3b5837cad4255b49a08a44617370fbf46f94fd 100755 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1506,7 +1506,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void mbedtls_rsa_validate_params( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 147350744f8ce181bb3b30562c34dbd8d6d9cb98..66f6b849263e805d198ad9cb29674d8a70364dc0 100755 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -57,3 +57,31 @@ ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0 SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice ssl_set_hostname_twice:"server0":"server1" + +Constant-flow HMAC: MD5 +depends_on:MBEDTLS_MD5_C +ssl_cf_hmac:MBEDTLS_MD_MD5 + +Constant-flow HMAC: SHA1 +depends_on:MBEDTLS_SHA1_C +ssl_cf_hmac:MBEDTLS_MD_SHA1 + +Constant-flow HMAC: SHA256 +depends_on:MBEDTLS_SHA256_C +ssl_cf_hmac:MBEDTLS_MD_SHA256 + +Constant-flow HMAC: SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 +ssl_cf_hmac:MBEDTLS_MD_SHA384 + +# these are the numbers we'd get with an empty plaintext and truncated HMAC +Constant-flow memcpy from offset: small +ssl_cf_memcpy_offset:0:5:10 + +# we could get this with 255-bytes plaintext and untruncated SHA-256 +Constant-flow memcpy from offset: medium +ssl_cf_memcpy_offset:0:255:32 + +# we could get this with 355-bytes plaintext and untruncated SHA-384 +Constant-flow memcpy from offset: large +ssl_cf_memcpy_offset:100:339:48 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 326f22d3b2fbfcfb8fc54c4aaf020790b02d4833..c1f7d0de34acca183f47f874c5837ec7601e58b0 100755 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -52,3 +52,128 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) mbedtls_ssl_free( &ssl ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +void ssl_cf_hmac( int hash ) +{ + /* + * Test the function mbedtls_ssl_cf_hmac() against a reference + * implementation. + */ + mbedtls_md_context_t ctx, ref_ctx; + const mbedtls_md_info_t *md_info; + size_t out_len, block_size; + size_t min_in_len, in_len, max_in_len, i; + /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ + unsigned char add_data[13]; + unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; + unsigned char *data = NULL; + unsigned char *out = NULL; + unsigned char rec_num = 0; + + mbedtls_md_init( &ctx ); + mbedtls_md_init( &ref_ctx ); + + md_info = mbedtls_md_info_from_type( hash ); + TEST_ASSERT( md_info != NULL ); + out_len = mbedtls_md_get_size( md_info ); + TEST_ASSERT( out_len != 0 ); + block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64; + + /* Use allocated out buffer to catch overwrites */ + out = mbedtls_calloc( 1, out_len ); + TEST_ASSERT( out != NULL ); + + /* Set up contexts with the given hash and a dummy key */ + TEST_ASSERT( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) ); + TEST_ASSERT( 0 == mbedtls_md_setup( &ref_ctx, md_info, 1 ) ); + memset( ref_out, 42, sizeof( ref_out ) ); + TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) ); + TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) ); + memset( ref_out, 0, sizeof( ref_out ) ); + + /* + * Test all possible lengths up to a point. The difference between + * max_in_len and min_in_len is at most 255, and make sure they both vary + * by at least one block size. + */ + for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ ) + { + /* Use allocated in buffer to catch overreads */ + data = mbedtls_calloc( 1, max_in_len ); + TEST_ASSERT( data != NULL || max_in_len == 0 ); + + min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; + for( in_len = min_in_len; in_len <= max_in_len; in_len++ ) + { + /* Set up dummy data and add_data */ + rec_num++; + memset( add_data, rec_num, sizeof( add_data ) ); + for( i = 0; i < in_len; i++ ) + data[i] = ( i & 0xff ) ^ rec_num; + + /* Get the function's result */ + TEST_CF_SECRET( &in_len, sizeof( in_len ) ); + TEST_ASSERT( 0 == mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ), + data, in_len, + min_in_len, max_in_len, + out ) ); + TEST_CF_PUBLIC( &in_len, sizeof( in_len ) ); + TEST_CF_PUBLIC( out, out_len ); + + /* Compute the reference result */ + TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, add_data, + sizeof( add_data ) ) ); + TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, data, in_len ) ); + TEST_ASSERT( 0 == mbedtls_md_hmac_finish( &ref_ctx, ref_out ) ); + TEST_ASSERT( 0 == mbedtls_md_hmac_reset( &ref_ctx ) ); + + /* Compare */ + TEST_ASSERT( 0 == memcmp( out, ref_out, out_len ) ); + } + + mbedtls_free( data ); + data = NULL; + } + +exit: + mbedtls_md_free( &ref_ctx ); + mbedtls_md_free( &ctx ); + + mbedtls_free( data ); + mbedtls_free( out ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len ) +{ + unsigned char *dst = NULL; + unsigned char *src = NULL; + size_t src_len = offset_max + len; + size_t secret; + + dst = mbedtls_calloc( 1, len ); + TEST_ASSERT( dst != NULL ); + src = mbedtls_calloc( 1, src_len ); + TEST_ASSERT( src != NULL ); + + /* Fill src in a way that we can detect if we copied the right bytes */ + rnd_std_rand( NULL, src, src_len ); + + for( secret = offset_min; secret <= (size_t) offset_max; secret++ ) + { + TEST_CF_SECRET( &secret, sizeof( secret ) ); + mbedtls_ssl_cf_memcpy_offset( dst, src, secret, + offset_min, offset_max, len ); + TEST_CF_PUBLIC( &secret, sizeof( secret ) ); + TEST_CF_PUBLIC( dst, len ); + + TEST_ASSERT( memcmp( dst, src + secret, len ) == 0 ); + } + +exit: + mbedtls_free( dst ); + mbedtls_free( src ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 54c1220efd4c9077b6909399fb52c628b5e97e2e..cc907b6841b124f7401d6b01a0582940bfa7057f 100755 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.6" +check_compiletime_version:"2.16.8" Check runtime library version -check_runtime_version:"2.16.6" +check_runtime_version:"2.16.8" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 91f8ac9550f30332359b506abd80aaa10d4302d7..fe844746894e3a5e9e5d269c04cb011600b22dbf 100755 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -843,6 +843,22 @@ X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" +X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" + +X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + +X509 Certificate verification: domain identical to IPv4 in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + +X509 Certificate verification: domain identical to IPv6 in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" @@ -1166,6 +1182,14 @@ X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +X509 Certificate ASN1 (inv extBasicConstraint, pathlen is INT_MAX) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 Certificate ASN1 (pathlen is INT_MAX-1) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0 + X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH @@ -1328,10 +1352,60 @@ X509 CRL ASN1 (TBSCertList, sig present, len mismatch) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +# 305c +# 3047 tbsCertList TBSCertList +# 020100 version INTEGER OPTIONAL +# 300d signatureAlgorithm AlgorithmIdentifi +# 06092a864886f70d01010e +# 0500 +# 300f issuer Name +# 310d300b0603550403130441424344 +# 170c303930313031303030303030 thisUpdate Time +# 3014 revokedCertificates +# 3012 entry 1 +# 8202abcd userCertificate CertificateSerialNum +# 170c303831323331323335393539 revocationDate Time +# 300d signatureAlgorithm AlgorithmIdentifi +# 06092a864886f70d01010e +# 0500 +# 03020001 signatureValue BIT STRING +# The subsequent TBSCertList negative tests remove or modify some elements. X509 CRL ASN1 (TBSCertList, sig present) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (TBSCertList, signatureValue missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, single empty entry at end) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, good entry then empty entry at end) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, missing time in entry) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, missing time in entry at end) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (TBSCertList, invalid tag for time in entry) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRL ASN1 (TBSCertList, invalid tag for serial) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_xtea.data b/tests/suites/test_suite_xtea.data old mode 100755 new mode 100644 diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function old mode 100755 new mode 100644 diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln old mode 100755 new mode 100644 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 73c92bda552a03ffc2ff4831b73b76856c16772b..3eeea8ce2016e2d116985b526b3f47e5a85b689e 100755 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -21,7 +21,7 @@ {46CF2D25-6A36-4189-B59C-E4815388E554} Win32Proj - mbedTLS + mbedTLS @@ -45,7 +45,6 @@ false true Unicode - Windows7.1SDK @@ -85,7 +84,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include CompileAsC @@ -100,7 +99,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include CompileAsC @@ -117,7 +116,7 @@ MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include @@ -135,7 +134,7 @@ MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) ../../include diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj old mode 100755 new mode 100644 diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj old mode 100755 new mode 100644