Merge branch 'development' into development-restricted

* development: (87 commits)
  entropy: Adjust parameter type of internal function to avoid a cast
  entropy: Avoid arithmetic on void pointer
  add comment about potential future extension
  Adjust comments about SEED synchronisation
  entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper
  test_suite_x509parse.function improvement
  Pass "certificate policies" extension to callback
  Update iv and len context pointers manually when reallocating buffers
  Add Apache-2.0 headers to all source files
  Remove Dangerous Parameter Passing
  Add Apache-2.0 headers to all scripts
  Add missing copyright dates to scripts and sources
  Show failure in ssl-opts.sh  when key export fails
  Add changelog entry
  tests: Reformating due to rnd_* renaming
  tests: Add mbedtls_test_ prefix to rnd_* symbols
  tests: Reformating due to hexcmp() renaming
  tests: Add mbedtls_test_ prefix to hexcmp()
  tests: Reformating due to unhexify_alloc() renaming
  tests: Add mbedtls_test_ prefix to unhexify_alloc()
  ...
This commit is contained in:
Manuel Pégourié-Gonnard 2020-06-25 11:53:43 +02:00
commit db61c3503b
218 changed files with 4132 additions and 2453 deletions

View file

@ -10,7 +10,7 @@ set(everest_src
list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
if(${result} EQUAL 0) if(${result} EQUAL 0)

View file

@ -51,18 +51,29 @@ set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
"${WARNING_BORDER}") "${WARNING_BORDER}")
# Python 3 is only needed here to check for configuration warnings. # Python 3 is only needed here to check for configuration warnings.
find_package(PythonInterp 3) if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
if(PYTHONINTERP_FOUND) set(Python3_FIND_STRATEGY LOCATION)
find_package(Python3 COMPONENTS Interpreter)
if(Python3_Interpreter_FOUND)
set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
endif()
else()
find_package(PythonInterp 3)
if(PYTHONINTERP_FOUND)
set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
endif()
endif()
if(MBEDTLS_PYTHON_EXECUTABLE)
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
RESULT_VARIABLE result) RESULT_VARIABLE result)
if(${result} EQUAL 0) if(${result} EQUAL 0)
message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
endif() endif()
# If NULL Entropy is configured, display an appropriate warning # If NULL Entropy is configured, display an appropriate warning
execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result) RESULT_VARIABLE result)
if(${result} EQUAL 0) if(${result} EQUAL 0)
message(WARNING ${NULL_ENTROPY_WARNING}) message(WARNING ${NULL_ENTROPY_WARNING})

View file

@ -0,0 +1,2 @@
Bugfix
* Remove unused macros from MSVC projects. Reported in #3297 and fix submitted in #3333 by irwir.

View file

@ -0,0 +1,5 @@
Bugfix
* Update iv and len context pointers manually when reallocating buffers
using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues
when receiving a connection with CID, when these fields were shifted
in ssl_parse_record_header().

View file

@ -0,0 +1,2 @@
Bugfix
* Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie.

View file

@ -0,0 +1,2 @@
Bugfix
* Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422.

View file

@ -0,0 +1,6 @@
Security
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
Strackx (Fortanix) in #3394.

View file

@ -0,0 +1,5 @@
Features
* Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows
parsing unsupported certificate extensions via user provided callback.
Contributed by Nicola Di Lieto <nicola.dilieto@gmail.com> in #3243 as
a solution to #3241.

View file

@ -0,0 +1,4 @@
Features
* Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies (#3419).

View file

@ -0,0 +1,2 @@
Features
* Added support to entropy_poll for the kern.arandom syscall supported on some BSD systems. Contributed by Nia Alarie in #3423.

View file

@ -0,0 +1,5 @@
Changes
* The unit tests now rely on header files in tests/include/test and source
files in tests/src. When building with make or cmake, the files in
tests/src are compiled and the resulting object linked into each test
executable.

View file

@ -0,0 +1,9 @@
Bugfix
* Add additional bounds checks in ssl_write_client_hello() preventing
output buffer overflow if the configuration declared a buffer that was
too small.
Changes
* Abort the ClientHello writing function as soon as some extension doesn't
fit into the record buffer. Previously, such extensions were silently
dropped. As a consequence, the TLS handshake now fails when the output
buffer is not large enough to hold the ClientHello.

View file

@ -0,0 +1,2 @@
Changes
* Use FindPython3 when cmake version >= 3.15.0

View file

@ -107,11 +107,11 @@ covtest:
lcov: lcov:
rm -rf Coverage rm -rf Coverage
lcov --capture --initial --directory library -o files.info lcov --capture --initial --directory library -o files.info
lcov --capture --directory library -o tests.info lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info
lcov --add-tracefile files.info --add-tracefile tests.info -o all.info lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info
lcov --remove all.info -o final.info '*.h' lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions gendesc tests/Descriptions.txt -o descriptions
genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info
rm -f files.info tests.info all.info final.info descriptions rm -f files.info tests.info all.info final.info descriptions
apidoc: apidoc:

View file

@ -20,7 +20,8 @@
* <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
*/ */
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -9,7 +9,8 @@
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English) * Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
* and also described by the IETF in <em>RFC 5794</em>. * and also described by the IETF in <em>RFC 5794</em>.
*/ */
/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com> * \author Daniel King <damaki.gh@gmail.com>
*/ */
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com> * \author Daniel King <damaki.gh@gmail.com>
*/ */
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -101,7 +101,7 @@
* ECP 4 10 (Started from top) * ECP 4 10 (Started from top)
* MD 5 5 * MD 5 5
* HKDF 5 1 (Started from top) * HKDF 5 1 (Started from top)
* SSL 5 1 (Started from 0x5F00) * SSL 5 2 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080) * CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000) * SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32 * SSL 7 32

View file

@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com> * \author Daniel King <damaki.gh@gmail.com>
*/ */
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -129,6 +129,7 @@
#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */
/* /*
* Various constants * Various constants
@ -144,6 +145,9 @@
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */ * NONE must be zero so that memset()ing structure to zero works */

View file

@ -207,6 +207,12 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
) )
/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
/* /*
* Check that we obey the standard's message size bounds * Check that we obey the standard's message size bounds
*/ */
@ -299,6 +305,41 @@ static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
/**
* \brief This function checks if the remaining size in a buffer is
* greater or equal than a needed space.
*
* \param cur Pointer to the current position in the buffer.
* \param end Pointer to one past the end of the buffer.
* \param need Needed space in bytes.
*
* \return Zero if the needed space is available in the buffer, non-zero
* otherwise.
*/
static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
const uint8_t *end, size_t need )
{
return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
}
/**
* \brief This macro checks if the remaining size in a buffer is
* greater or equal than a needed space. If it is not the case,
* it returns an SSL_BUFFER_TOO_SMALL error.
*
* \param cur Pointer to the current position in the buffer.
* \param end Pointer to one past the end of the buffer.
* \param need Needed space in bytes.
*
*/
#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
do { \
if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
{ \
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
} \
} while( 0 )
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

View file

@ -303,6 +303,90 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf, const unsigned char *buf,
size_t buflen ); size_t buflen );
/**
* \brief The type of certificate extension callbacks.
*
* Callbacks of this type are passed to and used by the
* mbedtls_x509_crt_parse_der_with_ext_cb() routine when
* it encounters either an unsupported extension or a
* "certificate policies" extension containing any
* unsupported certificate policies.
* Future versions of the library may invoke the callback
* in other cases, if and when the need arises.
*
* \param p_ctx An opaque context passed to the callback.
* \param crt The certificate being parsed.
* \param oid The OID of the extension.
* \param critical Whether the extension is critical.
* \param p Pointer to the start of the extension value
* (the content of the OCTET STRING).
* \param end End of extension value.
*
* \note The callback must fail and return a negative error code
* if it can not parse or does not support the extension.
* When the callback fails to parse a critical extension
* mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
* When the callback fails to parse a non critical extension
* mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
* the extension and continues parsing.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *p,
const unsigned char *end );
/**
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
* mbedtls_x509_crt_init().
* \param buf The buffer holding the DER encoded certificate.
* \param buflen The size in Bytes of \p buf.
* \param make_copy When not zero this function makes an internal copy of the
* CRT buffer \p buf. In particular, \p buf may be destroyed
* or reused after this call returns.
* When zero this function avoids duplicating the CRT buffer
* by taking temporary ownership thereof until the CRT
* is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
* \param cb A callback invoked for every unsupported certificate
* extension.
* \param p_ctx An opaque context passed to the callback.
*
* \note This call is functionally equivalent to
* mbedtls_x509_crt_parse_der(), and/or
* mbedtls_x509_crt_parse_der_nocopy()
* but it calls the callback with every unsupported
* certificate extension and additionally the
* "certificate policies" extension if it contains any
* unsupported certificate policies.
* The callback must return a negative error code if it
* does not know how to handle such an extension.
* When the callback fails to parse a critical extension
* mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
* When the callback fails to parse a non critical extension
* mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
* the extension and continues parsing.
* Future versions of the library may invoke the callback
* in other cases, if and when the need arises.
*
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx );
/** /**
* \brief Parse a single DER formatted certificate and add it * \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list. This is a * to the end of the provided chained list. This is a

View file

@ -243,6 +243,22 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
memcpy( Y, &T, sizeof( mbedtls_mpi ) ); memcpy( Y, &T, sizeof( mbedtls_mpi ) );
} }
/*
* Conditionally assign dest = src, without leaking information
* about whether the assignment was made or not.
* dest and src must be arrays of limbs of size n.
* assign must be 0 or 1.
*/
static void mpi_safe_cond_assign( size_t n,
mbedtls_mpi_uint *dest,
const mbedtls_mpi_uint *src,
unsigned char assign )
{
size_t i;
for( i = 0; i < n; i++ )
dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign;
}
/* /*
* Conditionally assign X = Y, without leaking information * Conditionally assign X = Y, without leaking information
* about whether the assignment was made or not. * about whether the assignment was made or not.
@ -262,10 +278,9 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned
X->s = X->s * ( 1 - assign ) + Y->s * assign; X->s = X->s * ( 1 - assign ) + Y->s * assign;
for( i = 0; i < Y->n; i++ ) mpi_safe_cond_assign( Y->n, X->p, Y->p, assign );
X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
for( ; i < X->n; i++ ) for( i = Y->n; i < X->n; i++ )
X->p[i] *= ( 1 - assign ); X->p[i] *= ( 1 - assign );
cleanup: cleanup:
@ -1327,10 +1342,24 @@ cleanup:
return( ret ); return( ret );
} }
/* /**
* Helper for mbedtls_mpi subtraction * Helper for mbedtls_mpi subtraction.
*
* Calculate d - s where d and s have the same size.
* This function operates modulo (2^ciL)^n and returns the carry
* (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise).
*
* \param n Number of limbs of \p d and \p s.
* \param[in,out] d On input, the left operand.
* On output, the result of the subtraction:
* \param[in] s The right operand.
*
* \return 1 if `d < s`.
* 0 if `d >= s`.
*/ */
static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) static mbedtls_mpi_uint mpi_sub_hlp( size_t n,
mbedtls_mpi_uint *d,
const mbedtls_mpi_uint *s )
{ {
size_t i; size_t i;
mbedtls_mpi_uint c, z; mbedtls_mpi_uint c, z;
@ -1341,28 +1370,22 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
c = ( *d < *s ) + z; *d -= *s; c = ( *d < *s ) + z; *d -= *s;
} }
while( c != 0 ) return( c );
{
z = ( *d < c ); *d -= c;
c = z; d++;
}
} }
/* /*
* Unsigned subtraction: X = |A| - |B| (HAC 14.9) * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10)
*/ */
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{ {
mbedtls_mpi TB; mbedtls_mpi TB;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n; size_t n;
mbedtls_mpi_uint carry;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL ); MPI_VALIDATE_RET( B != NULL );
if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TB );
if( X == B ) if( X == B )
@ -1385,7 +1408,18 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
if( B->p[n - 1] != 0 ) if( B->p[n - 1] != 0 )
break; break;
mpi_sub_hlp( n, B->p, X->p ); carry = mpi_sub_hlp( n, X->p, B->p );
if( carry != 0 )
{
/* Propagate the carry to the first nonzero limb of X. */
for( ; n < X->n && X->p[n] == 0; n++ )
--X->p[n];
/* If we ran out of space for the carry, it means that the result
* is negative. */
if( n == X->n )
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
--X->p[n];
}
cleanup: cleanup:
@ -1975,18 +2009,34 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
*mm = ~x + 1; *mm = ~x + 1;
} }
/* /** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) *
* \param[in,out] A One of the numbers to multiply.
* It must have at least as many limbs as N
* (A->n >= N->n), and any limbs beyond n are ignored.
* On successful completion, A contains the result of
* the multiplication A * B * R^-1 mod N where
* R = (2^ciL)^n.
* \param[in] B One of the numbers to multiply.
* It must be nonzero and must not have more limbs than N
* (B->n <= N->n).
* \param[in] N The modulo. N must be odd.
* \param mm The value calculated by `mpi_montg_init(&mm, N)`.
* This is -N^-1 mod 2^ciL.
* \param[in,out] T A bignum for temporary storage.
* It must be at least twice the limb size of N plus 2
* (T->n >= 2 * (N->n + 1)).
* Its initial content is unused and
* its final content is indeterminate.
* Note that unlike the usual convention in the library
* for `const mbedtls_mpi*`, the content of T can change.
*/ */
static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T ) const mbedtls_mpi *T )
{ {
size_t i, n, m; size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d; mbedtls_mpi_uint u0, u1, *d;
if( T->n < N->n + 1 || T->p == NULL )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
memset( T->p, 0, T->n * ciL ); memset( T->p, 0, T->n * ciL );
d = T->p; d = T->p;
@ -2007,22 +2057,34 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi
*d++ = u0; d[n + 1] = 0; *d++ = u0; d[n + 1] = 0;
} }
memcpy( A->p, d, ( n + 1 ) * ciL ); /* At this point, d is either the desired result or the desired result
* plus N. We now potentially subtract N, avoiding leaking whether the
* subtraction is performed through side channels. */
if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) /* Copy the n least significant limbs of d to A, so that
mpi_sub_hlp( n, N->p, A->p ); * A = d if d < N (recall that N has n limbs). */
else memcpy( A->p, d, n * ciL );
/* prevent timing attacks */ /* If d >= N then we want to set A to d - N. To prevent timing attacks,
mpi_sub_hlp( n, A->p, T->p ); * do the calculation without using conditional tests. */
/* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */
return( 0 ); d[n] += 1;
d[n] -= mpi_sub_hlp( n, d, N->p );
/* If d0 < N then d < (2^biL)^n
* so d[n] == 0 and we want to keep A as it is.
* If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n
* so d[n] == 1 and we want to set A to the result of the subtraction
* which is d - (2^biL)^n, i.e. the n least significant limbs of d.
* This exactly corresponds to a conditional assignment. */
mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] );
} }
/* /*
* Montgomery reduction: A = A * R^-1 mod N * Montgomery reduction: A = A * R^-1 mod N
*
* See mpi_montmul() regarding constraints and guarantees on the parameters.
*/ */
static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
mbedtls_mpi_uint mm, const mbedtls_mpi *T ) mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{ {
mbedtls_mpi_uint z = 1; mbedtls_mpi_uint z = 1;
mbedtls_mpi U; mbedtls_mpi U;
@ -2030,7 +2092,7 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
U.n = U.s = (int) z; U.n = U.s = (int) z;
U.p = &z; U.p = &z;
return( mpi_montmul( A, &U, N, mm, T ) ); mpi_montmul( A, &U, N, mm, T );
} }
/* /*
@ -2116,13 +2178,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
else else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); mpi_montmul( &W[1], &RR, N, mm, &T );
/* /*
* X = R^2 * R^-1 mod N = R mod N * X = R^2 * R^-1 mod N = R mod N
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); mpi_montred( X, N, mm, &T );
if( wsize > 1 ) if( wsize > 1 )
{ {
@ -2135,7 +2197,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ ) for( i = 0; i < wsize - 1; i++ )
MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); mpi_montmul( &W[j], &W[j], N, mm, &T );
/* /*
* W[i] = W[i - 1] * W[1] * W[i] = W[i - 1] * W[1]
@ -2145,7 +2207,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); mpi_montmul( &W[i], &W[1], N, mm, &T );
} }
} }
@ -2182,7 +2244,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
/* /*
* out of window, square X * out of window, square X
*/ */
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); mpi_montmul( X, X, N, mm, &T );
continue; continue;
} }
@ -2200,12 +2262,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
* X = X^wsize R^-1 mod N * X = X^wsize R^-1 mod N
*/ */
for( i = 0; i < wsize; i++ ) for( i = 0; i < wsize; i++ )
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); mpi_montmul( X, X, N, mm, &T );
/* /*
* X = X * W[wbits] R^-1 mod N * X = X * W[wbits] R^-1 mod N
*/ */
MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); mpi_montmul( X, &W[wbits], N, mm, &T );
state--; state--;
nbits = 0; nbits = 0;
@ -2218,18 +2280,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
*/ */
for( i = 0; i < nbits; i++ ) for( i = 0; i < nbits; i++ )
{ {
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); mpi_montmul( X, X, N, mm, &T );
wbits <<= 1; wbits <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 ) if( ( wbits & ( one << wsize ) ) != 0 )
MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); mpi_montmul( X, &W[1], N, mm, &T );
} }
/* /*
* X = A^E * R * R^-1 mod N = A^E mod N * X = A^E * R * R^-1 mod N = A^E mod N
*/ */
MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); mpi_montred( X, N, mm, &T );
if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
{ {

View file

@ -115,6 +115,41 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
#endif /* SYS_getrandom */ #endif /* SYS_getrandom */
#endif /* __linux__ || __midipix__ */ #endif /* __linux__ || __midipix__ */
/*
* Some BSD systems provide KERN_ARND.
* This is equivalent to reading from /dev/urandom, only it doesn't require an
* open file descriptor, and provides up to 256 bytes per call (basically the
* same as getentropy(), but with a longer history).
*
* Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
*/
#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
#include <sys/param.h>
#include <sys/sysctl.h>
#if defined(KERN_ARND)
#define HAVE_SYSCTL_ARND
static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
{
int name[2];
size_t len;
name[0] = CTL_KERN;
name[1] = KERN_ARND;
while( buflen > 0 )
{
len = buflen > 256 ? 256 : buflen;
if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
return( -1 );
buflen -= len;
buf += len;
}
return( 0 );
}
#endif /* KERN_ARND */
#endif /* __FreeBSD__ || __NetBSD__ */
#include <stdio.h> #include <stdio.h>
int mbedtls_platform_entropy_poll( void *data, int mbedtls_platform_entropy_poll( void *data,
@ -139,6 +174,15 @@ int mbedtls_platform_entropy_poll( void *data,
((void) ret); ((void) ret);
#endif /* HAVE_GETRANDOM */ #endif /* HAVE_GETRANDOM */
#if defined(HAVE_SYSCTL_ARND)
((void) file);
((void) read_len);
if( sysctl_arnd_wrapper( output, len ) == -1 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
*olen = len;
return( 0 );
#else
*olen = 0; *olen = 0;
file = fopen( "/dev/urandom", "rb" ); file = fopen( "/dev/urandom", "rb" );
@ -156,6 +200,7 @@ int mbedtls_platform_entropy_poll( void *data,
*olen = len; *olen = len;
return( 0 ); return( 0 );
#endif /* HAVE_SYSCTL_ARND */
} }
#endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */

View file

@ -526,6 +526,8 @@ const char * mbedtls_high_level_strerr( int error_code )
return( "SSL - An operation failed due to an unexpected version or configuration" ); return( "SSL - An operation failed due to an unexpected version or configuration" );
case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
return( "SSL - A cryptographic operation is in progress. Try again later" ); return( "SSL - A cryptographic operation is in progress. Try again later" );
case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
return( "SSL - Invalid value in SSL config" );
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)

View file

@ -23,6 +23,7 @@
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -322,7 +323,8 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
struct sockaddr_storage client_addr; struct sockaddr_storage client_addr;
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
defined(socklen_t)
socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type ); socklen_t type_len = (socklen_t) sizeof( type );
#else #else

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto layer on top of Mbed TLS crypto * PSA crypto layer on top of Mbed TLS crypto
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto core internal interfaces * PSA crypto core internal interfaces
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/** \file psa_crypto_its.h /** \file psa_crypto_its.h
* \brief Interface of trusted storage that crypto is built on. * \brief Interface of trusted storage that crypto is built on.
*/ */
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto support for secure element drivers * PSA crypto support for secure element drivers
*/ */
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto support for secure element drivers * PSA crypto support for secure element drivers
*/ */
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,4 +1,5 @@
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto layer on top of Mbed TLS crypto * PSA crypto layer on top of Mbed TLS crypto
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA crypto layer on top of Mbed TLS crypto * PSA crypto layer on top of Mbed TLS crypto
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA persistent key storage * PSA persistent key storage
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,7 +1,8 @@
/* /*
* PSA ITS simulator over stdio files. * PSA ITS simulator over stdio files.
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

File diff suppressed because it is too large Load diff

View file

@ -134,8 +134,7 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
{ {
unsigned char hmac_out[COOKIE_MD_OUTLEN]; unsigned char hmac_out[COOKIE_MD_OUTLEN];
if( (size_t)( end - *p ) < COOKIE_HMAC_LEN ) MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
@ -165,8 +164,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
if( ctx == NULL || cli_id == NULL ) if( ctx == NULL || cli_id == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( (size_t)( end - *p ) < COOKIE_LEN ) MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
t = (unsigned long) mbedtls_time( NULL ); t = (unsigned long) mbedtls_time( NULL );

View file

@ -35,6 +35,7 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h" #include "mbedtls/ssl_ticket.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
@ -224,8 +225,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
* in addition to session itself, that will be checked when writing it. */ * in addition to session itself, that will be checked when writing it. */
if( end - start < TICKET_MIN_LEN ) MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )

View file

@ -3686,11 +3686,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* If the buffers are too small - reallocate */ /* If the buffers are too small - reallocate */
{ {
int modified = 0; int modified = 0;
size_t written_in = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL ) if( ssl->in_buf != NULL )
{ {
written_in = ssl->in_msg - ssl->in_buf; written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
{ {
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
@ -3709,6 +3711,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
if( ssl->out_buf != NULL ) if( ssl->out_buf != NULL )
{ {
written_out = ssl->out_msg - ssl->out_buf; written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
{ {
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
@ -3728,9 +3732,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* Update pointers here to avoid doing it twice. */ /* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl ); mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record /* Fields below might not be properly updated with record
* splitting, so they are manually updated here. */ * splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out; ssl->out_msg = ssl->out_buf + written_out;
ssl->out_len = ssl->out_buf + len_offset_out;
ssl->out_iv = ssl->out_buf + iv_offset_out;
ssl->in_msg = ssl->in_buf + written_in; ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
} }
} }
#endif #endif
@ -4665,7 +4674,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
cur_len = strlen( *p ); cur_len = strlen( *p );
tot_len += cur_len; tot_len += cur_len;
if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) if( ( cur_len == 0 ) ||
( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
@ -5960,14 +5971,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
{ {
int modified = 0; int modified = 0;
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
size_t written_in = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL ) if( ssl->in_buf != NULL )
{ {
written_in = ssl->in_msg - ssl->in_buf; written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len ) if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
{ {
written_in = ssl->in_msg - ssl->in_buf;
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
@ -5985,6 +5997,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
if(ssl->out_buf != NULL ) if(ssl->out_buf != NULL )
{ {
written_out = ssl->out_msg - ssl->out_buf; written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
ssl->out_left < buf_len ) ssl->out_left < buf_len )
{ {
@ -6004,9 +6018,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
/* Update pointers here to avoid doing it twice. */ /* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl ); mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record /* Fields below might not be properly updated with record
* splitting, so they are manually updated here. */ * splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out; ssl->out_msg = ssl->out_buf + written_out;
ssl->out_len = ssl->out_buf + len_offset_out;
ssl->out_iv = ssl->out_buf + iv_offset_out;
ssl->in_msg = ssl->in_buf + written_in; ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
} }
} }
#endif #endif

View file

@ -888,11 +888,13 @@ static int x509_get_certificate_policies( unsigned char **p,
*/ */
static int x509_get_crt_ext( unsigned char **p, static int x509_get_crt_ext( unsigned char **p,
const unsigned char *end, const unsigned char *end,
mbedtls_x509_crt *crt ) mbedtls_x509_crt *crt,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len; size_t len;
unsigned char *end_ext_data, *end_ext_octet; unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
if( *p == end ) if( *p == end )
return( 0 ); return( 0 );
@ -938,6 +940,7 @@ static int x509_get_crt_ext( unsigned char **p,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
start_ext_octet = *p;
end_ext_octet = *p + len; end_ext_octet = *p + len;
if( end_ext_octet != end_ext_data ) if( end_ext_octet != end_ext_data )
@ -951,6 +954,16 @@ static int x509_get_crt_ext( unsigned char **p,
if( ret != 0 ) if( ret != 0 )
{ {
/* Give the callback (if any) a chance to handle the extension */
if( cb != NULL )
{
ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
if( ret != 0 && is_critical )
return( ret );
*p = end_ext_octet;
continue;
}
/* No parser found, skip extension */ /* No parser found, skip extension */
*p = end_ext_octet; *p = end_ext_octet;
@ -1013,6 +1026,13 @@ static int x509_get_crt_ext( unsigned char **p,
if( ( ret = x509_get_certificate_policies( p, end_ext_octet, if( ( ret = x509_get_certificate_policies( p, end_ext_octet,
&crt->certificate_policies ) ) != 0 ) &crt->certificate_policies ) ) != 0 )
{ {
/* Give the callback (if any) a chance to handle the extension
* if it contains unsupported policies */
if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
cb( p_ctx, crt, &extn_oid, is_critical,
start_ext_octet, end_ext_octet ) == 0 )
break;
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical ) if( is_critical )
return( ret ); return( ret );
@ -1057,7 +1077,9 @@ static int x509_get_crt_ext( unsigned char **p,
static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
int make_copy ) int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len; size_t len;
@ -1256,7 +1278,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
if( crt->version == 3 ) if( crt->version == 3 )
#endif #endif
{ {
ret = x509_get_crt_ext( &p, end, crt ); ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
@ -1319,7 +1341,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
const unsigned char *buf, const unsigned char *buf,
size_t buflen, size_t buflen,
int make_copy ) int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_crt *crt = chain, *prev = NULL; mbedtls_x509_crt *crt = chain, *prev = NULL;
@ -1351,7 +1375,8 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
crt = crt->next; crt = crt->next;
} }
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 ) ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx );
if( ret != 0 )
{ {
if( prev ) if( prev )
prev->next = NULL; prev->next = NULL;
@ -1369,14 +1394,24 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
const unsigned char *buf, const unsigned char *buf,
size_t buflen ) size_t buflen )
{ {
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) ); return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) );
}
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx )
{
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) );
} }
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf, const unsigned char *buf,
size_t buflen ) size_t buflen )
{ {
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) ); return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) );
} }
/* /*

View file

@ -22,7 +22,7 @@
/* Enable definition of fileno() even when compiling with -std=c99. Must be /* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly. * set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 1 #define _POSIX_C_SOURCE 200112L
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"

View file

@ -23,7 +23,7 @@
/* Enable definition of fileno() even when compiling with -std=c99. Must be /* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly. * set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 1 #define _POSIX_C_SOURCE 200112L
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"

View file

@ -10,7 +10,7 @@ target_link_libraries(psa_constant_names mbedtls)
add_custom_target( add_custom_target(
psa_constant_names_generated psa_constant_names_generated
COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR}
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../
) )
add_dependencies(psa_constant_names psa_constant_names_generated) add_dependencies(psa_constant_names psa_constant_names_generated)

View file

@ -1,3 +1,22 @@
/*
* Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "psa/crypto.h" #include "psa/crypto.h"
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>

View file

@ -30,7 +30,8 @@
* `key_ladder_demo.sh` for an example run. * `key_ladder_demo.sh` for an example run.
*/ */
/* Copyright (C) 2018, ARM Limited, All Rights Reserved /*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

View file

@ -1,4 +1,22 @@
#!/bin/sh #!/bin/sh
#
# Copyright (C) 2018, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -e -u set -e -u
program="${0%/*}"/key_ladder_demo program="${0%/*}"/key_ladder_demo

View file

@ -1,3 +1,22 @@
/*
* Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include <errno.h> #include <errno.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>

View file

@ -23,6 +23,7 @@
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"

View file

@ -3718,7 +3718,7 @@ handshake:
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
goto exit; goto reset;
} }
mbedtls_printf( " EAP-TLS key material is:" ); mbedtls_printf( " EAP-TLS key material is:" );
@ -3739,7 +3739,7 @@ handshake:
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
goto exit; goto reset;
} }
mbedtls_printf( " EAP-TLS IV is:" ); mbedtls_printf( " EAP-TLS IV is:" );

View file

@ -1,6 +1,23 @@
#!/bin/sh #!/bin/sh
# -*-sh-basic-offset: 4-*- # -*-sh-basic-offset: 4-*-
# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
#
# Copyright (C) 2017, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -u set -u

View file

@ -4,12 +4,10 @@
* This is a simple test application used for debugger-driven testing to check * This is a simple test application used for debugger-driven testing to check
* whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
* optimizations. This application is used by the GDB script at * optimizations. This application is used by the GDB script at
* tests/scripts/test_zeroize.gdb under the assumption that the code does not * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last
* change often (as opposed to the library code) because the script sets a * return statement in the main() function of this program. The debugger
* breakpoint at the last return statement in the main() function of this * facilities are then used to manually inspect the memory and verify that the
* program. The debugger facilities are then used to manually inspect the * call to mbedtls_platform_zeroize() was not eliminated.
* memory and verify that the call to mbedtls_platform_zeroize() was not
* eliminated.
* *
* Copyright (C) 2018, Arm Limited, All Rights Reserved * Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
@ -98,5 +96,5 @@ int main( int argc, char** argv )
fclose( fp ); fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_exit( exit_code ); mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment!
} }

View file

@ -1,9 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
""" """
This file is part of Mbed TLS (https://tls.mbed.org)
Copyright (c) 2018, Arm Limited, All Rights Reserved
Purpose Purpose
This script is a small wrapper around the abi-compliance-checker and This script is a small wrapper around the abi-compliance-checker and
@ -15,6 +11,23 @@ Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error
while running the script. Note: must be run from Mbed TLS root. while running the script. Note: must be run from Mbed TLS root.
""" """
# Copyright (c) 2018, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
import os import os
import sys import sys
import traceback import traceback

View file

@ -6,6 +6,23 @@
# #
# /!\ This must not be a Makefile target, as it would create a race condition # /!\ This must not be a Makefile target, as it would create a race condition
# when multiple targets are invoked in the same parallel build. # when multiple targets are invoked in the same parallel build.
#
# Copyright (C) 2016, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu set -eu

View file

@ -1,8 +1,21 @@
#!/bin/bash #!/bin/bash
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -89,11 +89,9 @@
</PropertyGroup> </PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile> <ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization> <Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -101,7 +99,6 @@ INCLUDE_DIRECTORIES
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link> </Link>
@ -111,11 +108,9 @@ INCLUDE_DIRECTORIES
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile> <ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization> <Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -123,7 +118,6 @@ INCLUDE_DIRECTORIES
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
<AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link> </Link>
@ -134,12 +128,10 @@ INCLUDE_DIRECTORIES
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile> <ClCompile>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization> <Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking> <FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -156,12 +148,10 @@ INCLUDE_DIRECTORIES
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile> <ClCompile>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization> <Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking> <FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>

View file

@ -80,11 +80,9 @@
</PropertyGroup> </PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile> <ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization> <Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -97,11 +95,9 @@ INCLUDE_DIRECTORIES
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile> <ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization> <Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -115,12 +111,10 @@ INCLUDE_DIRECTORIES
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile> <ClCompile>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization> <Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking> <FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories> <AdditionalIncludeDirectories>
INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES
</AdditionalIncludeDirectories> </AdditionalIncludeDirectories>
@ -135,8 +129,6 @@ INCLUDE_DIRECTORIES
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile> <ClCompile>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization> <Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking> <FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>

View file

@ -6,6 +6,23 @@
# Usage (preferably on a 32-bit platform): # Usage (preferably on a 32-bit platform):
# cmake -D CMAKE_BUILD_TYPE=Release . # cmake -D CMAKE_BUILD_TYPE=Release .
# scripts/ecc-heap.sh | tee ecc-heap.log # scripts/ecc-heap.sh | tee ecc-heap.log
#
# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu set -eu

View file

@ -1,8 +1,21 @@
#!/bin/sh #!/bin/sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -4,6 +4,23 @@
# #
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, # Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
# or generate_errors.pl include_dir data_dir error_file # or generate_errors.pl include_dir data_dir error_file
#
# Copyright (C) 2011-2020, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -1,5 +1,21 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# #
# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -11,6 +11,23 @@ file is written:
* OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/ * OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/
""" """
# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
import os import os
import re import re
import sys import sys

View file

@ -15,6 +15,23 @@
# function by using the template in scripts/data_files/query_config.fmt. # function by using the template in scripts/data_files/query_config.fmt.
# #
# Usage: ./scripts/generate_query_config.pl without arguments # Usage: ./scripts/generate_query_config.pl without arguments
#
# Copyright (C) 2018-2019, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -5,6 +5,23 @@
# #
# Must be run from mbedTLS root or scripts directory. # Must be run from mbedTLS root or scripts directory.
# Takes no argument. # Takes no argument.
#
# Copyright (C) 2013-2020, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings; use warnings;
use strict; use strict;

View file

@ -1,6 +1,23 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# Parse a massif.out.xxx file and output peak total memory usage # Parse a massif.out.xxx file and output peak total memory usage
#
# Copyright (C) 2014, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings; use warnings;
use strict; use strict;

View file

@ -5,6 +5,23 @@
# #
# Use different build options for measuring executable size and memory usage, # Use different build options for measuring executable size and memory usage,
# since for memory we want debug information. # since for memory we want debug information.
#
# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu set -eu

View file

@ -2,9 +2,22 @@
# output_env.sh # output_env.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2016, ARM Limited, All Rights Reserved # Copyright (c) 2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -1,8 +1,21 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -2,6 +2,23 @@
# Temporarily (de)ignore Makefiles generated by CMake to allow easier # Temporarily (de)ignore Makefiles generated by CMake to allow easier
# git development # git development
#
# Copyright (C) 2014, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
IGNORE="" IGNORE=""

5
tests/.gitignore vendored
View file

@ -8,4 +8,7 @@ data_files/hmac_drbg_seed
data_files/ctr_drbg_seed data_files/ctr_drbg_seed
data_files/entropy_seed data_files/entropy_seed
/instrument_record_status.h include/test/instrument_record_status.h
src/*.o
src/libmbed*

View file

@ -17,9 +17,8 @@ if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES}) set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT) endif(ENABLE_ZLIB_SUPPORT)
find_package(PythonInterp) if(NOT MBEDTLS_PYTHON_EXECUTABLE)
if(NOT PYTHONINTERP_FOUND) message(FATAL_ERROR "Cannot build test suites without Python 3")
message(FATAL_ERROR "Cannot build test suites without Python 2 or 3")
endif() endif()
# Enable definition of various functions used throughout the testsuite # Enable definition of various functions used throughout the testsuite
@ -43,13 +42,13 @@ function(add_test_suite suite_name)
add_custom_command( add_custom_command(
OUTPUT test_suite_${data_name}.c OUTPUT test_suite_${data_name}.c
COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
) )
include_directories(${CMAKE_CURRENT_SOURCE_DIR}) add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtests>)
add_executable(test_suite_${data_name} test_suite_${data_name}.c)
target_link_libraries(test_suite_${data_name} ${libs}) target_link_libraries(test_suite_${data_name} ${libs})
target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.") message(STATUS "The test suite ${data_name} will not be executed.")
else() else()
@ -67,6 +66,10 @@ if(MSVC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC) endif(MSVC)
file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c)
add_library(mbedtests OBJECT ${MBEDTESTS_FILES})
target_include_directories(mbedtests PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include)
add_test_suite(aes aes.cbc) add_test_suite(aes aes.cbc)
add_test_suite(aes aes.cfb) add_test_suite(aes aes.cfb)
add_test_suite(aes aes.ecb) add_test_suite(aes aes.ecb)

View file

@ -6,7 +6,7 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?= LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \ LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \ -lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \
@ -21,9 +21,9 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED ifndef SHARED
DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else else
DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif endif
ifdef DEBUG ifdef DEBUG
@ -74,9 +74,16 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS))
all: $(BINARIES) all: $(BINARIES)
$(DEP): $(MBEDLIBS):
$(MAKE) -C ../library $(MAKE) -C ../library
MBEDTESTS_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c))
# Rule to compile common test C files in src folder
src/%.o : src/%.c
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
C_FILES := $(addsuffix .c,$(APPS)) C_FILES := $(addsuffix .c,$(APPS))
# Wildcard target for test code generation: # Wildcard target for test code generation:
@ -105,23 +112,26 @@ C_FILES := $(addsuffix .c,$(APPS))
-o . -o .
$(BINARIES): %$(EXEXT): %.c $(DEP) $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTESTS_OBJS)
echo " CC $<" echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTESTS_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
# Some test suites require additional header files. # Some test suites require additional header files.
$(filter test_suite_psa_crypto%, $(BINARIES)): psa_crypto_helpers.h $(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h
$(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h $(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h
$(filter test_suite_psa_%, $(BINARIES)): psa_helpers.h $(filter test_suite_psa_%, $(BINARIES)): include/test/psa_helpers.h
$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h
clean: clean:
ifndef WINDOWS ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax TESTS rm -rf $(BINARIES) *.c *.datax TESTS
rm -f src/*.o src/libmbed*
else else
if exist *.c del /Q /F *.c if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe if exist *.exe del /Q /F *.exe
if exist *.datax del /Q /F *.datax if exist *.datax del /Q /F *.datax
if exist src/*.o del /Q /F src/*.o
if exist src/libmbed* del /Q /F src/libmed*
ifneq ($(wildcard TESTS/.*),) ifneq ($(wildcard TESTS/.*),)
rmdir /Q /S TESTS rmdir /Q /S TESTS
endif endif
@ -152,7 +162,7 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function s
generate-target-tests: $(EMBEDDED_TESTS) generate-target-tests: $(EMBEDDED_TESTS)
define copy_header_to_target define copy_header_to_target
TESTS/mbedtls/$(1)/$(2): $(2) TESTS/mbedtls/$(1)/$(2): include/test/$(2)
echo " Copy ./$$@" echo " Copy ./$$@"
ifndef WINDOWS ifndef WINDOWS
mkdir -p $$(@D) mkdir -p $$(@D)
@ -163,11 +173,11 @@ else
endif endif
endef endef
$(foreach app, $(APPS), $(foreach file, $(wildcard *.h), \ $(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \
$(eval $(call copy_header_to_target,$(app),$(file))))) $(eval $(call copy_header_to_target,$(app),$(file)))))
ifdef RECORD_PSA_STATUS_COVERAGE_LOG ifdef RECORD_PSA_STATUS_COVERAGE_LOG
$(BINARIES): instrument_record_status.h $(BINARIES): include/test/instrument_record_status.h
instrument_record_status.h: ../include/psa/crypto.h Makefile include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif endif

View file

@ -2,9 +2,22 @@
# compat.sh # compat.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -2,9 +2,22 @@
# context-info.sh # context-info.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved # Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# This program is intended for testing the ssl_context_info program # This program is intended for testing the ssl_context_info program
# #

View file

@ -1,4 +1,21 @@
#!/bin/sh #!/bin/sh
#
# Copyright (C) 2017, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu set -eu

View file

@ -1,4 +1,22 @@
#!/usr/bin/env perl #!/usr/bin/env perl
#
# Copyright (C) 2017, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;
use warnings; use warnings;

View file

@ -1,9 +1,22 @@
#!/bin/sh #!/bin/sh
# pre-push.sh # pre-push.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2017, ARM Limited, All Rights Reserved # Copyright (c) 2017, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #
@ -32,18 +45,4 @@ echo "URL is $URL"
set -eu set -eu
run_test() tests/scripts/all.sh -q -k 'check_*'
{
TEST=$1
echo "running '$TEST'"
if ! `$TEST > /dev/null 2>&1`; then
echo "test '$TEST' failed"
return 1
fi
}
run_test ./tests/scripts/check-doxy-blocks.pl
run_test ./tests/scripts/check-names.sh
run_test ./tests/scripts/check-generated-files.sh
run_test ./tests/scripts/check-files.py
run_test ./tests/scripts/doxygen.sh

View file

@ -0,0 +1,86 @@
/**
* \file helpers.h
*
* \brief This file contains the prototypes of helper functions for the
* purpose of testing.
*/
/*
* Copyright (C) 2020, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef TEST_HELPERS_H
#define TEST_HELPERS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf
#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_exit exit
#define mbedtls_time time
#define mbedtls_time_t time_t
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#include <stddef.h>
#include <stdint.h>
int mbedtls_test_platform_setup( void );
void mbedtls_test_platform_teardown( void );
int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf );
void mbedtls_test_hexify( unsigned char *obuf,
const unsigned char *ibuf,
int len );
/**
* Allocate and zeroize a buffer.
*
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
*
* For convenience, dies if allocation fails.
*/
unsigned char *mbedtls_test_zero_alloc( size_t len );
/**
* Allocate and fill a buffer from hex data.
*
* The buffer is sized exactly as needed. This allows to detect buffer
* overruns (including overreads) when running the test suite under valgrind.
*
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
*
* For convenience, dies if allocation fails.
*/
unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen );
int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
uint32_t a_len, uint32_t b_len );
#endif /* TEST_HELPERS_H */

138
tests/include/test/macros.h Normal file
View file

@ -0,0 +1,138 @@
/**
* \file macros.h
*
* \brief This file contains generic macros for the purpose of testing.
*/
/*
* Copyright (C) 2020, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef TEST_MACROS_H
#define TEST_MACROS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stdlib.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf
#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_exit exit
#define mbedtls_time time
#define mbedtls_time_t time_t
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
__FILE__, __LINE__, #a ); \
mbedtls_exit( 1 ); \
}
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER( arg ) \
( ! __builtin_types_compatible_p( __typeof__( arg ), \
__typeof__( &( arg )[0] ) ) )
#else
/* On platforms where we don't know how to implement this check,
* omit it. Oh well, a non-portable check is better than nothing. */
#define IS_ARRAY_NOT_POINTER( arg ) 1
#endif
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR( const_expr ) \
( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
#define ARRAY_LENGTH_UNSAFE( array ) \
( sizeof( array ) / sizeof( *( array ) ) )
/** Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
#define ARRAY_LENGTH( array ) \
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
ARRAY_LENGTH_UNSAFE( array ) ) )
/** Return the smaller of two values.
*
* \param x An integer-valued expression without side effects.
* \param y An integer-valued expression without side effects.
*
* \return The smaller of \p x and \p y.
*/
#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
/** Return the larger of two values.
*
* \param x An integer-valued expression without side effects.
* \param y An integer-valued expression without side effects.
*
* \return The larger of \p x and \p y.
*/
#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
#endif /* TEST_MACROS_H */

View file

@ -1,7 +1,8 @@
/* /*
* Helper functions for tests that use the PSA Crypto API. * Helper functions for tests that use the PSA Crypto API.
*/ */
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -22,7 +23,7 @@
#ifndef PSA_CRYPTO_HELPERS_H #ifndef PSA_CRYPTO_HELPERS_H
#define PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H
#include "psa_helpers.h" #include "test/psa_helpers.h"
#include <psa/crypto.h> #include <psa/crypto.h>

View file

@ -1,7 +1,8 @@
/* /*
* Helper functions for tests that use any PSA API. * Helper functions for tests that use any PSA API.
*/ */
/* Copyright (C) 2019, ARM Limited, All Rights Reserved /*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may

107
tests/include/test/random.h Normal file
View file

@ -0,0 +1,107 @@
/**
* \file random.h
*
* \brief This file contains the prototypes of helper functions to generate
* random numbers for the purpose of testing.
*/
/*
* Copyright (C) 2020, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef TEST_RANDOM_H
#define TEST_RANDOM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include <stdint.h>
typedef struct
{
unsigned char *buf;
size_t length;
} mbedtls_test_rnd_buf_info;
/**
* Info structure for the pseudo random function
*
* Key should be set at the start to a test-unique value.
* Do not forget endianness!
* State( v0, v1 ) should be set to zero.
*/
typedef struct
{
uint32_t key[16];
uint32_t v0, v1;
} mbedtls_test_rnd_pseudo_info;
/**
* This function just returns data from rand().
* Although predictable and often similar on multiple
* runs, this does not result in identical random on
* each run. So do not use this if the results of a
* test depend on the random data that is generated.
*
* rng_state shall be NULL.
*/
int mbedtls_test_rnd_std_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
* This function only returns zeros
*
* rng_state shall be NULL.
*/
int mbedtls_test_rnd_zero_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
* This function returns random based on a buffer it receives.
*
* rng_state shall be a pointer to a rnd_buf_info structure.
*
* The number of bytes released from the buffer on each call to
* the random function is specified by per_call. (Can be between
* 1 and 4)
*
* After the buffer is empty it will return rand();
*/
int mbedtls_test_rnd_buffer_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
* This function returns random based on a pseudo random function.
* This means the results should be identical on all systems.
* Pseudo random is based on the XTEA encryption algorithm to
* generate pseudorandom.
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
int mbedtls_test_rnd_pseudo_rand( void *rng_state,
unsigned char *output,
size_t len );
#endif /* TEST_RANDOM_H */

View file

@ -2,9 +2,22 @@
# all.sh # all.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved # Copyright (c) 2014-2017, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
@ -120,8 +133,17 @@ pre_initialize_variables () {
append_outcome=0 append_outcome=0
MEMORY=0 MEMORY=0
FORCE=0 FORCE=0
QUIET=0
KEEP_GOING=0 KEEP_GOING=0
# Seed value used with the --release-test option.
#
# See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
# both values are kept in sync. If you change the value here because it
# breaks some tests, you'll definitely want to change it in
# basic-build-test.sh as well.
RELEASE_SEED=1
: ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
export MBEDTLS_TEST_OUTCOME_FILE export MBEDTLS_TEST_OUTCOME_FILE
@ -200,6 +222,7 @@ Special options:
--list-components List components supported on this platform and exit. --list-components List components supported on this platform and exit.
General options: General options:
-q|--quiet Only output component names, and errors if any.
-f|--force Force the tests to overwrite any modified files. -f|--force Force the tests to overwrite any modified files.
-k|--keep-going Run all tests and report errors at the end. -k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests. -m|--memory Additional optional memory tests.
@ -215,11 +238,12 @@ General options:
--no-force Refuse to overwrite modified files (default). --no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default). --no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default). --no-memory No additional memory tests (default).
--no-quiet Print full ouput from components.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests. --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
--outcome-file=<path> File where test outcomes are written (not done if --outcome-file=<path> File where test outcomes are written (not done if
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
--random-seed Use a random seed value for randomized tests (default). --random-seed Use a random seed value for randomized tests (default).
-r|--release-test Run this script in release mode. This fixes the seed value to 1. -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
-s|--seed Integer seed value to use for this test run. -s|--seed Integer seed value to use for this test run.
Tool path options: Tool path options:
@ -288,6 +312,11 @@ msg()
else else
current_section="$1" current_section="$1"
fi fi
if [ $QUIET -eq 1 ]; then
return
fi
echo "" echo ""
echo "******************************************************************" echo "******************************************************************"
echo "* $current_section " echo "* $current_section "
@ -363,13 +392,15 @@ pre_parse_command_line () {
--no-force) FORCE=0;; --no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;; --no-keep-going) KEEP_GOING=0;;
--no-memory) MEMORY=0;; --no-memory) MEMORY=0;;
--no-quiet) QUIET=0;;
--openssl) shift; OPENSSL="$1";; --openssl) shift; OPENSSL="$1";;
--openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
--openssl-next) shift; OPENSSL_NEXT="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";;
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
--quiet|-q) QUIET=1;;
--random-seed) unset SEED;; --random-seed) unset SEED;;
--release-test|-r) SEED=1;; --release-test|-r) SEED=$RELEASE_SEED;;
--seed|-s) shift; SEED="$1";; --seed|-s) shift; SEED="$1";;
-*) -*)
echo >&2 "Unknown option: $1" echo >&2 "Unknown option: $1"
@ -449,7 +480,7 @@ pre_setup_keep_going () {
failure_summary="$failure_summary failure_summary="$failure_summary
$text" $text"
failure_count=$((failure_count + 1)) failure_count=$((failure_count + 1))
echo "${start_red}^^^^$text^^^^${end_color}" echo "${start_red}^^^^$text^^^^${end_color}" >&2
fi fi
} }
make () { make () {
@ -495,6 +526,24 @@ not() {
! "$@" ! "$@"
} }
pre_setup_quiet_redirect () {
if [ $QUIET -ne 1 ]; then
redirect_out () {
"$@"
}
redirect_err () {
"$@"
}
else
redirect_out () {
"$@" >/dev/null
}
redirect_err () {
"$@" 2>/dev/null
}
fi
}
pre_prepare_outcome_file () { pre_prepare_outcome_file () {
case "$MBEDTLS_TEST_OUTCOME_FILE" in case "$MBEDTLS_TEST_OUTCOME_FILE" in
[!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
@ -505,6 +554,10 @@ pre_prepare_outcome_file () {
} }
pre_print_configuration () { pre_print_configuration () {
if [ $QUIET -eq 1 ]; then
return
fi
msg "info: $0 configuration" msg "info: $0 configuration"
echo "MEMORY: $MEMORY" echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE" echo "FORCE: $FORCE"
@ -579,6 +632,11 @@ pre_check_tools () {
"$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
esac esac
# past this point, no call to check_tool, only printing output
if [ $QUIET -eq 1 ]; then
return
fi
msg "info: output_env.sh" msg "info: output_env.sh"
case $RUN_COMPONENTS in case $RUN_COMPONENTS in
*_armcc*) *_armcc*)
@ -644,7 +702,13 @@ component_check_names () {
component_check_test_cases () { component_check_test_cases () {
msg "Check: test case descriptions" # < 1s msg "Check: test case descriptions" # < 1s
record_status tests/scripts/check-test-cases.py if [ $QUIET -eq 1 ]; then
opt='--quiet'
else
opt=''
fi
record_status tests/scripts/check-test-cases.py $opt
unset opt
} }
component_check_doxygen_warnings () { component_check_doxygen_warnings () {
@ -1935,7 +1999,10 @@ component_check_python_files () {
component_check_generate_test_code () { component_check_generate_test_code () {
msg "uint test: generate_test_code.py" msg "uint test: generate_test_code.py"
record_status ./tests/scripts/test_generate_test_code.py # unittest writes out mundane stuff like number or tests run on stderr.
# Our convention is to reserve stderr for actual errors, and write
# harmless info on stdout so it can be suppress with --quiet.
record_status ./tests/scripts/test_generate_test_code.py 2>&1
} }
################################################################ ################################################################
@ -1966,13 +2033,18 @@ run_component () {
# Unconditionally create a seedfile that's sufficiently long. # Unconditionally create a seedfile that's sufficiently long.
# Do this before each component, because a previous component may # Do this before each component, because a previous component may
# have messed it up or shortened it. # have messed it up or shortened it.
dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1
# Run the component code. # Run the component code.
"$@" if [ $QUIET -eq 1 ]; then
# msg() is silenced, so just print the component name here
echo "${current_component#component_}"
fi
redirect_out "$@"
# Restore the build tree to a clean state. # Restore the build tree to a clean state.
cleanup cleanup
unset current_component
} }
# Preliminary setup # Preliminary setup
@ -1990,6 +2062,7 @@ else
"$@" "$@"
} }
fi fi
pre_setup_quiet_redirect
pre_prepare_outcome_file pre_prepare_outcome_file
pre_print_configuration pre_print_configuration
pre_check_tools pre_check_tools

View file

@ -2,9 +2,22 @@
# basic-build-tests.sh # basic-build-tests.sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2016, ARM Limited, All Rights Reserved # Copyright (c) 2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #
@ -43,6 +56,14 @@ fi
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
# Used to make ssl-opt.sh deterministic.
#
# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept
# in sync. If you change the value here because it breaks some tests, you'll
# definitely want to change it in all.sh as well.
: ${SEED:=1}
export SEED
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require # we just export the variables they require
export OPENSSL_CMD="$OPENSSL" export OPENSSL_CMD="$OPENSSL"
@ -218,10 +239,12 @@ echo
# Step 4e - Coverage # Step 4e - Coverage
echo "Coverage" echo "Coverage"
LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') LINES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p')
LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') LINES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p')
FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') FUNCS_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p')
FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') FUNCS_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p')
BRANCHES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* branches)$/\1/p')
BRANCHES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) branches)$/\1/p')
LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL))
LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))"
@ -229,11 +252,14 @@ LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))
FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL)) FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL))
FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))" FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))"
BRANCHES_PERCENT=$((1000*$BRANCHES_TESTED/$BRANCHES_TOTAL))
BRANCHES_PERCENT="$(($BRANCHES_PERCENT/10)).$(($BRANCHES_PERCENT-($BRANCHES_PERCENT/10)*10))"
echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%" echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%"
echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%"
echo "Branches Tested : $BRANCHES_TESTED of $BRANCHES_TOTAL $BRANCHES_PERCENT%"
echo echo
rm unit-test-$TEST_OUTPUT rm unit-test-$TEST_OUTPUT
rm sys-test-$TEST_OUTPUT rm sys-test-$TEST_OUTPUT
rm compat-test-$TEST_OUTPUT rm compat-test-$TEST_OUTPUT

View file

@ -7,6 +7,23 @@
# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen - # sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
# but that would warn about any undocumented item, while our goal is to find # but that would warn about any undocumented item, while our goal is to find
# items that are documented, but not marked as such by mistake. # items that are documented, but not marked as such by mistake.
#
# Copyright (C) 2012-2016, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings; use warnings;
use strict; use strict;

View file

@ -1,7 +1,21 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# This file is part of Mbed TLS (https://tls.mbed.org)
# Copyright (c) 2018, Arm Limited, All Rights Reserved # Copyright (c) 2018, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
""" """
This script checks the current state of the source code for minor issues, This script checks the current state of the source code for minor issues,

View file

@ -1,8 +1,21 @@
#! /usr/bin/env sh #! /usr/bin/env sh
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2018, ARM Limited, All Rights Reserved # Copyright (c) 2018, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -1,8 +1,21 @@
#!/bin/sh #!/bin/sh
# #
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved # Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu set -eu

View file

@ -1,8 +1,21 @@
#! /usr/bin/env sh #! /usr/bin/env sh
# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2018, Arm Limited, All Rights Reserved # Copyright (c) 2018, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose: # Purpose:
# #

View file

@ -3,6 +3,21 @@
# curves.pl # curves.pl
# #
# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -3,6 +3,21 @@
# depends-hashes.pl # depends-hashes.pl
# #
# Copyright (c) 2017, ARM Limited, All Rights Reserved # Copyright (c) 2017, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -3,6 +3,21 @@
# depends-pkalgs.pl # depends-pkalgs.pl
# #
# Copyright (c) 2017, ARM Limited, All Rights Reserved # Copyright (c) 2017, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

View file

@ -1,6 +1,23 @@
#!/bin/sh #!/bin/sh
# Make sure the doxygen documentation builds without warnings # Make sure the doxygen documentation builds without warnings
#
# Copyright (C) 2016, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# Abort on errors (and uninitiliased variables) # Abort on errors (and uninitiliased variables)
set -eu set -eu

View file

@ -3,6 +3,23 @@
# Based on NIST CTR_DRBG.rsp validation file # Based on NIST CTR_DRBG.rsp validation file
# Only uses AES-256-CTR cases that use a Derivation function # Only uses AES-256-CTR cases that use a Derivation function
# and concats nonce and personalization for initialization. # and concats nonce and personalization for initialization.
#
# Copyright (C) 2011, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -2,6 +2,23 @@
# #
# Based on NIST gcmDecryptxxx.rsp validation files # Based on NIST gcmDecryptxxx.rsp validation files
# Only first 3 of every set used for compile time saving # Only first 3 of every set used for compile time saving
#
# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -2,6 +2,23 @@
# #
# Based on NIST gcmEncryptIntIVxxx.rsp validation files # Based on NIST gcmEncryptIntIVxxx.rsp validation files
# Only first 3 of every set used for compile time saving # Only first 3 of every set used for compile time saving
#
# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -1,5 +1,21 @@
#!/usr/bin/env perl #!/usr/bin/env perl
# #
# Copyright (C) 2011-2015, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
use strict; use strict;

View file

@ -7,6 +7,23 @@
# Usage: generate-afl-tests.sh <test data file path> # Usage: generate-afl-tests.sh <test data file path>
# <test data file path> - should be the path to one of the test suite files # <test data file path> - should be the path to one of the test suite files
# such as 'test_suite_mpi.data' # such as 'test_suite_mpi.data'
#
# Copyright (C) 2016, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# Abort on errors # Abort on errors
set -e set -e

View file

@ -3,6 +3,21 @@
# key-exchanges.pl # key-exchanges.pl
# #
# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved # Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# #
# Purpose # Purpose
# #

Some files were not shown because too many files have changed in this diff Show more