From b1320f3319c1ce704deb3f1713b182b4d97fbe31 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 5 Oct 2019 11:27:39 +0200 Subject: [PATCH 001/138] Write a change log from mbedcrypto-2.0.0 to the merge of #75 Get started on writing a change log file for Mbed Crypto. I went through pull requests merged since the tag mbedcrypto-2.0.0 and up to #75, i.e. commit 9ab7c07f1f370636fcaa8bc02e6f45035fab1596. --- ChangeLog.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 ChangeLog.md diff --git a/ChangeLog.md b/ChangeLog.md new file mode 100644 index 000000000000..3e17237f2f58 --- /dev/null +++ b/ChangeLog.md @@ -0,0 +1,28 @@ +# Mbed Crypto change history + +## Unreleased changes + +### Interface changes + +* In the PSA API, forbid zero-length keys. To pass a zero-length input to a key derivation function, use a buffer instead (this is now always possible). + +### New features + +* Key derivation inputs in the PSA API can now either come from a key object or from a buffer regardless of the step type. + +### Bug fixes + +* Fix a buffer overflow in the PSA HMAC code when using a long key with an unsupported algorithm. Fixes #254. +* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. +* Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at most 2 bytes. + +### Performance improvements + +* Remove a useless call to mbedtls_ecp_group_free(). Contributed by Alexander Krizhanovsky in #210. +* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack Lloyd and Fortanix Inc in #277. + +### Other changes + +* Remove the technical possibility to define custom md_info structures, which was exposed only in an internal header. + +## Mbed Crypto 2.0.0 From 03954f253787d75e7cc5022d632f6e7df9d72ed6 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 16 Sep 2019 10:23:10 +0200 Subject: [PATCH 002/138] Make negative function_id value impossible in test suites --- tests/suites/host_test.function | 4 ++-- tests/suites/main_test.function | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 0f98d23aa6a5..bdbc5971513d 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -387,7 +387,7 @@ int execute_tests( int argc , const char ** argv ) const char **test_files = NULL; int testfile_count = 0; int option_verbose = 0; - int function_id = 0; + size_t function_id = 0; /* Other Local variables */ int arg_index = 1; @@ -564,7 +564,7 @@ int execute_tests( int argc , const char ** argv ) } #endif /* __unix__ || __APPLE__ __MACH__ */ - function_id = strtol( params[0], NULL, 10 ); + function_id = strtoul( params[0], NULL, 10 ); if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS ) { ret = convert_params( cnt - 1, params + 1, int_params ); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 5d15f2bbef3c..c73ab1a302ba 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -177,7 +177,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params) * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int dispatch_test( int func_idx, void ** params ) +int dispatch_test( size_t func_idx, void ** params ) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; @@ -208,7 +208,7 @@ int dispatch_test( int func_idx, void ** params ) * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int check_test( int func_idx ) +int check_test( size_t func_idx ) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; From 40b3f411ecb16522beb073e1131f8e727be29ea4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 13 Oct 2019 21:44:25 +0200 Subject: [PATCH 003/138] Changelog merging script assemble_changelog.py reads changelog entries from ChangeLog.d/*.md and merges them into ChangeLog.md. The changelog entries are merged into the first version in ChangeLog.md. The script does not yet support creating a new version in ChangeLog.md. The changelog entries are merged in alphabetical order of the file names. Future versions of this script are likely to adopt a different order that reflects the git history of the entries. --- ChangeLog.d/README | 21 +++ scripts/assemble_changelog.py | 241 ++++++++++++++++++++++++++++++++++ 2 files changed, 262 insertions(+) create mode 100644 ChangeLog.d/README create mode 100755 scripts/assemble_changelog.py diff --git a/ChangeLog.d/README b/ChangeLog.d/README new file mode 100644 index 000000000000..2f9f049f94c4 --- /dev/null +++ b/ChangeLog.d/README @@ -0,0 +1,21 @@ +This directory contains changelog entries that have not yet been merged +to the changelog file (../ChangeLog.md). + +A changelog entry file must have the extension *.md and must have the +following format: + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +### Section title + +* Change descritpion. +* Another change description. + +### Another section title + +* Yet another change description. +* Yet again another change description. + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +See STANDARD_SECTIONS in ../scripts/assemble_changelog.py for +recognized section titles. diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py new file mode 100755 index 000000000000..91db79350fda --- /dev/null +++ b/scripts/assemble_changelog.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python3 + +"""Assemble Mbed Crypto change log entries into the change log file. +""" + +# Copyright (C) 2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed Crypto (https://tls.mbed.org) + +import argparse +import glob +import os +import re +import sys + +class InputFormatError(Exception): + def __init__(self, filename, line_number, message, *args, **kwargs): + self.filename = filename + self.line_number = line_number + self.message = message.format(*args, **kwargs) + def __str__(self): + return '{}:{}: {}'.format(self.filename, self.line_number, self.message) + +STANDARD_SECTIONS = ( + b'Interface changes', + b'Default behavior changes', + b'Requirement changes', + b'New deprecations', + b'Removals', + b'New features', + b'Security', + b'Bug fixes', + b'Performance improvements', + b'Other changes', +) + +class ChangeLog: + """An Mbed Crypto changelog. + + A changelog is a file in Markdown format. Each level 2 section title + starts a version, and versions are sorted in reverse chronological + order. Lines with a level 2 section title must start with '##'. + + Within a version, there are multiple sections, each devoted to a kind + of change: bug fix, feature request, etc. Section titles should match + entries in STANDARD_SECTIONS exactly. + + Within each section, each separate change should be on a line starting + with a '*' bullet. There may be blank lines surrounding titles, but + there should not be any blank line inside a section. + """ + + _title_re = re.compile(br'#*') + def title_level(self, line): + """Determine whether the line is a title. + + Return (level, content) where level is the Markdown section level + (1 for '#', 2 for '##', etc.) and content is the section title + without leading or trailing whitespace. For a non-title line, + the level is 0. + """ + level = re.match(self._title_re, line).end() + return level, line[level:].strip() + + def add_sections(self, *sections): + """Add the specified section titles to the list of known sections. + + Sections will be printed back out in the order they were added. + """ + for section in sections: + if section not in self.section_content: + self.section_list.append(section) + self.section_content[section] = [] + + def __init__(self, input_stream): + """Create a changelog object. + + Read lines from input_stream, which is typically a file opened + for reading. + """ + level_2_seen = 0 + current_section = None + self.header = [] + self.section_list = [] + self.section_content = {} + self.add_sections(*STANDARD_SECTIONS) + self.trailer = [] + for line in input_stream: + level, content = self.title_level(line) + if level == 2: + level_2_seen += 1 + if level_2_seen <= 1: + self.header.append(line) + else: + self.trailer.append(line) + elif level == 3 and level_2_seen == 1: + current_section = content + self.add_sections(current_section) + elif level_2_seen == 1 and current_section != None: + if line.strip(): + self.section_content[current_section].append(line) + elif level_2_seen <= 1: + self.header.append(line) + else: + self.trailer.append(line) + + def add_file(self, input_stream): + """Add changelog entries from a file. + + Read lines from input_stream, which is typically a file opened + for reading. These lines must contain a series of level 3 + Markdown sections with recognized titles. The corresponding + content is injected into the respective sections in the changelog. + The section titles must be either one of the hard-coded values + in assemble_changelog.py or already present in ChangeLog.md. + """ + filename = input_stream.name + current_section = None + for line_number, line in enumerate(input_stream, 1): + if not line.strip(): + continue + level, content = self.title_level(line) + if level == 3: + current_section = content + if current_section not in self.section_content: + raise InputFormatError(filename, line_number, + 'Section {} is not recognized', + str(current_section)[1:]) + elif level == 0: + if current_section is None: + raise InputFormatError(filename, line_number, + 'Missing section title at the beginning of the file') + self.section_content[current_section].append(line) + else: + raise InputFormatError(filename, line_number, + 'Only level 3 headers (###) are permitted') + + def write(self, filename): + """Write the changelog to the specified file. + """ + with open(filename, 'wb') as out: + for line in self.header: + out.write(line) + for section in self.section_list: + lines = self.section_content[section] + while lines and not lines[0].strip(): + del lines[0] + while lines and not lines[-1].strip(): + del lines[-1] + if not lines: + continue + out.write(b'### ' + section + b'\n\n') + for line in lines: + out.write(line) + out.write(b'\n') + for line in self.trailer: + out.write(line) + +def finish_output(files_to_remove, changelog, output_file): + """Write the changelog to the output file. + + Remove the specified input files. + """ + if os.path.exists(output_file) and not os.path.isfile(output_file): + # The output is a non-regular file (e.g. pipe). Write to it directly. + output_temp = output_file + else: + # The output is a regular file. Write to a temporary file, + # then move it into place atomically. + output_temp = output_file + '.tmp' + changelog.write(output_temp) + for filename in files_to_remove: + sys.stderr.write('Removing ' + filename + '\n') + #os.remove(filename) + if output_temp != output_file: + os.rename(output_temp, output_file) + +def merge_entries(options): + """Merge changelog entries into the changelog file. + + Read the changelog file from options.input. + Read entries to merge from the directory options.dir. + Write the new changelog to options.output. + Remove the merged entries if options.keep_entries is false. + """ + with open(options.input, 'rb') as input_file: + changelog = ChangeLog(input_file) + files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) + if not files_to_merge: + sys.stderr.write('There are no pending changelog entries.\n') + return + for filename in files_to_merge: + with open(filename, 'rb') as input_file: + changelog.add_file(input_file) + files_to_remove = [] if options.keep_entries else files_to_merge + finish_output(files_to_remove, changelog, options.output) + +def set_defaults(options): + """Add default values for missing options.""" + output_file = getattr(options, 'output', None) + if output_file is None: + options.output = options.input + if getattr(options, 'keep_entries', None) is None: + options.keep_entries = (output_file is not None) + +def main(): + """Command line entry point.""" + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('--dir', '-d', metavar='DIR', + default='ChangeLog.d', + help='Directory to read entries from (default: ChangeLog.d)') + parser.add_argument('--input', '-i', metavar='FILE', + default='ChangeLog.md', + help='Existing changelog file to read from and augment (default: ChangeLog.md)') + parser.add_argument('--keep-entries', + action='store_true', dest='keep_entries', default=None, + help='Keep the files containing entries (default: remove them if --output/-o is not specified)') + parser.add_argument('--no-keep-entries', + action='store_false', dest='keep_entries', + help='Remove the files containing entries after they are merged (default: remove them if --output/-o is not specified)') + parser.add_argument('--output', '-o', metavar='FILE', + help='Output changelog file (default: overwrite the input)') + options = parser.parse_args() + set_defaults(options) + merge_entries(options) + +if __name__ == '__main__': + main() From 6527bd6dfcc6a08c4614d026a00df903a1f44dc9 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 21 Sep 2019 18:51:25 +0300 Subject: [PATCH 004/138] Fix issue #2718 (condition always false) --- ChangeLog | 6 ++++++ library/ssl_cli.c | 4 ++-- library/ssl_srv.c | 4 ++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 973f21300e6f..a01eda42f5f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.19.2 branch released xxxx-xx-xx + +Bugfix + * Remove a spurious check in ssl_parse_client_psk_identity that triggered + a warning with some compilers. Fix contributed by irwir in #2856. + = mbed TLS 2.19.1 branch released 2019-09-16 Features diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 57e5d8ab9725..78d1054ef440 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2339,7 +2339,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t len; + uint16_t len; ((void) ssl); /* @@ -2356,7 +2356,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( end - (*p) < (int) len ) + if( end - (*p) < len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b1da073ecef4..0c78ab412ede 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3810,7 +3810,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha const unsigned char *end ) { int ret = 0; - size_t n; + uint16_t n; if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) { @@ -3830,7 +3830,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha n = ( (*p)[0] << 8 ) | (*p)[1]; *p += 2; - if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) + if( n == 0 || n > end - *p ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); From f296cdb2aba1af147f80cedb275d7907ce3beb0e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 12:43:20 +0100 Subject: [PATCH 005/138] Fix formatting --- ChangeLog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 3e17237f2f58..06efdc7a5d97 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -18,11 +18,11 @@ ### Performance improvements -* Remove a useless call to mbedtls_ecp_group_free(). Contributed by Alexander Krizhanovsky in #210. +* Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by Alexander Krizhanovsky in #210. * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack Lloyd and Fortanix Inc in #277. ### Other changes -* Remove the technical possibility to define custom md_info structures, which was exposed only in an internal header. +* Remove the technical possibility to define custom `mbedtls_md_info` structures, which was exposed only in an internal header. ## Mbed Crypto 2.0.0 From 974232f045781a17b494f6993b2b02e150476653 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 12:43:29 +0100 Subject: [PATCH 006/138] Minor documentation improvements --- scripts/assemble_changelog.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 91db79350fda..be83fd18c1a8 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -88,8 +88,9 @@ def add_sections(self, *sections): def __init__(self, input_stream): """Create a changelog object. - Read lines from input_stream, which is typically a file opened - for reading. + Populate the changelog object from the content of the file + input_stream. This is typically a file opened for reading, but + can be any generator returning the lines to read. """ level_2_seen = 0 current_section = None @@ -125,7 +126,9 @@ def add_file(self, input_stream): Markdown sections with recognized titles. The corresponding content is injected into the respective sections in the changelog. The section titles must be either one of the hard-coded values - in assemble_changelog.py or already present in ChangeLog.md. + in STANDARD_SECTIONS in assemble_changelog.py or already present + in ChangeLog.md. Section titles must match byte-for-byte except that + leading or trailing whitespace is ignored. """ filename = input_stream.name current_section = None From 5e39c9e94f62d924ec94f8887baa088f05930b07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 14:55:37 +0100 Subject: [PATCH 007/138] Actually remove files Minor rework of how files are removed. Actually do remove the files (earlier I accidentally committed a debug version with removal commented out). --- scripts/assemble_changelog.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index be83fd18c1a8..1de57bbbb4b4 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -172,10 +172,9 @@ def write(self, filename): for line in self.trailer: out.write(line) -def finish_output(files_to_remove, changelog, output_file): +def finish_output(changelog, output_file): """Write the changelog to the output file. - Remove the specified input files. """ if os.path.exists(output_file) and not os.path.isfile(output_file): # The output is a non-regular file (e.g. pipe). Write to it directly. @@ -185,12 +184,13 @@ def finish_output(files_to_remove, changelog, output_file): # then move it into place atomically. output_temp = output_file + '.tmp' changelog.write(output_temp) - for filename in files_to_remove: - sys.stderr.write('Removing ' + filename + '\n') - #os.remove(filename) if output_temp != output_file: os.rename(output_temp, output_file) +def remove_merged_entries(files_to_remove): + for filename in files_to_remove: + os.remove(filename) + def merge_entries(options): """Merge changelog entries into the changelog file. @@ -208,8 +208,9 @@ def merge_entries(options): for filename in files_to_merge: with open(filename, 'rb') as input_file: changelog.add_file(input_file) - files_to_remove = [] if options.keep_entries else files_to_merge - finish_output(files_to_remove, changelog, options.output) + finish_output(changelog, options.output) + if not options.keep_entries: + remove_merged_entries(files_to_merge) def set_defaults(options): """Add default values for missing options.""" From 8c4a84c5ded7bb19a5a607591b38971ed79b0a11 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 15:40:39 +0100 Subject: [PATCH 008/138] Split read_main_file out of the ChangeLog constructor Keep the constructor code simple. No behavior change. --- scripts/assemble_changelog.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 1de57bbbb4b4..1e59bb0bcaf3 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -92,13 +92,22 @@ def __init__(self, input_stream): input_stream. This is typically a file opened for reading, but can be any generator returning the lines to read. """ - level_2_seen = 0 - current_section = None self.header = [] self.section_list = [] self.section_content = {} self.add_sections(*STANDARD_SECTIONS) self.trailer = [] + self.read_main_file(input_stream) + + def read_main_file(self, input_stream): + """Populate the changelog object from the content of the file. + + This method is only intended to be called as part of the constructor + of the class and may not act sensibly on an object that is already + partially populated. + """ + level_2_seen = 0 + current_section = None for line in input_stream: level, content = self.title_level(line) if level == 2: From 566407d6f68e906946ff80648c2bde9024bda192 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 15:55:36 +0100 Subject: [PATCH 009/138] Simpler definition of a custom exception class --- scripts/assemble_changelog.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 1e59bb0bcaf3..bba2c39c4e2a 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -28,11 +28,9 @@ class InputFormatError(Exception): def __init__(self, filename, line_number, message, *args, **kwargs): - self.filename = filename - self.line_number = line_number - self.message = message.format(*args, **kwargs) - def __str__(self): - return '{}:{}: {}'.format(self.filename, self.line_number, self.message) + message = '{}:{}: {}'.format(filename, line_number, + message.format(*args, **kwargs)) + super().__init__(message) STANDARD_SECTIONS = ( b'Interface changes', From 6e91009cfe0bf578ee6afb0cba09f188a238f4af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 15:58:18 +0100 Subject: [PATCH 010/138] Split strings on some very long lines --- scripts/assemble_changelog.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index bba2c39c4e2a..e6ebe6f5c27a 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -232,18 +232,23 @@ def main(): parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('--dir', '-d', metavar='DIR', default='ChangeLog.d', - help='Directory to read entries from (default: ChangeLog.d)') + help='Directory to read entries from' + ' (default: ChangeLog.d)') parser.add_argument('--input', '-i', metavar='FILE', default='ChangeLog.md', - help='Existing changelog file to read from and augment (default: ChangeLog.md)') + help='Existing changelog file to read from and augment' + ' (default: ChangeLog.md)') parser.add_argument('--keep-entries', action='store_true', dest='keep_entries', default=None, - help='Keep the files containing entries (default: remove them if --output/-o is not specified)') + help='Keep the files containing entries' + ' (default: remove them if --output/-o is not specified)') parser.add_argument('--no-keep-entries', action='store_false', dest='keep_entries', - help='Remove the files containing entries after they are merged (default: remove them if --output/-o is not specified)') + help='Remove the files containing entries after they are merged' + ' (default: remove them if --output/-o is not specified)') parser.add_argument('--output', '-o', metavar='FILE', - help='Output changelog file (default: overwrite the input)') + help='Output changelog file' + ' (default: overwrite the input)') options = parser.parse_args() set_defaults(options) merge_entries(options) From 2b242495e12ffb9010c177fa2d62fc01854e70b8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 15:41:50 +0100 Subject: [PATCH 011/138] Add a sanity check on the output Check that no line from any of the input files was lost. This is not perfect for several reasons. It doesn't check that the content goes to the desired location. It doesn't check that sections are created as necessary. It doesn't support whitespace normalization that the parsing code does. But it's a good start. --- scripts/assemble_changelog.py | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index e6ebe6f5c27a..b9a647f2af45 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -32,6 +32,11 @@ def __init__(self, filename, line_number, message, *args, **kwargs): message.format(*args, **kwargs)) super().__init__(message) +class LostContent(Exception): + def __init__(self, filename, line): + message = ('Lost content from {}: "{}"'.format(filename, line)) + super().__init__(message) + STANDARD_SECTIONS = ( b'Interface changes', b'Default behavior changes', @@ -179,9 +184,30 @@ def write(self, filename): for line in self.trailer: out.write(line) -def finish_output(changelog, output_file): +def check_output(generated_output_file, main_input_file, merged_files): + """Make sanity checks on the generated output. + + The intent of these sanity checks is to have reasonable confidence + that no content has been lost. + + The sanity check is that every line that is present in an input file + is also present in an output file. This is not perfect but good enough + for now. + """ + generated_output = set(open(generated_output_file, 'rb')) + for line in open(main_input_file, 'rb'): + if line not in generated_output: + raise LostContent('original file', line) + for merged_file in merged_files: + for line in open(merged_file, 'rb'): + if line not in generated_output: + raise LostContent(merged_file, line) + +def finish_output(changelog, output_file, input_file, merged_files): """Write the changelog to the output file. + The input file and the list of merged files are used only for sanity + checks on the output. """ if os.path.exists(output_file) and not os.path.isfile(output_file): # The output is a non-regular file (e.g. pipe). Write to it directly. @@ -191,6 +217,7 @@ def finish_output(changelog, output_file): # then move it into place atomically. output_temp = output_file + '.tmp' changelog.write(output_temp) + check_output(output_temp, input_file, merged_files) if output_temp != output_file: os.rename(output_temp, output_file) @@ -215,7 +242,7 @@ def merge_entries(options): for filename in files_to_merge: with open(filename, 'rb') as input_file: changelog.add_file(input_file) - finish_output(changelog, options.output) + finish_output(changelog, options.output, options.input, files_to_merge) if not options.keep_entries: remove_merged_entries(files_to_merge) From c26479c1af343aa74d2605bfbf5d37622014144a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Jan 2020 17:56:28 +0100 Subject: [PATCH 012/138] Update ChangeLog up to mbedcrypto-3.0.0d0 --- ChangeLog.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 06efdc7a5d97..fd537da26d1c 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -5,24 +5,40 @@ ### Interface changes * In the PSA API, forbid zero-length keys. To pass a zero-length input to a key derivation function, use a buffer instead (this is now always possible). +* Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and `psa_asymmetric_verify()` to `psa_verify_hash()`. + +### Default behavior changes + +* The initial seeding of a CTR\_DRBG instance makes a second call to the entropy function to obtain entropy for a nonce if the entropy size is less than 3/2 times the key size. In case you want to disable the extra call to grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the nonce length to 0. ### New features * Key derivation inputs in the PSA API can now either come from a key object or from a buffer regardless of the step type. +* The CTR_DRBG module can grab a nonce from the entropy source during the initial seeding. The default nonce length is chosen based on the key size to achieve the security strength defined by NIST SP 800-90A. You can change it with `mbedtls_ctr_drbg_set_nonce_len()`. +* Add ENUMERATED tag support to the ASN.1 module. Contributed by msopiha-linaro in #307. + +### Security + +* Enforce that `mbedtls_entropy_func()` gathers a total of `MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the default configuration, on a platform with a single entropy source, the entropy module formerly only grabbed 32 bytes, which is good enough for security if the source is genuinely strong, but less than the expected 64 bytes (size of the entropy accumulator). ### Bug fixes * Fix a buffer overflow in the PSA HMAC code when using a long key with an unsupported algorithm. Fixes #254. -* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. +* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit to OSS-Fuzz for finding a bug in an intermediate version of the fix. * Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at most 2 bytes. +* `mbedtls_ctr_drbg_set_entropy_len()` and `mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before `mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`. +* Fix some false-positive uninitialized variable warnings. Fix contributed by apple-ihack-geek in ARMmbed/mbedtls#2663. ### Performance improvements * Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by Alexander Krizhanovsky in #210. * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack Lloyd and Fortanix Inc in #277. +* Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by Alexander Krizhanovsky in #308. ### Other changes * Remove the technical possibility to define custom `mbedtls_md_info` structures, which was exposed only in an internal header. +* `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as before). +* Variables containing error codes are now initialized to an error code rather than success, so that coding mistakes or memory corruption tends to cause functions to return this error code rather than a success. There are no known instances where this changes the behavior of the library: this is merely a robustness improvement. #323 ## Mbed Crypto 2.0.0 From d8b6c77388f2c6756aa16bfe3932d956b4d1d2d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Jan 2020 18:57:47 +0100 Subject: [PATCH 013/138] Use OrderedDict instead of reinventing it --- scripts/assemble_changelog.py | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index b9a647f2af45..3d82c1127082 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -21,6 +21,7 @@ # This file is part of Mbed Crypto (https://tls.mbed.org) import argparse +from collections import OrderedDict import glob import os import re @@ -78,16 +79,6 @@ def title_level(self, line): level = re.match(self._title_re, line).end() return level, line[level:].strip() - def add_sections(self, *sections): - """Add the specified section titles to the list of known sections. - - Sections will be printed back out in the order they were added. - """ - for section in sections: - if section not in self.section_content: - self.section_list.append(section) - self.section_content[section] = [] - def __init__(self, input_stream): """Create a changelog object. @@ -96,9 +87,9 @@ def __init__(self, input_stream): can be any generator returning the lines to read. """ self.header = [] - self.section_list = [] - self.section_content = {} - self.add_sections(*STANDARD_SECTIONS) + self.section_content = OrderedDict() + for section in STANDARD_SECTIONS: + self.section_content[section] = [] self.trailer = [] self.read_main_file(input_stream) @@ -121,7 +112,7 @@ def read_main_file(self, input_stream): self.trailer.append(line) elif level == 3 and level_2_seen == 1: current_section = content - self.add_sections(current_section) + self.section_content.setdefault(content, []) elif level_2_seen == 1 and current_section != None: if line.strip(): self.section_content[current_section].append(line) @@ -169,8 +160,7 @@ def write(self, filename): with open(filename, 'wb') as out: for line in self.header: out.write(line) - for section in self.section_list: - lines = self.section_content[section] + for section, lines in self.section_content.items(): while lines and not lines[0].strip(): del lines[0] while lines and not lines[-1].strip(): From 974349d40e69b4e93102abebc79dd54e7beeb4bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Jan 2020 19:00:59 +0100 Subject: [PATCH 014/138] Style: follow PEP8 --- scripts/assemble_changelog.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 3d82c1127082..616978e322e6 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -113,7 +113,7 @@ def read_main_file(self, input_stream): elif level == 3 and level_2_seen == 1: current_section = content self.section_content.setdefault(content, []) - elif level_2_seen == 1 and current_section != None: + elif level_2_seen == 1 and current_section is not None: if line.strip(): self.section_content[current_section].append(line) elif level_2_seen <= 1: From 37d670a1e17f86b3411fdf15c643b4e1caf7a503 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Jan 2020 19:14:15 +0100 Subject: [PATCH 015/138] Document read_main_file and simplify the logic a little --- scripts/assemble_changelog.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 616978e322e6..1d4755708c59 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -86,10 +86,15 @@ def __init__(self, input_stream): input_stream. This is typically a file opened for reading, but can be any generator returning the lines to read. """ + # Content before the level-2 section where the new entries are to be + # added. self.header = [] + # Content of the level-3 sections of where the new entries are to + # be added. self.section_content = OrderedDict() for section in STANDARD_SECTIONS: self.section_content[section] = [] + # Content of level-2 sections for already-released versions. self.trailer = [] self.read_main_file(input_stream) @@ -100,21 +105,23 @@ def read_main_file(self, input_stream): of the class and may not act sensibly on an object that is already partially populated. """ + # Parse the first level-2 section. Everything before the first + # level-3 section title ("###...") following the first level-2 + # section title ("##...") is passed through as the header + # and everything after the second level-2 section title is passed + # through as the trailer. Inside the first level-2 section, + # split out the level-3 sections. level_2_seen = 0 current_section = None for line in input_stream: level, content = self.title_level(line) if level == 2: level_2_seen += 1 - if level_2_seen <= 1: - self.header.append(line) - else: - self.trailer.append(line) elif level == 3 and level_2_seen == 1: current_section = content self.section_content.setdefault(content, []) - elif level_2_seen == 1 and current_section is not None: - if line.strip(): + if level_2_seen == 1 and current_section is not None: + if level != 3 and line.strip(): self.section_content[current_section].append(line) elif level_2_seen <= 1: self.header.append(line) From da14e8225e48250375c2f9aa07d195f7f5e9a5b8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Jan 2020 19:21:11 +0100 Subject: [PATCH 016/138] Remove useless blank line removal in ChangeLog.write The parsing functions eliminate blank lines, so there shouldn't be any at this stage. --- scripts/assemble_changelog.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 1d4755708c59..a5a114c6722f 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -168,10 +168,6 @@ def write(self, filename): for line in self.header: out.write(line) for section, lines in self.section_content.items(): - while lines and not lines[0].strip(): - del lines[0] - while lines and not lines[-1].strip(): - del lines[-1] if not lines: continue out.write(b'### ' + section + b'\n\n') From a26079613a0fb75ba616657f9e15a73912a056ef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Jan 2020 19:58:17 +0100 Subject: [PATCH 017/138] Create a new level-2 section if needed Automatically create a level-2 section for unreleased changes if needed. --- scripts/assemble_changelog.py | 39 ++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index a5a114c6722f..04a5d6c39e7a 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -1,6 +1,10 @@ #!/usr/bin/env python3 """Assemble Mbed Crypto change log entries into the change log file. + +Add changelog entries to the first level-2 section. +Create a new level-2 section for unreleased changes if needed. +Remove the input files unless --keep-entries is specified. """ # Copyright (C) 2019, Arm Limited, All Rights Reserved @@ -79,6 +83,28 @@ def title_level(self, line): level = re.match(self._title_re, line).end() return level, line[level:].strip() + # Only accept dotted version numbers (e.g. "3.1", not "3"). + # Refuse ".x" in a version number: this indicates a version that is + # not yet released. + _version_number_re = re.compile(br'[0-9]\.[0-9][0-9.]+([^.]|\.[^0-9x])') + + def section_is_released_version(self, title): + """Whether this section is for a released version. + + True if the given level-2 section title indicates that this section + contains released changes, otherwise False. + """ + # Assume that a released version has a numerical version number + # that follows a particular pattern. These criteria may be revised + # as needed in future versions of this script. + version_number = re.search(self._version_number_re, title) + return bool(version_number) + + def unreleased_version_title(self): + """The title to use if creating a new section for an unreleased version.""" + # pylint: disable=no-self-use; this method may be overridden + return b'Unreleased changes' + def __init__(self, input_stream): """Create a changelog object. @@ -105,18 +131,29 @@ def read_main_file(self, input_stream): of the class and may not act sensibly on an object that is already partially populated. """ - # Parse the first level-2 section. Everything before the first + # Parse the first level-2 section, containing changelog entries + # for unreleased changes. + # If we'll be expanding this section, everything before the first # level-3 section title ("###...") following the first level-2 # section title ("##...") is passed through as the header # and everything after the second level-2 section title is passed # through as the trailer. Inside the first level-2 section, # split out the level-3 sections. + # If we'll be creating a new version, the header is everything + # before the point where we want to add the level-2 section + # for this version, and the trailer is what follows. level_2_seen = 0 current_section = None for line in input_stream: level, content = self.title_level(line) if level == 2: level_2_seen += 1 + if level_2_seen == 1: + if self.section_is_released_version(content): + self.header.append(b'## ' + + self.unreleased_version_title() + + b'\n\n') + level_2_seen = 2 elif level == 3 and level_2_seen == 1: current_section = content self.section_content.setdefault(content, []) From d437309ae2ca166d081f0f0453d3290fb1328587 Mon Sep 17 00:00:00 2001 From: Ercan Ozturk Date: Tue, 28 Jan 2020 21:51:04 -0800 Subject: [PATCH 018/138] Fix debug message by using the correct function name called --- programs/pkey/ecdsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index b851c3173ad0..9feb16090714 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -189,7 +189,7 @@ int main( int argc, char *argv[] ) sig, &sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret ); goto exit; } mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len ); From afc9db8bb71bd76dce45f5246f9ea5b52d59a700 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jan 2020 11:38:01 +0100 Subject: [PATCH 019/138] Fix version number recognition heuristics The regexp was wrong, for example it matched "2.20x" but failed to match "3.1". Some test cases: >>> def f(title): ... version_number = re.search(_version_number_re, title) ... if version_number: ... return not re.search(_incomplete_version_number_re, ... version_number.group(0)) ... else: ... return False ... >>> [(s, f(s.encode('ascii'))) for s in ['foo', 'foo 3', 'foo 3.', 'foo 3.1', 'foo 3.14', 'foo 3.2.1', 'foo 3.2.1alpha', 'foo 3.1.a', 'foo 3.a', 'foo 3.x.1']] [('foo', False), ('foo 3', False), ('foo 3.', False), ('foo 3.1', True), ('foo 3.14', True), ('foo 3.2.1', True), ('foo 3.2.1alpha', True), ('foo 3.1.a', False), ('foo 3.a', False), ('foo 3.x.1', False)] --- scripts/assemble_changelog.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 04a5d6c39e7a..a3f7201679d3 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -84,9 +84,10 @@ def title_level(self, line): return level, line[level:].strip() # Only accept dotted version numbers (e.g. "3.1", not "3"). - # Refuse ".x" in a version number: this indicates a version that is - # not yet released. - _version_number_re = re.compile(br'[0-9]\.[0-9][0-9.]+([^.]|\.[^0-9x])') + # Refuse ".x" in a version number where x is a letter: this indicates + # a version that is not yet released. Something like "3.1a" is accepted. + _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') + _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') def section_is_released_version(self, title): """Whether this section is for a released version. @@ -98,7 +99,11 @@ def section_is_released_version(self, title): # that follows a particular pattern. These criteria may be revised # as needed in future versions of this script. version_number = re.search(self._version_number_re, title) - return bool(version_number) + if version_number: + return not re.search(self._incomplete_version_number_re, + version_number.group(0)) + else: + return False def unreleased_version_title(self): """The title to use if creating a new section for an unreleased version.""" From 49f8e3157c5571bbaee62cf4fb12f8c7154f7d29 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 3 Mar 2020 15:51:50 +0000 Subject: [PATCH 020/138] Fix warning with gcc7/maximum allocation exceeded Adds an additional boundary check to the test parameter bytes_arg in generate_random() in test_suite_psa_crypto.function. This is to check against a possible underflow, and to avoid a warning, "argument ... exceeds maximum object size", (-Werror=alloc-size-larger-than) that GCC 7 generates. Signed-off-by: Simon Butcher --- tests/suites/test_suite_psa_crypto.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b6e6e5a970a0..bc95f6fb0a99 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5297,6 +5297,8 @@ void generate_random( int bytes_arg ) size_t i; unsigned run; + TEST_ASSERT( bytes_arg >= 0 ); + ASSERT_ALLOC( output, bytes + sizeof( trail ) ); ASSERT_ALLOC( changed, bytes ); memcpy( output + bytes, trail, sizeof( trail ) ); From 1b7a780e65901c36d1e522f1984378ceace96a82 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 24 Mar 2020 12:52:12 -0400 Subject: [PATCH 021/138] Increase test coverage by adding AES and CAMELLIA empty buffer tests Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_cipher.aes.data | 4 ++++ tests/suites/test_suite_cipher.camellia.data | 6 +++++- tests/suites/test_suite_cipher.gcm.data | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 6293408d4fea..4dbdd52529a4 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1062,6 +1062,10 @@ AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32 +AES-256 CBC - Decrypt empty buffer +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_AES_256_CBC:0:0 + AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index 667f424fef11..3e7bffa45b23 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -1,7 +1,11 @@ -CAMELLIA CBC Decrypt empty buffer +CAMELLIA-128 CBC - Decrypt empty buffer depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:0:0 +CAMELLIA-256 CBC - Decrypt empty buffer +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:0:0 + CAMELLIA Encrypt and decrypt 0 bytes [#1] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1 diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index c526b2e56322..8d728bd067e0 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -2,6 +2,10 @@ CAMELLIA GCM Decrypt empty buffer depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0 +AES GCM Decrypt empty buffer +depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C +dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0 + Aria GCM Decrypt empty buffer depends_on:MBEDTLS_ARIA_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM:0:0 From 56e99d623d05e35692d022e807a66365b222919b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 15:07:57 +0100 Subject: [PATCH 022/138] Make sure to use a Python 3 pylint On some systems, such as Ubuntu up to 19.04, `pylint` is for Python 2 and `pylint3` is for Python 3, so we should not use `pylint` even if it's available. Use the Python module instead of the trivial shell wrapper. This way we can make sure to use the correct Python version. Fix #3111 Signed-off-by: Gilles Peskine --- tests/scripts/check-python-files.sh | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 6b864d264a92..cd18518caef9 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -9,15 +9,10 @@ # Run 'pylint' on Python files for programming errors and helps enforcing # PEP8 coding standards. -# Find the installed version of Pylint. Installed as a distro package this can -# be pylint3 and as a PEP egg, pylint. We prefer pylint over pylint3 -if type pylint >/dev/null 2>/dev/null; then - PYLINT=pylint -elif type pylint3 >/dev/null 2>/dev/null; then - PYLINT=pylint3 +if type python3 >/dev/null 2>/dev/null; then + PYTHON=python3 else - echo 'Pylint was not found.' - exit 1 + PYTHON=python fi -$PYLINT -j 2 scripts/*.py tests/scripts/*.py +$PYTHON -m pylint -j 2 scripts/*.py tests/scripts/*.py From 13c95c4d74436937e653bd4b214fcc333ed6cc70 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 15:09:13 +0100 Subject: [PATCH 023/138] Make check_python_files non-optional in all.sh check_python_files was optional in all.sh because we used to have CI machines where pylint wasn't available. But this had the downside that check_python_files kept breaking because it wasn't checked in the CI. Now our CI has pylint and check_python_files should not be optional. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9b69aa204a54..93d239ec5cd1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1750,15 +1750,6 @@ component_test_zeroize () { unset gdb_disable_aslr } -support_check_python_files () { - # Find the installed version of Pylint. Installed as a distro package this can - # be pylint3 and as a PEP egg, pylint. - if type pylint >/dev/null 2>/dev/null || type pylint3 >/dev/null 2>/dev/null; then - true; - else - false; - fi -} component_check_python_files () { msg "Lint: Python scripts" record_status tests/scripts/check-python-files.sh From ce674a90c5cea0f2a89ece4dab805bfaea789886 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 15:37:00 +0100 Subject: [PATCH 024/138] Clearer code to search for config.h Don't use a function argument as a for loop variable. It worked (mostly) but Pylint frowns on it (redefined-argument-from-local) and I think Pylint has a point. If the configuration file is not found, raise an exception mentioning the search path rather than just its last element. Signed-off-by: Gilles Peskine --- scripts/config.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index b7a9a080e4df..d6eb2e48c1f3 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -283,9 +283,13 @@ class ConfigFile(Config): def __init__(self, filename=None): """Read the Mbed TLS configuration file.""" if filename is None: - for filename in self.default_path: - if os.path.lexists(filename): + for candidate in self.default_path: + if os.path.lexists(candidate): + filename = candidate break + else: + raise Exception('Mbed TLS configuration file not found', + self.default_path) super().__init__() self.filename = filename self.current_section = 'header' From e22a4dacf76fff5456573729084957a46658bb9d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 15:43:49 +0100 Subject: [PATCH 025/138] Explicit return value from main Rather than sometimes returning an integer, sometimes a boolean and sometimes implicitly returning None, always return 0 for success and 1 for failure. No behavior change for the program as a whole, since the None/True/False values were implicitly converted to the desired numerical value. Signed-off-by: Gilles Peskine --- scripts/config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index d6eb2e48c1f3..20521a57a992 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -452,7 +452,7 @@ def add_adapter(name, function, description): value = config[args.symbol] if value: sys.stdout.write(value + '\n') - return args.symbol not in config + return 0 if args.symbol in config else 1 elif args.command == 'set': if not args.force and args.symbol not in config.settings: sys.stderr.write("A #define for the symbol {} " @@ -465,6 +465,7 @@ def add_adapter(name, function, description): else: config.adapt(args.adapter) config.write(args.write) + return 0 # Import modules only used by main only if main is defined and called. # pylint: disable=wrong-import-position From 49f467903f18b4cba483cb3753d8f1d9b68e6cce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 16:07:40 +0100 Subject: [PATCH 026/138] Pylint: allow if-return-else-return Allow the perfectly reasonable idiom if condition1: return value1 else: return value2 Signed-off-by: Gilles Peskine --- .pylintrc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index 037717e35442..9f5b1c4cce01 100644 --- a/.pylintrc +++ b/.pylintrc @@ -40,7 +40,12 @@ max-attributes=15 max-module-lines=2000 [MESSAGES CONTROL] -disable= +# * no-else-return: Allow the perfectly reasonable idiom +# if condition1: +# return value1 +# else: +# return value2 +disable=no-else-return [REPORTS] # Don't diplay statistics. Just the facts. From 46c54c0a528469b5a98334db485b9711340003af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 16:39:30 +0100 Subject: [PATCH 027/138] Pylint: disable logging-format-interpolation warning Pylint warns about things like ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. This is of minor utility (mainly a performance gain when there are many messages that use formatting and are below the log level). Some versions of Pylint (including 1.8, which is the version on Ubuntu 18.04) only recognize old-style format strings using '%', and complain about something like ``log.info('{}', foo)`` with logging-too-many-args (Pylint supports new-style formatting if declared globally with logging_format_style under [LOGGING] but this requires Pylint >=2.2). Disable this warning to remain compatible with Pylint 1.8 and not have to change abi_check.py to use %-formats instead of {}-formats when logging. Signed-off-by: Gilles Peskine --- .pylintrc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index 9f5b1c4cce01..a5df688d97c9 100644 --- a/.pylintrc +++ b/.pylintrc @@ -40,12 +40,22 @@ max-attributes=15 max-module-lines=2000 [MESSAGES CONTROL] +# * logging-format-interpolation: Pylint warns about things like +# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. +# This is of minor utility (mainly a performance gain when there are +# many messages that use formatting and are below the log level). +# Some versions of Pylint (including 1.8, which is the version on +# Ubuntu 18.04) only recognize old-style format strings using '%', +# and complain about something like ``log.info('{}', foo)`` with +# logging-too-many-args (Pylint supports new-style formatting if +# declared globally with logging_format_style under [LOGGING] but +# this requires Pylint >=2.2). # * no-else-return: Allow the perfectly reasonable idiom # if condition1: # return value1 # else: # return value2 -disable=no-else-return +disable=logging-format-interpolation,no-else-return [REPORTS] # Don't diplay statistics. Just the facts. From cdcb187eb2764fdc3a6458c035f818d1020c05e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 24 Mar 2020 11:50:07 +0100 Subject: [PATCH 028/138] Have issue and PR templates redirect to Mbed TLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/issue_template.md | 48 +++++--------------------------- .github/pull_request_template.md | 10 +++++++ 2 files changed, 17 insertions(+), 41 deletions(-) create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md index 7d4f1e84076e..a3faf2e1c38e 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -1,44 +1,10 @@ - - -### Description - - - - -### Issue request type - - - [ ] Question - [ ] Enhancement - [ ] Bug +Please open your issue in the mbedtls repository: +https://github.com/ARMmbed/mbedtls/issues/new +Thanks for your interest in Mbed Crypto! diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000000..9ece01afb28f --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,10 @@ +We are no longer accepting new pull requests in this repository +=============================================================== + +Mbed Crypto is now maintained as part of Mbed TLS, see +https://github.com/ARMmbed/mbedtls/issues/3064 + +Please open your pull request in the mbedtls repository: +https://github.com/ARMmbed/mbedtls/pulls + +Thanks for your interest in Mbed Crypto! From bca8aa07b07552461d9275b66b7fe46e847dc6d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 24 Mar 2020 12:11:49 +0100 Subject: [PATCH 029/138] Update references from drafts to RFCs in config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/config.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d5502a9473be..901e26d897c4 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1520,8 +1520,8 @@ /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). + * Enable support for RFC 7627: Session Hash and Extended Master Secret + * Extension. * * This was introduced as "the proper fix" to the Triple Handshake familiy of * attacks, but it is recommended to always use it (even if you disable @@ -1539,7 +1539,8 @@ /** * \def MBEDTLS_SSL_FALLBACK_SCSV * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). + * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV) + * for Preventing Protocol Downgrade Attacks. * * For servers, it is recommended to always enable this, unless you support * only one version of TLS, or know for sure that none of your clients From 854770b84e4fdbf479827cf26bbbbdc409350a7c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Mar 2020 17:13:19 +0100 Subject: [PATCH 030/138] Temporarily remove ChangeLog.md All the content that is currently in ChangeLog.md is the result of merging Mbed Crypto, and that content is already present in ChangeLog. Since we aren't using ChangeLog.md yet, remove it for now. Signed-off-by: Gilles Peskine --- ChangeLog.md | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 ChangeLog.md diff --git a/ChangeLog.md b/ChangeLog.md deleted file mode 100644 index fd537da26d1c..000000000000 --- a/ChangeLog.md +++ /dev/null @@ -1,44 +0,0 @@ -# Mbed Crypto change history - -## Unreleased changes - -### Interface changes - -* In the PSA API, forbid zero-length keys. To pass a zero-length input to a key derivation function, use a buffer instead (this is now always possible). -* Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and `psa_asymmetric_verify()` to `psa_verify_hash()`. - -### Default behavior changes - -* The initial seeding of a CTR\_DRBG instance makes a second call to the entropy function to obtain entropy for a nonce if the entropy size is less than 3/2 times the key size. In case you want to disable the extra call to grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the nonce length to 0. - -### New features - -* Key derivation inputs in the PSA API can now either come from a key object or from a buffer regardless of the step type. -* The CTR_DRBG module can grab a nonce from the entropy source during the initial seeding. The default nonce length is chosen based on the key size to achieve the security strength defined by NIST SP 800-90A. You can change it with `mbedtls_ctr_drbg_set_nonce_len()`. -* Add ENUMERATED tag support to the ASN.1 module. Contributed by msopiha-linaro in #307. - -### Security - -* Enforce that `mbedtls_entropy_func()` gathers a total of `MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the default configuration, on a platform with a single entropy source, the entropy module formerly only grabbed 32 bytes, which is good enough for security if the source is genuinely strong, but less than the expected 64 bytes (size of the entropy accumulator). - -### Bug fixes - -* Fix a buffer overflow in the PSA HMAC code when using a long key with an unsupported algorithm. Fixes #254. -* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit to OSS-Fuzz for finding a bug in an intermediate version of the fix. -* Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at most 2 bytes. -* `mbedtls_ctr_drbg_set_entropy_len()` and `mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before `mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`. -* Fix some false-positive uninitialized variable warnings. Fix contributed by apple-ihack-geek in ARMmbed/mbedtls#2663. - -### Performance improvements - -* Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by Alexander Krizhanovsky in #210. -* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack Lloyd and Fortanix Inc in #277. -* Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by Alexander Krizhanovsky in #308. - -### Other changes - -* Remove the technical possibility to define custom `mbedtls_md_info` structures, which was exposed only in an internal header. -* `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as before). -* Variables containing error codes are now initialized to an error code rather than success, so that coding mistakes or memory corruption tends to cause functions to return this error code rather than a success. There are no known instances where this changes the behavior of the library: this is merely a robustness improvement. #323 - -## Mbed Crypto 2.0.0 From e40a2f7a9971963ae2a3cb29bc6ae19173df1048 Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Wed, 25 Mar 2020 16:57:00 +0000 Subject: [PATCH 031/138] Improve documentation about PSK configuration Signed-off-by: Guilhem Bryant --- include/mbedtls/ssl.h | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1a071fc30b10..e9d1c1ea7e21 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2682,6 +2682,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \note This is mainly useful for clients. Servers will usually * want to use \c mbedtls_ssl_conf_psk_cb() instead. * + * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback + * takes precedence over a PSK configured by this function. + * * \warning Currently, clients can only register a single pre-shared key. * Calling this function or mbedtls_ssl_conf_psk_opaque() more * than once will overwrite values configured in previous calls. @@ -2715,6 +2718,10 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, * \note This is mainly useful for clients. Servers will usually * want to use \c mbedtls_ssl_conf_psk_cb() instead. * + * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in + * the PSK callback takes precedence over an opaque PSK + * configured by this function. + * * \warning Currently, clients can only register a single pre-shared key. * Calling this function or mbedtls_ssl_conf_psk() more than * once will overwrite values configured in previous calls. @@ -2752,6 +2759,9 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, * \note This should only be called inside the PSK callback, * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). * + * \note A PSK set by this function takes precedence over a PSK + * configured by \c mbedtls_ssl_conf_psk(). + * * \param ssl The SSL context to configure a PSK for. * \param psk The pointer to the pre-shared key. * \param psk_len The length of the pre-shared key in bytes. @@ -2769,6 +2779,9 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, * \note This should only be called inside the PSK callback, * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). * + * \note An opaque PSK set by this function takes precedence over an + * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque(). + * * \param ssl The SSL context to configure a PSK for. * \param psk The identifier of the key slot holding the PSK. * For the duration of the current handshake, the key slot @@ -2807,9 +2820,14 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, * on the SSL context to set the correct PSK and return \c 0. * Any other return value will result in a denied PSK identity. * - * \note If you set a PSK callback using this function, then you - * don't need to set a PSK key and identity using - * \c mbedtls_ssl_conf_psk(). + * \note A dynamic PSK (i.e. set by the PSK callback) takes + * precedence over a static PSK (i.e. set by + * \c mbedtls_ssl_conf_psk() or + * \c mbedtls_ssl_conf_psk_opaque()). + * This means that if you set a PSK callback using this + * function, you don't need to set a PSK using + * \c mbedtls_ssl_conf_psk() or + * \c mbedtls_ssl_conf_psk_opaque()). * * \param conf The SSL configuration to register the callback with. * \param f_psk The callback for selecting and setting the PSK based From d511ac34193eb10ef400a0ec9b4c4c4230062b38 Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Wed, 25 Mar 2020 17:06:37 +0000 Subject: [PATCH 032/138] Define internal PSK getter Signed-off-by: Guilhem Bryant --- include/mbedtls/ssl_internal.h | 53 +++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9ff61fd3cd85..ed852e8dd0aa 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -921,7 +921,58 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); -#endif + +/* + * Get the first defined PSK by order of precedence: + * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback + * 2. static PSK configured by \c mbedtls_ssl_conf_psk() + * Return a code and update the pair (PSK, PSK length) passed to this function + */ +static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, + const unsigned char **psk, size_t *psk_len ) +{ + if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 ) + { + *psk = ssl->handshake->psk; + *psk_len = ssl->handshake->psk_len; + } + + else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 ) + { + *psk = ssl->conf->psk; + *psk_len = ssl->conf->psk_len; + } + + else + { + return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + } + + return( 0 ); +} + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* + * Get the first defined opaque PSK by order of precedence: + * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK + * callback + * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() + * Return an opaque PSK + */ +static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( + const mbedtls_ssl_context *ssl ) +{ + if( ssl->handshake->psk_opaque != 0 ) + return( ssl->handshake->psk_opaque ); + + if( ssl->conf->psk_opaque != 0 ) + return( ssl->conf->psk_opaque ); + + return( 0 ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); From c5285d8c40119ed3f518ac4b0820c64851561d4d Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Wed, 25 Mar 2020 17:08:15 +0000 Subject: [PATCH 033/138] Use internal PSK getter Signed-off-by: Guilhem Bryant --- library/ssl_tls.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 990fa5c0c115..4abf02a20844 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1514,9 +1514,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); - psk = ssl->conf->psk_opaque; - if( handshake->psk_opaque != 0 ) - psk = handshake->psk_opaque; + psk = mbedtls_ssl_get_opaque_psk( ssl ); if( hash_alg == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); @@ -1850,15 +1848,16 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch { unsigned char *p = ssl->handshake->premaster; unsigned char *end = p + sizeof( ssl->handshake->premaster ); - const unsigned char *psk = ssl->conf->psk; - size_t psk_len = ssl->conf->psk_len; + const unsigned char *psk; + size_t psk_len; - /* If the psk callback was called, use its result */ - if( ssl->handshake->psk != NULL ) - { - psk = ssl->handshake->psk; - psk_len = ssl->handshake->psk_len; - } + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + /* + * This should never happen because the existence of a PSK is always + * checked before calling this function + */ + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* * PMS = struct { From 27a1facd486dc178a1c2e597ccb006b7ccc30258 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Mar 2020 16:34:18 +0100 Subject: [PATCH 034/138] Factor out list_files_to_merge No behavior changes. Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index a3f7201679d3..adea8bd4bcf9 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -260,6 +260,15 @@ def remove_merged_entries(files_to_remove): for filename in files_to_remove: os.remove(filename) +def list_files_to_merge(options): + """List the entry files to merge, oldest first. + + A file is considered older if it was merged earlier. See + `FileMergeTimestamp` for details. + """ + files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) + return files_to_merge + def merge_entries(options): """Merge changelog entries into the changelog file. @@ -270,7 +279,7 @@ def merge_entries(options): """ with open(options.input, 'rb') as input_file: changelog = ChangeLog(input_file) - files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) + files_to_merge = list_files_to_merge(options) if not files_to_merge: sys.stderr.write('There are no pending changelog entries.\n') return From 8f46bbf46f3387fa93dd69040d039ad5cdc1ed4b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Mar 2020 16:34:43 +0100 Subject: [PATCH 035/138] Sort changelog entries by their merge date Changelog entry files were listed in reverse alphabetical order of the file name, by happenstance. Now, changelog entry files are listed in the order in which the changes were merged. More precisely: look for the git commit where the entry file was created, and look where this commit was merged into the current branch. List older merges first. List never-merged commits in date order after all the merged ones. List never-committed files in file timestamp order after all the committed ones. Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 129 ++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index adea8bd4bcf9..928f73bf7f77 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -26,9 +26,12 @@ import argparse from collections import OrderedDict +import datetime +import functools import glob import os import re +import subprocess import sys class InputFormatError(Exception): @@ -219,6 +222,115 @@ def write(self, filename): for line in self.trailer: out.write(line) + +@functools.total_ordering +class FileMergeTimestamp: + """A timestamp indicating when a file was merged. + + If file1 was merged before file2, then + FileMergeTimestamp(file1) <= FileMergeTimestamp(file2). + """ + + # Categories of files. A lower number is considered older. + MERGED = 0 + COMMITTED = 1 + LOCAL = 2 + + @staticmethod + def creation_hash(filename): + """Return the git commit id at which the given file was created. + + Return None if the file was never checked into git. + """ + hashes = subprocess.check_output(['git', 'log', '--format=%H', '--', filename]) + if not hashes: + # The file was never checked in. + return None + hashes = hashes.rstrip(b'\n') + last_hash = hashes[hashes.rfind(b'\n')+1:] + return last_hash + + @staticmethod + def list_merges(some_hash, target, *options): + """List merge commits from some_hash to target. + + Pass options to git to select which commits are included. + """ + text = subprocess.check_output(['git', 'rev-list', + '--merges', *options, + b'..'.join([some_hash, target])]) + return text.rstrip(b'\n').split(b'\n') + + @classmethod + def merge_hash(cls, some_hash): + """Return the git commit id at which the given commit was merged. + + Return None if the given commit was never merged. + """ + target = b'HEAD' + # List the merges from some_hash to the target in two ways. + # The ancestry list is the ones that are both descendants of + # some_hash and ancestors of the target. + ancestry = frozenset(cls.list_merges(some_hash, target, + '--ancestry-path')) + # The first_parents list only contains merges that are directly + # on the target branch. We want it in reverse order (oldest first). + first_parents = cls.list_merges(some_hash, target, + '--first-parent', '--reverse') + # Look for the oldest merge commit that's both on the direct path + # and directly on the target branch. That's the place where some_hash + # was merged on the target branch. See + # https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit + for commit in first_parents: + if commit in ancestry: + return commit + return None + + @staticmethod + def commit_timestamp(commit_id): + """Return the timestamp of the given commit.""" + text = subprocess.check_output(['git', 'show', '-s', + '--format=%ct', + commit_id]) + return datetime.datetime.utcfromtimestamp(int(text)) + + @staticmethod + def file_timestamp(filename): + """Return the modification timestamp of the given file.""" + mtime = os.stat(filename).st_mtime + return datetime.datetime.fromtimestamp(mtime) + + def __init__(self, filename): + """Determine the timestamp at which the file was merged.""" + self.filename = filename + creation_hash = self.creation_hash(filename) + if not creation_hash: + self.category = self.LOCAL + self.datetime = self.file_timestamp(filename) + return + merge_hash = self.merge_hash(creation_hash) + if not merge_hash: + self.category = self.COMMITTED + self.datetime = self.commit_timestamp(creation_hash) + return + self.category = self.MERGED + self.datetime = self.commit_timestamp(merge_hash) + + def sort_key(self): + """"Return a sort key for this merge timestamp object. + + ts1.sort_key() < ts2.sort_key() if and only if ts1 is + considered to be older than ts2. + """ + return (self.category, self.datetime, self.filename) + + def __eq__(self, other): + return self.sort_key() == other.sort_key() + + def __lt__(self, other): + return self.sort_key() < other.sort_key() + + def check_output(generated_output_file, main_input_file, merged_files): """Make sanity checks on the generated output. @@ -267,6 +379,7 @@ def list_files_to_merge(options): `FileMergeTimestamp` for details. """ files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) + files_to_merge.sort(key=lambda f: FileMergeTimestamp(f).sort_key()) return files_to_merge def merge_entries(options): @@ -290,6 +403,16 @@ def merge_entries(options): if not options.keep_entries: remove_merged_entries(files_to_merge) +def show_file_timestamps(options): + """List the files to merge and their timestamp. + + This is only intended for debugging purposes. + """ + files = list_files_to_merge(options) + for filename in files: + ts = FileMergeTimestamp(filename) + print(ts.category, ts.datetime, filename) + def set_defaults(options): """Add default values for missing options.""" output_file = getattr(options, 'output', None) @@ -320,8 +443,14 @@ def main(): parser.add_argument('--output', '-o', metavar='FILE', help='Output changelog file' ' (default: overwrite the input)') + parser.add_argument('--list-files-only', + action='store_true', + help='Only list the files that would be processed (with some debugging information)') options = parser.parse_args() set_defaults(options) + if options.list_files_only: + show_file_timestamps(options) + return merge_entries(options) if __name__ == '__main__': From 98911cdd3ae9d99c6d23b9045edb1f355476df46 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 26 Mar 2020 07:18:42 -0400 Subject: [PATCH 036/138] makefile: remove unneeded priority dependency from library makefile This change was first introduced in 8af3923 - see this commit for more background. After the removal of crypto directory, there are no targets that require a crypto library with the directory prefix, so there's also no need for the priority dependency to be declared. This commit removes it. Signed-off-by: Andrzej Kurek --- library/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/Makefile b/library/Makefile index 92799d904b1e..f9cd468a5fc4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -201,8 +201,6 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " LD $@" $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) -libmbedcrypto.$(DLEXT): | libmbedcrypto.a - .c.o: echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< From 82194c888d1b0c6471b333d91f764ff8da5d045f Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Thu, 26 Mar 2020 17:04:31 +0000 Subject: [PATCH 037/138] Fix bracketing style in ssl_tls.c Signed-off-by: Guilhem Bryant --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4abf02a20844..8dbae7aaa59e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1857,7 +1857,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * This should never happen because the existence of a PSK is always * checked before calling this function */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); /* * PMS = struct { From 28af958ea4299eea9e0e3a112f04fcf7e8fc7049 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Mar 2020 22:39:18 +0100 Subject: [PATCH 038/138] Documentation improvements Document that git is needed. Be clearer about the entry sort key being an entry sort key, not just a merge order. Be clearer about what "merge order" means. Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 47 +++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 928f73bf7f77..ea91578c9382 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -5,6 +5,17 @@ Add changelog entries to the first level-2 section. Create a new level-2 section for unreleased changes if needed. Remove the input files unless --keep-entries is specified. + +In each level-3 section, entries are sorted in chronological order +(oldest first). From oldest to newest: +* Merged entry files are sorted according to their merge date (date of + the merge commit that brought the commit that created the file into + the target branch). +* Committed but unmerged entry files are sorted according to the date + of the commit that adds them. +* Uncommitted entry files are sorted according to their modification time. + +You must run this program from within a git working directory. """ # Copyright (C) 2019, Arm Limited, All Rights Reserved @@ -224,11 +235,18 @@ def write(self, filename): @functools.total_ordering -class FileMergeTimestamp: - """A timestamp indicating when a file was merged. - - If file1 was merged before file2, then - FileMergeTimestamp(file1) <= FileMergeTimestamp(file2). +class EntryFileSortKey: + """This classes defines an ordering on changelog entry files: older < newer. + + * Merged entry files are sorted according to their merge date (date of + the merge commit that brought the commit that created the file into + the target branch). + * Committed but unmerged entry files are sorted according to the date + of the commit that adds them. + * Uncommitted entry files are sorted according to their modification time. + + This class assumes that the file is in a git working directory with + the target branch checked out. """ # Categories of files. A lower number is considered older. @@ -301,7 +319,12 @@ def file_timestamp(filename): return datetime.datetime.fromtimestamp(mtime) def __init__(self, filename): - """Determine the timestamp at which the file was merged.""" + """Determine position of the file in the changelog entry order. + + This constructor returns an object that can be used with comparison + operators, with `sort` and `sorted`, etc. Older entries are sorted + before newer entries. + """ self.filename = filename creation_hash = self.creation_hash(filename) if not creation_hash: @@ -317,10 +340,9 @@ def __init__(self, filename): self.datetime = self.commit_timestamp(merge_hash) def sort_key(self): - """"Return a sort key for this merge timestamp object. + """"Return a concrete sort key for this entry file sort key object. - ts1.sort_key() < ts2.sort_key() if and only if ts1 is - considered to be older than ts2. + ``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``. """ return (self.category, self.datetime, self.filename) @@ -375,11 +397,10 @@ def remove_merged_entries(files_to_remove): def list_files_to_merge(options): """List the entry files to merge, oldest first. - A file is considered older if it was merged earlier. See - `FileMergeTimestamp` for details. + "Oldest" is defined by `EntryFileSortKey`. """ files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) - files_to_merge.sort(key=lambda f: FileMergeTimestamp(f).sort_key()) + files_to_merge.sort(key=lambda f: EntryFileSortKey(f).sort_key()) return files_to_merge def merge_entries(options): @@ -410,7 +431,7 @@ def show_file_timestamps(options): """ files = list_files_to_merge(options) for filename in files: - ts = FileMergeTimestamp(filename) + ts = EntryFileSortKey(filename) print(ts.category, ts.datetime, filename) def set_defaults(options): From 7fa3eb7d44bd01beaeff145bc1f00a5af37e2751 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Mar 2020 22:41:32 +0100 Subject: [PATCH 039/138] Simplify sorting Calling sort_key explicitly is marginally faster, but less readable. Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index ea91578c9382..ebb056e4a9e1 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -400,7 +400,7 @@ def list_files_to_merge(options): "Oldest" is defined by `EntryFileSortKey`. """ files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) - files_to_merge.sort(key=lambda f: EntryFileSortKey(f).sort_key()) + files_to_merge.sort(key=EntryFileSortKey) return files_to_merge def merge_entries(options): From 13dc6342822bd4158f8dc4ed30bb2f88af2de356 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Mar 2020 22:46:47 +0100 Subject: [PATCH 040/138] Simplify the matching of the last line Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index ebb056e4a9e1..6eeea61243fc 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -261,12 +261,14 @@ def creation_hash(filename): Return None if the file was never checked into git. """ hashes = subprocess.check_output(['git', 'log', '--format=%H', '--', filename]) - if not hashes: - # The file was never checked in. + m = re.search(b'(.+)$', hashes) + if not m: + # The git output is empty. This means that the file was + # never checked in. return None - hashes = hashes.rstrip(b'\n') - last_hash = hashes[hashes.rfind(b'\n')+1:] - return last_hash + # The last commit in the log is the oldest one, which is when the + # file was created. + return m.group(0) @staticmethod def list_merges(some_hash, target, *options): From 98a53aa3990a6a7730bb15d27e215d3163485ac2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Mar 2020 22:47:07 +0100 Subject: [PATCH 041/138] Follow renames when looking for the creation of a file Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 6eeea61243fc..50e912881bce 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -260,7 +260,9 @@ def creation_hash(filename): Return None if the file was never checked into git. """ - hashes = subprocess.check_output(['git', 'log', '--format=%H', '--', filename]) + hashes = subprocess.check_output(['git', 'log', '--format=%H', + '--follow', + '--', filename]) m = re.search(b'(.+)$', hashes) if not m: # The git output is empty. This means that the file was From 42f384c186db02c0a96b9a0ae5c95df6eae92726 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 09:23:38 +0100 Subject: [PATCH 042/138] Mbed Crypto isn't a separate project anymore Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 50e912881bce..d8a6e4c1ae15 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -"""Assemble Mbed Crypto change log entries into the change log file. +"""Assemble Mbed TLS change log entries into the change log file. Add changelog entries to the first level-2 section. Create a new level-2 section for unreleased changes if needed. @@ -33,7 +33,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# This file is part of Mbed Crypto (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) import argparse from collections import OrderedDict @@ -70,7 +70,7 @@ def __init__(self, filename, line): ) class ChangeLog: - """An Mbed Crypto changelog. + """An Mbed TLS changelog. A changelog is a file in Markdown format. Each level 2 section title starts a version, and versions are sorted in reverse chronological From 824655c8379d87a3116d258e6fd65c06073b0b40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 11 Mar 2020 12:51:42 +0100 Subject: [PATCH 043/138] Fix lack of cookie check on hard reconnect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Section 4.2.8 of RFC 6347 describes how to handle the case of a DTLS client establishing a new connection using the same UDP quartet as an already active connection, which we implement under the compile option MBEDTLS_SSL_DLTS_CLIENT_PORT_REUSE. Relevant excerpts: [the server] MUST NOT destroy the existing association until the client has demonstrated reachability either by completing a cookie exchange or by completing a complete handshake including delivering a verifiable Finished message. [...] The reachability requirement prevents off-path/blind attackers from destroying associations merely by sending forged ClientHellos. Our code chooses to use a cookie exchange for establishing reachability, but unfortunately that check was effectively removed in a recent refactoring, which changed what value ssl_handle_possible_reconnect() needs to return in order for ssl_get_next_record() (introduced in that refactoring) to take the proper action. Unfortunately, in addition to changing the value, the refactoring also changed a return statement to an assignment to the ret variable, causing the function to reach the code for a valid cookie, which immediately destroys the existing association, effectively bypassing the cookie verification. This commit fixes that by immediately returning after sending a HelloVerifyRequest when a ClientHello without a valid cookie is found. It also updates the description of the function to reflect the new return value convention (the refactoring updated the code but not the documentation). The commit that changed the return value convention (and introduced the bug) is 2fddd3765ea998bb9f40b52dc1baaf843b9889bf, whose commit message explains the change. Note: this bug also indirectly caused the ssl-opt.sh test case "DTLS client reconnect from same port: reconnect" to occasionally fail due to a race condition between the reception of the ClientHello carrying a valid cookie and the closure of the connection by the server after noticing the ClientHello didn't carry a valid cookie after it incorrectly destroyed the previous connection, that could cause that ClientHello to be invisible to the server (if that message reaches the server just before it does `net_close()`). A welcome side effect of this commit is to remove that race condition, as the new connection will immediately start with a ClientHello carrying a valid cookie in the SSL input buffer, so the server will not call `net_close()` and not risk discarding a better ClientHello that arrived in the meantime. Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog | 8 ++++++++ library/ssl_msg.c | 13 +++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bcceebb7d5d9..917c521cc954 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,14 @@ New deprecations * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the SSL module for hardware acceleration of individual records. +Security + * Fix issue in DTLS handling of new associations with the same parameters + (RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to + the server could cause it to drop established associations with + legitimate clients, resulting in a Denial of Service. This could only + happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h + (which it is by default). + Bugfix * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18fa55574dea..a0009d95687b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3197,16 +3197,17 @@ static int ssl_check_dtls_clihlo_cookie( * that looks like a ClientHello. * * - if the input looks like a ClientHello without cookies, - * send back HelloVerifyRequest, then - * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED + * send back HelloVerifyRequest, then return 0 * - if the input looks like a ClientHello with a valid cookie, * reset the session of the current context, and * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * - if anything goes wrong, return a specific error code * - * mbedtls_ssl_read_record() will ignore the record if anything else than - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function - * cannot not return 0. + * This function is called (through ssl_check_client_reconnect()) when an + * unexpected record is found in ssl_get_next_record(), which will discard the + * record if we return 0, and bubble up the return value otherwise (this + * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected + * errors, and is the right thing to do in both cases). */ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) { @@ -3237,7 +3238,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); - ret = 0; + return( 0 ); } if( ret == 0 ) From baad2de6d81417234e3db7b4b66e2c4ca03444da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 13 Mar 2020 11:11:02 +0100 Subject: [PATCH 044/138] Add negative test for hard reconnect cookie check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The server must check client reachability (we chose to do that by checking a cookie) before destroying the existing association (RFC 6347 section 4.2.8). Let's make sure we do, by having a proxy-in-the-middle inject a ClientHello - the server should notice, but not destroy the connection. Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/udp_proxy.c | 54 +++++++++++++++++++++++++++++++++++++++ tests/ssl-opt.sh | 8 ++++++ 2 files changed, 62 insertions(+) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 979910e6bc8d..ae2cabee4a3a 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -133,6 +133,7 @@ int main( void ) " modifying CID in first instance of the packet.\n" \ " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ " protect_len=%%d default: (don't protect packets of this size)\n" \ + " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \ "\n" \ " seed=%%d default: (use current time)\n" \ USAGE_PACK \ @@ -166,6 +167,7 @@ static struct options unsigned bad_cid; /* inject corrupted CID record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ + int inject_clihlo; /* inject fake ClientHello after handshake */ unsigned pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ @@ -314,6 +316,12 @@ static void get_options( int argc, char *argv[] ) if( opt.protect_len < 0 ) exit_usage( p, q ); } + else if( strcmp( p, "inject_clihlo" ) == 0 ) + { + opt.inject_clihlo = atoi( q ); + if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 ) + exit_usage( p, q ); + } else if( strcmp( p, "seed" ) == 0 ) { opt.seed = atoi( q ); @@ -523,11 +531,40 @@ void print_packet( const packet *p, const char *why ) fflush( stdout ); } +/* + * In order to test the server's behaviour when receiving a ClientHello after + * the connection is established (this could be a hard reset from the client, + * but the server must not drop the existing connection before establishing + * client reachability, see RFC 6347 Section 4.2.8), we memorize the first + * ClientHello we see (which can't have a cookie), then replay it after the + * first ApplicationData record - then we're done. + * + * This is controlled by the inject_clihlo option. + * + * We want an explicit state and a place to store the packet. + */ +static enum { + ich_init, /* haven't seen the first ClientHello yet */ + ich_cached, /* cached the initial ClientHello */ + ich_injected, /* ClientHello already injected, done */ +} inject_clihlo_state; + +static packet initial_clihlo; + int send_packet( const packet *p, const char *why ) { int ret; mbedtls_net_context *dst = p->dst; + /* save initial ClientHello? */ + if( opt.inject_clihlo != 0 && + inject_clihlo_state == ich_init && + strcmp( p->type, "ClientHello" ) == 0 ) + { + memcpy( &initial_clihlo, p, sizeof( packet ) ); + inject_clihlo_state = ich_cached; + } + /* insert corrupted CID record? */ if( opt.bad_cid != 0 && strcmp( p->type, "CID" ) == 0 && @@ -592,6 +629,23 @@ int send_packet( const packet *p, const char *why ) } } + /* Inject ClientHello after first ApplicationData */ + if( opt.inject_clihlo != 0 && + inject_clihlo_state == ich_cached && + strcmp( p->type, "ApplicationData" ) == 0 ) + { + print_packet( &initial_clihlo, "injected" ); + + if( ( ret = dispatch_data( dst, initial_clihlo.buf, + initial_clihlo.len ) ) <= 0 ) + { + mbedtls_printf( " ! dispatch returned %d\n", ret ); + return( ret ); + } + + inject_clihlo_state = ich_injected; + } + return( 0 ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35f742f67784..23efedfdd295 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7318,6 +7318,14 @@ run_test "DTLS client reconnect from same port: no cookies" \ -s "The operation timed out" \ -S "Client initiated reconnection from same port" +run_test "DTLS client reconnect from same port: attacker-injected" \ + -p "$P_PXY inject_clihlo=1" \ + "$P_SRV dtls=1 exchanges=2 debug_level=1" \ + "$P_CLI dtls=1 exchanges=2" \ + 0 \ + -s "possible client reconnect from the same port" \ + -S "Client initiated reconnection from same port" + # Tests for various cases of client authentication with DTLS # (focused on handshake flows and message parsing) From b6929891d69033d34eed9c4f8fb69b59fb34ba88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 9 Sep 2019 11:14:37 +0200 Subject: [PATCH 045/138] Adjust timeout of tests with "no resend" assertions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are currently 4 tests in ssl-opt.sh with either -C "resend" or -S "resend", that is, asserting that no retransmission will occur. They sometimes fail on loaded CI machines as one side doesn't send a message fast enough, causing the other side to retransmit, causing the test to fail. (For the "reconnect" test there was an other issue causing random failures, fixed in a previous commit, but even after that fix the test would still sometimes randomly fail, even if much more rarely.) While it's a hard problem to fix in a general and perfect way, in practice the probability of failures can be drastically reduced by making the timeout values much larger. For some tests, where retransmissions are actually expected, this would have the negative effect of increasing the average running time of the test, as each side would wait for longer before it starts retransmission, so we have a trade-off between average running time and probability of spurious failures. But for tests where retransmission is not expected, there is no such trade-off as the expected running time of the test (assuming the code is correct most of the time) is not impacted by the timeout value. So the only negative effect of increasing the timeout value is on the worst-case running time on the test, which is much less important, as test should only fail quite rarely. This commit addresses the easy case of tests that don't expect retransmission by increasing the value of their timeout range to 10s-20s. This value corresponds to the value used for tests that assert `-S "autoreduction"` which are in the same case and where the current value seems acceptable so far. It also represents an increase, compared to the values before this commit, of a factor 20 for the "reconnect" tests which were frequently observed to fail in the CI, and of a factor 10 for the first two "DTLS proxy" tests, which were observed to fail much less frequently, so hopefully the new values are enough to reduce the probability of spurious failures to an acceptable level. Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23efedfdd295..9b6eee1529bb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7279,8 +7279,8 @@ run_test "DTLS cookie: enabled, nbio" \ not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reference" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ + "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ + "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 0 \ -C "resend" \ -S "The operation timed out" \ @@ -7288,8 +7288,8 @@ run_test "DTLS client reconnect from same port: reference" \ not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reconnect" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ + "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ + "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 0 \ -C "resend" \ -S "The operation timed out" \ @@ -8395,8 +8395,8 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: reference" \ -p "$P_PXY" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ + "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ + "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 0 \ -C "replayed record" \ -S "replayed record" \ @@ -8413,8 +8413,8 @@ run_test "DTLS proxy: reference" \ not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 0 \ -c "replayed record" \ -s "replayed record" \ From ac0f0860f17b319c8dd36052f8df5bda075274af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 10:56:45 +0100 Subject: [PATCH 046/138] Reformatting to pacify pylint Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index d8a6e4c1ae15..c868a6c7e322 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -310,11 +310,11 @@ def merge_hash(cls, some_hash): @staticmethod def commit_timestamp(commit_id): - """Return the timestamp of the given commit.""" - text = subprocess.check_output(['git', 'show', '-s', - '--format=%ct', - commit_id]) - return datetime.datetime.utcfromtimestamp(int(text)) + """Return the timestamp of the given commit.""" + text = subprocess.check_output(['git', 'show', '-s', + '--format=%ct', + commit_id]) + return datetime.datetime.utcfromtimestamp(int(text)) @staticmethod def file_timestamp(filename): @@ -470,7 +470,8 @@ def main(): ' (default: overwrite the input)') parser.add_argument('--list-files-only', action='store_true', - help='Only list the files that would be processed (with some debugging information)') + help=('Only list the files that would be processed' + '(with some debugging information)')) options = parser.parse_args() set_defaults(options) if options.list_files_only: From 61b0fe617e51877bb51a86d6e01b78db435029da Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Fri, 27 Mar 2020 11:12:12 +0000 Subject: [PATCH 047/138] Initialise psk_len in mbedtls_ssl_psk_derive_premaster() Signed-off-by: Guilhem Bryant --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8dbae7aaa59e..6dabd3409c53 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1849,7 +1849,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch unsigned char *p = ssl->handshake->premaster; unsigned char *end = p + sizeof( ssl->handshake->premaster ); const unsigned char *psk; - size_t psk_len; + size_t psk_len = 0; if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) From 8a69ddd7ad7eb17b8daf9a7b0352314183c54c96 Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Fri, 27 Mar 2020 11:13:39 +0000 Subject: [PATCH 048/138] Fix Doxygen comments Signed-off-by: Guilhem Bryant --- include/mbedtls/ssl_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index ed852e8dd0aa..fb8c23feea44 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -922,7 +922,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); -/* +/** * Get the first defined PSK by order of precedence: * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback * 2. static PSK configured by \c mbedtls_ssl_conf_psk() @@ -952,7 +952,7 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* +/** * Get the first defined opaque PSK by order of precedence: * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK * callback From 432e7023b17a907b3381545b6dc8d4837ee00d62 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 11 Apr 2019 18:56:18 +0100 Subject: [PATCH 049/138] Add additional sanity checks to check_config.h Additional sanity checks in check_config.h to ensure: * if test certificates are included (MBEDTLS_CERTS_C) there must be also be support for the core X509 feature (MBEDTLS_X509_USE_C). This has a secondary dependency on the public key abstraction layer (MBEDTLS_PK_C), necessary as the certificates will either be signed by RSA or ECDSA, and therefore need to be part of the library. * if any of the TLS protocols are defined (MBEDTLS_SSL_PROTO_xxx) then a key exchange method must also be defined (MBEDTLS_KEY_EXCHANGE_xxx). Anyone who knows the library will probably not make these mistakes or will quickly diagnose and fix them, but it is possible to compile and link both configurations if you build only the library and not the example programs, and therefore users may not realise immediately that there's a mistake, only discovering it at runtime. These checks may therefore save someone some time. Signed-off-by: Simon Butcher --- include/mbedtls/check_config.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d904d5a7a150..fa3caa7c41a2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -619,6 +619,23 @@ #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #endif +#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ + !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) +#error "One or more versions of the TLS protocol are enabled " \ + "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -763,6 +780,10 @@ #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C) +#error "MBEDTLS_CERTS_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) #error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" #endif From 3aa6405007c4ce209495952c067ff03c56a17661 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 27 Mar 2020 16:55:35 +0000 Subject: [PATCH 050/138] Correct comment on the configuration option in x509.c In x509.c, the self-test code is dependent on MBEDTLS_CERTS_C and MBEDTLS_SHA256_C being enabled. At some point in the recent past that dependency was on MBEDTLS_SHA1_C but changed to SHA256, but the comment wasn't updated. This commit updates the comment. Signed-off-by: Simon Butcher --- library/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index 7f8181be2733..c451332c2873 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1064,7 +1064,7 @@ int mbedtls_x509_self_test( int verbose ) mbedtls_x509_crt_free( &clicert ); #else ((void) verbose); -#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */ return( ret ); } From c68c7c8864fd5eaea891712c5a3455c87aae4d40 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:01:35 +0100 Subject: [PATCH 051/138] Add a missing space in help text Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index c868a6c7e322..af3fd71bee55 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -470,7 +470,7 @@ def main(): ' (default: overwrite the input)') parser.add_argument('--list-files-only', action='store_true', - help=('Only list the files that would be processed' + help=('Only list the files that would be processed ' '(with some debugging information)')) options = parser.parse_args() set_defaults(options) From 6e97c439592b51c4277328a3ef0e0f61ddccc059 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:05:18 +0100 Subject: [PATCH 052/138] Switch to the classic Mbed TLS ChangeLog format Instead of working with Markdown format, keep the classic Mbed TLS ChangeLog format, with the classic category names. Keep the classic file name as well. This way there's no risk of breaking third-party scripts that may copy or even parse the changelog file. Accordingly, expect ChangeLog/*.txt files instead of ChangeLog/*.md. This commit completely rewrites the parsing and output code. This commit systematically appends to the existing top version. A subsequent commit will restore the capability of creating a new version. Signed-off-by: Gilles Peskine --- ChangeLog.d/README | 18 ++- scripts/assemble_changelog.py | 263 ++++++++++++++++++---------------- 2 files changed, 145 insertions(+), 136 deletions(-) diff --git a/ChangeLog.d/README b/ChangeLog.d/README index 2f9f049f94c4..6e8e309891c2 100644 --- a/ChangeLog.d/README +++ b/ChangeLog.d/README @@ -1,19 +1,17 @@ This directory contains changelog entries that have not yet been merged -to the changelog file (../ChangeLog.md). +to the changelog file (../ChangeLog). -A changelog entry file must have the extension *.md and must have the +A changelog entry file must have the extension *.txt and must have the following format: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -### Section title +Security + * Change description. + * Another change description. -* Change descritpion. -* Another change description. - -### Another section title - -* Yet another change description. -* Yet again another change description. +Features + * Yet another change description. + * Yet again another change description. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index af3fd71bee55..ba4a01d56c85 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -36,7 +36,7 @@ # This file is part of Mbed TLS (https://tls.mbed.org) import argparse -from collections import OrderedDict +from collections import OrderedDict, namedtuple import datetime import functools import glob @@ -56,46 +56,116 @@ def __init__(self, filename, line): message = ('Lost content from {}: "{}"'.format(filename, line)) super().__init__(message) -STANDARD_SECTIONS = ( - b'Interface changes', +STANDARD_CATEGORIES = ( + b'API changes', b'Default behavior changes', b'Requirement changes', b'New deprecations', b'Removals', - b'New features', + b'Features', b'Security', - b'Bug fixes', - b'Performance improvements', - b'Other changes', + b'Bugfix', + b'Changes', ) -class ChangeLog: - """An Mbed TLS changelog. +CategoryContent = namedtuple('CategoryContent', [ + 'name', 'title_line', # Title text and line number of the title + 'body', 'body_line', # Body text and starting line number of the body +]) - A changelog is a file in Markdown format. Each level 2 section title - starts a version, and versions are sorted in reverse chronological - order. Lines with a level 2 section title must start with '##'. +class ChangelogFormat: + """Virtual class documenting how to write a changelog format class.""" - Within a version, there are multiple sections, each devoted to a kind - of change: bug fix, feature request, etc. Section titles should match - entries in STANDARD_SECTIONS exactly. + @classmethod + def extract_top_version(cls, changelog_file_content): + """Split out the top version section. - Within each section, each separate change should be on a line starting - with a '*' bullet. There may be blank lines surrounding titles, but - there should not be any blank line inside a section. - """ + Return ``(header, top_version_title, top_version_body, trailer)`` + where ``changelog_file_content == header + top_version_title + + top_version_body + trailer``. + """ + raise NotImplementedError + + @classmethod + def version_title_text(cls, version_title): + """Return the text of a formatted version section title.""" + raise NotImplementedError - _title_re = re.compile(br'#*') - def title_level(self, line): - """Determine whether the line is a title. + @classmethod + def split_categories(cls, version_body): + """Split a changelog version section body into categories. - Return (level, content) where level is the Markdown section level - (1 for '#', 2 for '##', etc.) and content is the section title - without leading or trailing whitespace. For a non-title line, - the level is 0. + Return a list of `CategoryContent` the name is category title + without any formatting. """ - level = re.match(self._title_re, line).end() - return level, line[level:].strip() + raise NotImplementedError + + @classmethod + def format_category(cls, title, body): + """Construct the text of a category section from its title and body.""" + raise NotImplementedError + +class TextChangelogFormat(ChangelogFormat): + """The traditional Mbed TLS changelog format.""" + + _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', + re.DOTALL) + @classmethod + def extract_top_version(cls, changelog_file_content): + """A version section starts with a line starting with '='.""" + m = re.search(cls._top_version_re, changelog_file_content) + top_version_start = m.start(1) + top_version_end = m.end(2) + return (changelog_file_content[:top_version_start], + m.group(1), m.group(2), + changelog_file_content[top_version_end:]) + + @classmethod + def version_title_text(cls, version_title): + return re.sub(br'\n.*', version_title, re.DOTALL) + + _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE) + @classmethod + def split_categories(cls, version_body): + """A category title is a line with the title in column 0.""" + title_matches = list(re.finditer(cls._category_title_re, version_body)) + if not title_matches: + return [] + title_starts = [m.start(1) for m in title_matches] + body_starts = [m.end(0) for m in title_matches] + body_ends = title_starts[1:] + [len(version_body)] + bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n' + for (body_start, body_end) in zip(body_starts, body_ends)] + title_lines = [version_body[:pos].count(b'\n') for pos in title_starts] + body_lines = [version_body[:pos].count(b'\n') for pos in body_starts] + return [CategoryContent(title_match.group(1), title_line, + body, body_line) + for title_match, title_line, body, body_line + in zip(title_matches, title_lines, bodies, body_lines)] + + @classmethod + def format_category(cls, title, body): + # `split_categories` ensures that each body ends with a newline. + # Make sure that there is additionally a blank line between categories. + if not body.endswith(b'\n\n'): + body += b'\n' + return title + b'\n' + body + +class ChangeLog: + """An Mbed TLS changelog. + + A changelog file consists of some header text followed by one or + more version sections. The version sections are in reverse + chronological order. Each version section consists of a title and a body. + + The body of a version section consists of zero or more category + subsections. Each category subsection consists of a title and a body. + + A changelog entry file has the same format as the body of a version section. + + A `ChangelogFormat` object defines the concrete syntax of the changelog. + Entry files must have the same format as the changelog file. + """ # Only accept dotted version numbers (e.g. "3.1", not "3"). # Refuse ".x" in a version number where x is a letter: this indicates @@ -124,114 +194,55 @@ def unreleased_version_title(self): # pylint: disable=no-self-use; this method may be overridden return b'Unreleased changes' - def __init__(self, input_stream): + def add_categories_from_text(self, filename, line_offset, + text, allow_unknown_category): + """Parse a version section or entry file.""" + categories = self.format.split_categories(text) + for category in categories: + if not allow_unknown_category and \ + category.name not in self.categories: + raise InputFormatError(filename, + line_offset + category.title_line, + 'Unknown category: "{}"', + category.name.decode('utf8')) + self.categories[category.name] += category.body + + def __init__(self, input_stream, changelog_format): """Create a changelog object. Populate the changelog object from the content of the file - input_stream. This is typically a file opened for reading, but - can be any generator returning the lines to read. - """ - # Content before the level-2 section where the new entries are to be - # added. - self.header = [] - # Content of the level-3 sections of where the new entries are to - # be added. - self.section_content = OrderedDict() - for section in STANDARD_SECTIONS: - self.section_content[section] = [] - # Content of level-2 sections for already-released versions. - self.trailer = [] - self.read_main_file(input_stream) - - def read_main_file(self, input_stream): - """Populate the changelog object from the content of the file. - - This method is only intended to be called as part of the constructor - of the class and may not act sensibly on an object that is already - partially populated. + input_stream. """ - # Parse the first level-2 section, containing changelog entries - # for unreleased changes. - # If we'll be expanding this section, everything before the first - # level-3 section title ("###...") following the first level-2 - # section title ("##...") is passed through as the header - # and everything after the second level-2 section title is passed - # through as the trailer. Inside the first level-2 section, - # split out the level-3 sections. - # If we'll be creating a new version, the header is everything - # before the point where we want to add the level-2 section - # for this version, and the trailer is what follows. - level_2_seen = 0 - current_section = None - for line in input_stream: - level, content = self.title_level(line) - if level == 2: - level_2_seen += 1 - if level_2_seen == 1: - if self.section_is_released_version(content): - self.header.append(b'## ' + - self.unreleased_version_title() + - b'\n\n') - level_2_seen = 2 - elif level == 3 and level_2_seen == 1: - current_section = content - self.section_content.setdefault(content, []) - if level_2_seen == 1 and current_section is not None: - if level != 3 and line.strip(): - self.section_content[current_section].append(line) - elif level_2_seen <= 1: - self.header.append(line) - else: - self.trailer.append(line) + self.format = changelog_format + whole_file = input_stream.read() + (self.header, + self.top_version_title, top_version_body, + self.trailer) = self.format.extract_top_version(whole_file) + # Split the top version section into categories. + self.categories = OrderedDict() + for category in STANDARD_CATEGORIES: + self.categories[category] = b'' + offset = (self.header + self.top_version_title).count(b'\n') + self.add_categories_from_text(input_stream.name, offset, + top_version_body, True) def add_file(self, input_stream): """Add changelog entries from a file. - - Read lines from input_stream, which is typically a file opened - for reading. These lines must contain a series of level 3 - Markdown sections with recognized titles. The corresponding - content is injected into the respective sections in the changelog. - The section titles must be either one of the hard-coded values - in STANDARD_SECTIONS in assemble_changelog.py or already present - in ChangeLog.md. Section titles must match byte-for-byte except that - leading or trailing whitespace is ignored. """ - filename = input_stream.name - current_section = None - for line_number, line in enumerate(input_stream, 1): - if not line.strip(): - continue - level, content = self.title_level(line) - if level == 3: - current_section = content - if current_section not in self.section_content: - raise InputFormatError(filename, line_number, - 'Section {} is not recognized', - str(current_section)[1:]) - elif level == 0: - if current_section is None: - raise InputFormatError(filename, line_number, - 'Missing section title at the beginning of the file') - self.section_content[current_section].append(line) - else: - raise InputFormatError(filename, line_number, - 'Only level 3 headers (###) are permitted') + self.add_categories_from_text(input_stream.name, 0, + input_stream.read(), False) def write(self, filename): """Write the changelog to the specified file. """ with open(filename, 'wb') as out: - for line in self.header: - out.write(line) - for section, lines in self.section_content.items(): - if not lines: + out.write(self.header) + out.write(self.top_version_title) + for title, body in self.categories.items(): + if not body: continue - out.write(b'### ' + section + b'\n\n') - for line in lines: - out.write(line) - out.write(b'\n') - for line in self.trailer: - out.write(line) + out.write(self.format.format_category(title, body)) + out.write(self.trailer) @functools.total_ordering @@ -403,7 +414,7 @@ def list_files_to_merge(options): "Oldest" is defined by `EntryFileSortKey`. """ - files_to_merge = glob.glob(os.path.join(options.dir, '*.md')) + files_to_merge = glob.glob(os.path.join(options.dir, '*.txt')) files_to_merge.sort(key=EntryFileSortKey) return files_to_merge @@ -416,7 +427,7 @@ def merge_entries(options): Remove the merged entries if options.keep_entries is false. """ with open(options.input, 'rb') as input_file: - changelog = ChangeLog(input_file) + changelog = ChangeLog(input_file, TextChangelogFormat) files_to_merge = list_files_to_merge(options) if not files_to_merge: sys.stderr.write('There are no pending changelog entries.\n') @@ -454,9 +465,9 @@ def main(): help='Directory to read entries from' ' (default: ChangeLog.d)') parser.add_argument('--input', '-i', metavar='FILE', - default='ChangeLog.md', + default='ChangeLog', help='Existing changelog file to read from and augment' - ' (default: ChangeLog.md)') + ' (default: ChangeLog)') parser.add_argument('--keep-entries', action='store_true', dest='keep_entries', default=None, help='Keep the files containing entries' From eebf24f7a8d138f656b8cd1f724bfc73d2c4f033 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:25:38 +0100 Subject: [PATCH 053/138] Create a new version section if the top version has a release date Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 38 +++++++++++++++-------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index ba4a01d56c85..9afe3db08c76 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -83,6 +83,9 @@ def extract_top_version(cls, changelog_file_content): Return ``(header, top_version_title, top_version_body, trailer)`` where ``changelog_file_content == header + top_version_title + top_version_body + trailer``. + + If the top version is already released, create a new top + version section for an unreleased version. """ raise NotImplementedError @@ -108,6 +111,12 @@ def format_category(cls, title, body): class TextChangelogFormat(ChangelogFormat): """The traditional Mbed TLS changelog format.""" + _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx' + @classmethod + def is_released_version(cls, title): + # Look for an incomplete release date + return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title) + _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', re.DOTALL) @classmethod @@ -116,8 +125,14 @@ def extract_top_version(cls, changelog_file_content): m = re.search(cls._top_version_re, changelog_file_content) top_version_start = m.start(1) top_version_end = m.end(2) + top_version_title = m.group(1) + top_version_body = m.group(2) + if cls.is_released_version(top_version_title): + top_version_end = top_version_start + top_version_title = cls._unreleased_version_text + b'\n\n' + top_version_body = b'' return (changelog_file_content[:top_version_start], - m.group(1), m.group(2), + top_version_title, top_version_body, changelog_file_content[top_version_end:]) @classmethod @@ -173,27 +188,6 @@ class ChangeLog: _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') - def section_is_released_version(self, title): - """Whether this section is for a released version. - - True if the given level-2 section title indicates that this section - contains released changes, otherwise False. - """ - # Assume that a released version has a numerical version number - # that follows a particular pattern. These criteria may be revised - # as needed in future versions of this script. - version_number = re.search(self._version_number_re, title) - if version_number: - return not re.search(self._incomplete_version_number_re, - version_number.group(0)) - else: - return False - - def unreleased_version_title(self): - """The title to use if creating a new section for an unreleased version.""" - # pylint: disable=no-self-use; this method may be overridden - return b'Unreleased changes' - def add_categories_from_text(self, filename, line_offset, text, allow_unknown_category): """Parse a version section or entry file.""" From e248e83f9f23ffe07bc54579522bf3182018b68f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:42:38 +0100 Subject: [PATCH 054/138] Start numbering lines at 1 Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 9afe3db08c76..04409ee9f58e 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -216,14 +216,14 @@ def __init__(self, input_stream, changelog_format): self.categories = OrderedDict() for category in STANDARD_CATEGORIES: self.categories[category] = b'' - offset = (self.header + self.top_version_title).count(b'\n') + offset = (self.header + self.top_version_title).count(b'\n') + 1 self.add_categories_from_text(input_stream.name, offset, top_version_body, True) def add_file(self, input_stream): """Add changelog entries from a file. """ - self.add_categories_from_text(input_stream.name, 0, + self.add_categories_from_text(input_stream.name, 1, input_stream.read(), False) def write(self, filename): From 4d977a4f4011be14b52330b7224d5b8cf88dc85a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:42:50 +0100 Subject: [PATCH 055/138] Complain if there is junk before the first category title Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 04409ee9f58e..57440bbb3214 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -51,6 +51,12 @@ def __init__(self, filename, line_number, message, *args, **kwargs): message.format(*args, **kwargs)) super().__init__(message) +class CategoryParseError(Exception): + def __init__(self, line_offset, error_message): + self.line_offset = line_offset + self.error_message = error_message + super().__init__('{}: {}'.format(line_offset, error_message)) + class LostContent(Exception): def __init__(self, filename, line): message = ('Lost content from {}: "{}"'.format(filename, line)) @@ -143,9 +149,12 @@ def version_title_text(cls, version_title): @classmethod def split_categories(cls, version_body): """A category title is a line with the title in column 0.""" - title_matches = list(re.finditer(cls._category_title_re, version_body)) - if not title_matches: + if not version_body: return [] + title_matches = list(re.finditer(cls._category_title_re, version_body)) + if not title_matches or title_matches[0].start() != 0: + # There is junk before the first category. + raise CategoryParseError(0, 'Junk found where category expected') title_starts = [m.start(1) for m in title_matches] body_starts = [m.end(0) for m in title_matches] body_ends = title_starts[1:] + [len(version_body)] @@ -191,7 +200,11 @@ class ChangeLog: def add_categories_from_text(self, filename, line_offset, text, allow_unknown_category): """Parse a version section or entry file.""" - categories = self.format.split_categories(text) + try: + categories = self.format.split_categories(text) + except CategoryParseError as e: + raise InputFormatError(filename, line_offset + e.line_offset, + e.error_message) for category in categories: if not allow_unknown_category and \ category.name not in self.categories: From 7c3f7cdeae991733573ed2ab81a213f0784cd9cb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 19:47:35 +0100 Subject: [PATCH 056/138] Convert ChangeLog.d/README to markdown Signed-off-by: Gilles Peskine --- ChangeLog.d/{README => 00README.md} | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) rename ChangeLog.d/{README => 00README.md} (59%) diff --git a/ChangeLog.d/README b/ChangeLog.d/00README.md similarity index 59% rename from ChangeLog.d/README rename to ChangeLog.d/00README.md index 6e8e309891c2..774460d6bb63 100644 --- a/ChangeLog.d/README +++ b/ChangeLog.d/00README.md @@ -1,7 +1,7 @@ This directory contains changelog entries that have not yet been merged -to the changelog file (../ChangeLog). +to the changelog file ([`../ChangeLog`](../ChangeLog)). -A changelog entry file must have the extension *.txt and must have the +A changelog entry file must have the extension `*.txt` and must have the following format: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -15,5 +15,6 @@ Features ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -See STANDARD_SECTIONS in ../scripts/assemble_changelog.py for -recognized section titles. +See `STANDARD_CATEGORIES` in +[`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py) +for recognized section titles. From b695d5e30a87a8d574ad21393a037710396f27d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Mar 2020 20:06:12 +0100 Subject: [PATCH 057/138] Add guidance on writing and maintaining changelog entries Signed-off-by: Gilles Peskine --- ChangeLog.d/00README.md | 55 ++++++++++++++++++++++++++++++++--- scripts/assemble_changelog.py | 2 ++ 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index 774460d6bb63..b559e2336cbe 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -1,6 +1,10 @@ +# Pending changelog entry directory + This directory contains changelog entries that have not yet been merged to the changelog file ([`../ChangeLog`](../ChangeLog)). +## Changelog entry file format + A changelog entry file must have the extension `*.txt` and must have the following format: @@ -10,11 +14,54 @@ Security * Another change description. Features - * Yet another change description. + * Yet another change description. This is a long change description that + spans multiple lines. * Yet again another change description. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -See `STANDARD_CATEGORIES` in -[`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py) -for recognized section titles. +The permitted changelog entry categories are as follows: + + + API changes + Default behavior changes + Requirement changes + New deprecations + Removals + Features + Security + Bugfix + Changes + +Use “Changes” for anything that doesn't fit in the other categories, such as +performance, documentation and test improvements. + +## How to write a changelog entry + +Each entry starts with three spaces, an asterisk and a space. Continuation +lines start with 5 spaces. Lines wrap at 79 characters. + +Write full English sentences with proper capitalization and punctuation. Use +the present tense. Use the imperative where applicable. For example: “Fix a +bug in mbedtls_xxx() ….” + +Include GitHub issue numbers where relevant. Use the format “#1234” for an +Mbed TLS issue. Add other external references such as CVE numbers where +applicable. + +Credit the author of the contribution if the contribution is not a member of +the Mbed TLS development team. Also credit bug reporters where applicable. + +**Explain why, not how**. Remember that the audience is the users of the +library, not its developers. In particular, for a bug fix, explain the +consequences of the bug, not how the bug was fixed. For a new feature, explain +why one might be interested in the feature. For an API change or a deprecation, +explain how to update existing applications. + +See [existing entries](../ChangeLog) for examples. + +## How `ChangeLog` is updated + +Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py) +from a Git working copy +to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file. diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 57440bbb3214..d11e2e8ba538 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -62,6 +62,8 @@ def __init__(self, filename, line): message = ('Lost content from {}: "{}"'.format(filename, line)) super().__init__(message) +# The category names we use in the changelog. +# If you edit this, update ChangeLog.d/README.md. STANDARD_CATEGORIES = ( b'API changes', b'Default behavior changes', From dba4de0a1294d14840ccfc812799ef6b63725935 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Mar 2020 11:37:26 +0200 Subject: [PATCH 058/138] Clarify extract_top_version when creating a new section Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index d11e2e8ba538..ffa3f161b8ec 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -88,12 +88,14 @@ class ChangelogFormat: def extract_top_version(cls, changelog_file_content): """Split out the top version section. - Return ``(header, top_version_title, top_version_body, trailer)`` - where ``changelog_file_content == header + top_version_title + - top_version_body + trailer``. - If the top version is already released, create a new top version section for an unreleased version. + + Return ``(header, top_version_title, top_version_body, trailer)`` + where the "top version" is the existing top version section if it's + for unreleased changes, and a newly created section otherwise. + To assemble the changelog after modifying top_version_body, + concatenate the four pieces. """ raise NotImplementedError From 06725c985f55fd4d8b96ad3de8759b40abe9f0eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Mar 2020 21:39:09 +0200 Subject: [PATCH 059/138] Fix intermittent crash in test suites with outcome file enabled Fix an intermittent crash when running test suites in non-verbose mode (i.e. with -v off) and with the outcome file enabled. The array unmet_dependencies was only filled in verbose mode, but was used in write_outcome_result regardless. Since unmet_dependencies only ever contains strings that are integers written out in decimal, store the integer instead. Do this unconditionally since it doesn't cost any extra memory. It would be better to record the dependency names, both in the verbose output and in the outcome file. But the dependency names are not currently available at runtime. Signed-off-by: Gilles Peskine --- tests/suites/host_test.function | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 646734081c4e..1069c2415c46 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -425,7 +425,7 @@ static void write_outcome_entry( FILE *outcome_file, */ static void write_outcome_result( FILE *outcome_file, size_t unmet_dep_count, - char *unmet_dependencies[], + int unmet_dependencies[], int ret, const test_info_t *info ) { @@ -443,7 +443,7 @@ static void write_outcome_result( FILE *outcome_file, mbedtls_fprintf( outcome_file, "SKIP" ); for( i = 0; i < unmet_dep_count; i++ ) { - mbedtls_fprintf( outcome_file, "%c%s", + mbedtls_fprintf( outcome_file, "%c%d", i == 0 ? ';' : ':', unmet_dependencies[i] ); } @@ -598,7 +598,7 @@ int execute_tests( int argc , const char ** argv ) testfile_index++ ) { size_t unmet_dep_count = 0; - char *unmet_dependencies[20]; + int unmet_dependencies[20]; test_filename = test_files[ testfile_index ]; @@ -647,19 +647,7 @@ int execute_tests( int argc , const char ** argv ) int dep_id = strtol( params[i], NULL, 10 ); if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED ) { - if( 0 == option_verbose ) - { - /* Only one count is needed if not verbose */ - unmet_dep_count++; - break; - } - - unmet_dependencies[ unmet_dep_count ] = strdup( params[i] ); - if( unmet_dependencies[ unmet_dep_count ] == NULL ) - { - mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - } + unmet_dependencies[unmet_dep_count] = dep_id; unmet_dep_count++; } } @@ -730,9 +718,8 @@ int execute_tests( int argc , const char ** argv ) mbedtls_fprintf( stdout, "\n Unmet dependencies: " ); for( i = 0; i < unmet_dep_count; i++ ) { - mbedtls_fprintf( stdout, "%s ", + mbedtls_fprintf( stdout, "%d ", unmet_dependencies[i] ); - free( unmet_dependencies[i] ); } } mbedtls_fprintf( stdout, "\n" ); @@ -783,10 +770,6 @@ int execute_tests( int argc , const char ** argv ) total_errors++; } fclose( file ); - - /* In case we encounter early end of file */ - for( i = 0; i < unmet_dep_count; i++ ) - free( unmet_dependencies[i] ); } if( outcome_file != NULL ) From f4563b4c8b0f806593a8f13638d17b34af083f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 30 Mar 2020 12:46:21 +0200 Subject: [PATCH 060/138] Fix some style issues in udp_proxy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/udp_proxy.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index ae2cabee4a3a..7447571f4fb3 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -543,12 +543,13 @@ void print_packet( const packet *p, const char *why ) * * We want an explicit state and a place to store the packet. */ -static enum { - ich_init, /* haven't seen the first ClientHello yet */ - ich_cached, /* cached the initial ClientHello */ - ich_injected, /* ClientHello already injected, done */ -} inject_clihlo_state; +typedef enum { + ICH_INIT, /* haven't seen the first ClientHello yet */ + ICH_CACHED, /* cached the initial ClientHello */ + ICH_INJECTED, /* ClientHello already injected, done */ +} inject_clihlo_state_t; +static inject_clihlo_state_t inject_clihlo_state; static packet initial_clihlo; int send_packet( const packet *p, const char *why ) @@ -558,11 +559,11 @@ int send_packet( const packet *p, const char *why ) /* save initial ClientHello? */ if( opt.inject_clihlo != 0 && - inject_clihlo_state == ich_init && + inject_clihlo_state == ICH_INIT && strcmp( p->type, "ClientHello" ) == 0 ) { memcpy( &initial_clihlo, p, sizeof( packet ) ); - inject_clihlo_state = ich_cached; + inject_clihlo_state = ICH_CACHED; } /* insert corrupted CID record? */ @@ -631,7 +632,7 @@ int send_packet( const packet *p, const char *why ) /* Inject ClientHello after first ApplicationData */ if( opt.inject_clihlo != 0 && - inject_clihlo_state == ich_cached && + inject_clihlo_state == ICH_CACHED && strcmp( p->type, "ApplicationData" ) == 0 ) { print_packet( &initial_clihlo, "injected" ); @@ -643,7 +644,7 @@ int send_packet( const packet *p, const char *why ) return( ret ); } - inject_clihlo_state = ich_injected; + inject_clihlo_state = ICH_INJECTED; } return( 0 ); From 243d70f2a50cebd03f0d0328ed9196d6c813ecdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 31 Mar 2020 12:07:47 +0200 Subject: [PATCH 061/138] Improve debug logging of client hard reconnect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current logging was sub-standard, in particular there was no trace whatsoever of the HelloVerifyRequest being sent. Now it's being logged with the usual levels: 4 for full content, 2 return of f_send, 1 decision about sending it (or taking other branches in the same function) because that's the same level as state changes in the handshake, and also same as the "possible client reconnect" message" to which it's the logical continuation (what are we doing about it?). Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a0009d95687b..428ace5bacec 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3219,6 +3219,8 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) { /* If we can't use cookies to verify reachability of the peer, * drop the record. */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, " + "can't check reconnect validity" ) ); return( 0 ); } @@ -3234,16 +3236,23 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { + int send_ret; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) ); + MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", + ssl->out_buf, len ); /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ - (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); + send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len ); + MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret ); + (void) send_ret; + return( 0 ); } if( ret == 0 ) { - /* Got a valid cookie, partially reset context */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) ); if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); @@ -4416,6 +4425,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_msglen = rec.data_len; ret = ssl_check_client_reconnect( ssl ); + MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret ); if( ret != 0 ) return( ret ); #endif From 593adc8a7240c15d24ffdeee9985ab8fcddbcab8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 27 Mar 2020 12:58:13 -0400 Subject: [PATCH 062/138] Add an include path to the doxyfile to fix preprocessing for docs Previously, doxygen was unable to effectively use preprocessing to determine which parts of code should be documented. This was due to its inability to include headers during preprocessing, which was discovered by running it in preprocessing debug mode: doxygen -d preprocessor mbedtls.doxyfile An example of failure: "#include mbedtls/config.h: not found! skipping..." With the following fix includes are properly preprocessed with the documentation being considerably larger. Signed-off-by: Andrzej Kurek --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 473227110d5a..148fa279a489 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1594,7 +1594,7 @@ SEARCH_INCLUDES = YES # contain include files that are not input files but should be processed by # the preprocessor. -INCLUDE_PATH = +INCLUDE_PATH = ../include # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the From 679bb03cf7a2ba7eaf5b5fc75f8ea8fd50870a7b Mon Sep 17 00:00:00 2001 From: Dan Handley Date: Tue, 31 Mar 2020 18:35:29 +0100 Subject: [PATCH 063/138] Direct questions to mailing list in issue template Update issue template to direct questions to the TrustedFirmware.org mailing list instead of using the GitHub issue tracker. Signed-off-by: Dan Handley --- .github/issue_template.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 7c313535128c..18b87fca8e78 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -1,7 +1,7 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ### Description -- Type: Bug | Enhancement\Feature Request | Question +- Type: Bug | Enhancement\Feature Request - Priority: Blocker | Major | Minor --------------------------------------------------------------- @@ -38,4 +38,4 @@ Version: ## Question -**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)** +**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)** From 6e8d5a00b2e74a0984100b50a2004e6e79a5d50f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:01:28 +0100 Subject: [PATCH 064/138] Clarify confusion between file names and suffixes of file names To test a file name exactly, prepend a / to the base name. files_to_check actually checks suffixes, not file names, so rename it to extensions_to_check. Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 6e35f5224167..3d966d877685 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -143,9 +143,9 @@ class TabIssueTracker(LineIssueTracker): heading = "Tabs present:" files_exemptions = frozenset([ - "Makefile", - "Makefile.inc", - "generate_visualc_files.pl", + "/Makefile", + "/Makefile.inc", + "/generate_visualc_files.pl", ]) def issue_with_line(self, line, _filepath): @@ -180,9 +180,9 @@ def __init__(self, log_file): self.check_repo_path() self.logger = None self.setup_logger(log_file) - self.files_to_check = ( + self.extensions_to_check = ( ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", - "Makefile", "Makefile.inc", "CMakeLists.txt", "ChangeLog" + "/Makefile", "/Makefile.inc", "/CMakeLists.txt", "/ChangeLog" ) self.excluded_directories = ['.git', 'mbed-os'] self.excluded_paths = list(map(os.path.normpath, [ @@ -226,7 +226,7 @@ def check_files(self): dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) for filename in sorted(files): filepath = os.path.join(root, filename) - if not filepath.endswith(self.files_to_check): + if not filepath.endswith(self.extensions_to_check): continue for issue_to_check in self.issues_to_check: if issue_to_check.should_check_file(filepath): From 6a45d1e4ce543847ce8594937d748a157bc610f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:05:02 +0100 Subject: [PATCH 065/138] List each item on a separate line for easier maintenance Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 3d966d877685..7133e9dddc40 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -181,10 +181,23 @@ def __init__(self, log_file): self.logger = None self.setup_logger(log_file) self.extensions_to_check = ( - ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", - "/Makefile", "/Makefile.inc", "/CMakeLists.txt", "/ChangeLog" + ".c", + ".h", + ".sh", + ".pl", + ".py", + ".md", + ".function", + ".data", + "/Makefile", + "/Makefile.inc", + "/CMakeLists.txt", + "/ChangeLog", ) - self.excluded_directories = ['.git', 'mbed-os'] + self.excluded_directories = [ + '.git', + 'mbed-os', + ] self.excluded_paths = list(map(os.path.normpath, [ 'cov-int', 'examples', From 5308f12fc6aaaf70fa30e9c9c0457d45f18b732d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:05:41 +0100 Subject: [PATCH 066/138] Sort the list for easier maintenance Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 7133e9dddc40..804be7d63ad2 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -182,17 +182,17 @@ def __init__(self, log_file): self.setup_logger(log_file) self.extensions_to_check = ( ".c", + ".data", + ".function", ".h", - ".sh", + ".md", ".pl", ".py", - ".md", - ".function", - ".data", - "/Makefile", - "/Makefile.inc", + ".sh", "/CMakeLists.txt", "/ChangeLog", + "/Makefile", + "/Makefile.inc", ) self.excluded_directories = [ '.git', From 2c61873a0d8b705c099ae292e6ecc58dcd550db3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:26:01 +0100 Subject: [PATCH 067/138] Also check Windows files Check Windows files for some issues, including permissions. Omit the checks related to special characters (whitespace, line endings, encoding) as appropriate. Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 804be7d63ad2..135a3b39287c 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -81,6 +81,12 @@ def check_file_for_issue(self, filepath): for i, line in enumerate(iter(f.readline, b"")): self.check_file_line(filepath, line, i + 1) + +def is_windows_file(filepath): + _root, ext = os.path.splitext(filepath) + return ext in ('.dsp', '.sln', '.vcxproj') + + class PermissionIssueTracker(FileIssueTracker): """Track files with bad permissions. @@ -113,16 +119,21 @@ class Utf8BomIssueTracker(FileIssueTracker): heading = "UTF-8 BOM present:" + files_exemptions = frozenset([".vcxproj", ".sln"]) + def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: if f.read().startswith(codecs.BOM_UTF8): self.files_with_issues[filepath] = None -class LineEndingIssueTracker(LineIssueTracker): +class UnixLineEndingIssueTracker(LineIssueTracker): """Track files with non-Unix line endings (i.e. files with CR).""" - heading = "Non Unix line endings:" + heading = "Non-Unix line endings:" + + def should_check_file(self, filepath): + return not is_windows_file(filepath) def issue_with_line(self, line, _filepath): return b"\r" in line @@ -132,7 +143,7 @@ class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" heading = "Trailing whitespace:" - files_exemptions = frozenset(".md") + files_exemptions = frozenset([".dsp", ".md"]) def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() @@ -143,6 +154,7 @@ class TabIssueTracker(LineIssueTracker): heading = "Tabs present:" files_exemptions = frozenset([ + ".sln", "/Makefile", "/Makefile.inc", "/generate_visualc_files.pl", @@ -183,12 +195,15 @@ def __init__(self, log_file): self.extensions_to_check = ( ".c", ".data", + ".dsp", ".function", ".h", ".md", ".pl", ".py", ".sh", + ".sln", + ".vcxproj", "/CMakeLists.txt", "/ChangeLog", "/Makefile", @@ -206,7 +221,7 @@ def __init__(self, log_file): PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), Utf8BomIssueTracker(), - LineEndingIssueTracker(), + UnixLineEndingIssueTracker(), TrailingWhitespaceIssueTracker(), TabIssueTracker(), MergeArtifactIssueTracker(), From 545e13f4c100eab9c31fdd1a2308f65b4792c0e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:29:11 +0100 Subject: [PATCH 068/138] Check that Windows files have Windows line endings Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 135a3b39287c..e4a365f16388 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -139,6 +139,18 @@ def issue_with_line(self, line, _filepath): return b"\r" in line +class WindowsLineEndingIssueTracker(LineIssueTracker): + """Track files with non-Windows line endings (i.e. files without CR).""" + + heading = "Non-Windows line endings:" + + def should_check_file(self, filepath): + return is_windows_file(filepath) + + def issue_with_line(self, line, _filepath): + return not line.endswith(b"\r\n") + + class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" @@ -222,6 +234,7 @@ def __init__(self, log_file): EndOfFileNewlineIssueTracker(), Utf8BomIssueTracker(), UnixLineEndingIssueTracker(), + WindowsLineEndingIssueTracker(), TrailingWhitespaceIssueTracker(), TabIssueTracker(), MergeArtifactIssueTracker(), From b5f04e4d84966610a291483765cbd6871b7a6f43 Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Wed, 1 Apr 2020 11:23:58 +0100 Subject: [PATCH 069/138] Properly initialise psk and psk_len Signed-off-by: Guilhem Bryant --- include/mbedtls/ssl_internal.h | 2 ++ library/ssl_tls.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index fb8c23feea44..1e58ca3eb78a 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -945,6 +945,8 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, else { + *psk = NULL; + *psk_len = 0; return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6dabd3409c53..4a8686cc43a6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1848,7 +1848,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch { unsigned char *p = ssl->handshake->premaster; unsigned char *end = p + sizeof( ssl->handshake->premaster ); - const unsigned char *psk; + const unsigned char *psk = NULL; size_t psk_len = 0; if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) From d703a2ee19c16790be83414daa324cac06817bb0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 1 Apr 2020 13:35:46 +0200 Subject: [PATCH 070/138] In Windows files, detect CR without LF as well as LF without CR Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index e4a365f16388..1a9ba309a3fb 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -140,7 +140,7 @@ def issue_with_line(self, line, _filepath): class WindowsLineEndingIssueTracker(LineIssueTracker): - """Track files with non-Windows line endings (i.e. files without CR).""" + """Track files with non-Windows line endings (i.e. CR or LF not in CRLF).""" heading = "Non-Windows line endings:" @@ -148,7 +148,7 @@ def should_check_file(self, filepath): return is_windows_file(filepath) def issue_with_line(self, line, _filepath): - return not line.endswith(b"\r\n") + return not line.endswith(b"\r\n") or b"\r" in line[:-2] class TrailingWhitespaceIssueTracker(LineIssueTracker): From 0f3f9c3c735ffa6103587f17e616e9ea811b7afb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 1 Apr 2020 13:34:50 +0200 Subject: [PATCH 071/138] Fix a stray CR inside a line Use CRLF consistently instead of cobbling a \r here and a \n there. The generated files don't change. Signed-off-by: Gilles Peskine --- scripts/data_files/vs2010-app-template.vcxproj | 3 ++- scripts/generate_visualc_files.pl | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index e7bb122d8b58..e47adef4f9f1 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -18,7 +18,8 @@ x64 - + + diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 00a0c6322aba..1f67055e601e 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -125,10 +125,10 @@ sub gen_app { $path =~ s!/!\\!g; (my $appname = $path) =~ s/.*\\//; - my $srcs = "\n \r"; + my $srcs = ""; if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { - $srcs .= "\n \r"; + $srcs .= "\r\n "; } my $content = $template; From 2ae678d238efc37f5f8b5ddfee3dede9fbffe890 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:10:57 +0100 Subject: [PATCH 072/138] Systematically use Windows line endings in Windows files Don't mix Windows and Unix line endings, it's the worst of both worlds. Update the Visual Studio templates and regenerate the generated files. Signed-off-by: Gilles Peskine --- .../data_files/vs2010-app-template.vcxproj | 40 +++++++++---------- .../data_files/vs2010-main-template.vcxproj | 10 ++--- scripts/data_files/vs2010-sln-template.sln | 2 +- scripts/data_files/vs6-main-template.dsp | 20 +++++----- visualc/VS2010/aescrypt2.vcxproj | 40 +++++++++---------- visualc/VS2010/benchmark.vcxproj | 40 +++++++++---------- visualc/VS2010/cert_app.vcxproj | 40 +++++++++---------- visualc/VS2010/cert_req.vcxproj | 40 +++++++++---------- visualc/VS2010/cert_write.vcxproj | 40 +++++++++---------- visualc/VS2010/crl_app.vcxproj | 40 +++++++++---------- visualc/VS2010/crypt_and_hash.vcxproj | 40 +++++++++---------- visualc/VS2010/crypto_examples.vcxproj | 40 +++++++++---------- visualc/VS2010/dh_client.vcxproj | 40 +++++++++---------- visualc/VS2010/dh_genprime.vcxproj | 40 +++++++++---------- visualc/VS2010/dh_server.vcxproj | 40 +++++++++---------- visualc/VS2010/dtls_client.vcxproj | 40 +++++++++---------- visualc/VS2010/dtls_server.vcxproj | 40 +++++++++---------- visualc/VS2010/ecdh_curve25519.vcxproj | 40 +++++++++---------- visualc/VS2010/ecdsa.vcxproj | 40 +++++++++---------- visualc/VS2010/gen_entropy.vcxproj | 40 +++++++++---------- visualc/VS2010/gen_key.vcxproj | 40 +++++++++---------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 40 +++++++++---------- visualc/VS2010/gen_random_havege.vcxproj | 40 +++++++++---------- visualc/VS2010/generic_sum.vcxproj | 40 +++++++++---------- visualc/VS2010/hello.vcxproj | 40 +++++++++---------- visualc/VS2010/key_app.vcxproj | 40 +++++++++---------- visualc/VS2010/key_app_writer.vcxproj | 40 +++++++++---------- visualc/VS2010/key_ladder_demo.vcxproj | 40 +++++++++---------- visualc/VS2010/mbedTLS.sln | 2 +- visualc/VS2010/mbedTLS.vcxproj | 10 ++--- visualc/VS2010/mini_client.vcxproj | 40 +++++++++---------- visualc/VS2010/mpi_demo.vcxproj | 40 +++++++++---------- visualc/VS2010/pem2der.vcxproj | 40 +++++++++---------- visualc/VS2010/pk_decrypt.vcxproj | 40 +++++++++---------- visualc/VS2010/pk_encrypt.vcxproj | 40 +++++++++---------- visualc/VS2010/pk_sign.vcxproj | 40 +++++++++---------- visualc/VS2010/pk_verify.vcxproj | 40 +++++++++---------- visualc/VS2010/psa_constant_names.vcxproj | 40 +++++++++---------- .../VS2010/query_compile_time_config.vcxproj | 40 +++++++++---------- visualc/VS2010/req_app.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_decrypt.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_encrypt.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_genkey.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_sign.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_sign_pss.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_verify.vcxproj | 40 +++++++++---------- visualc/VS2010/rsa_verify_pss.vcxproj | 40 +++++++++---------- visualc/VS2010/selftest.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_client1.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_client2.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_fork_server.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_mail_client.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_server.vcxproj | 40 +++++++++---------- visualc/VS2010/ssl_server2.vcxproj | 40 +++++++++---------- visualc/VS2010/strerror.vcxproj | 40 +++++++++---------- visualc/VS2010/udp_proxy.vcxproj | 40 +++++++++---------- visualc/VS2010/zeroize.vcxproj | 40 +++++++++---------- 57 files changed, 1062 insertions(+), 1062 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index e47adef4f9f1..aae07b54efad 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -102,7 +102,7 @@ INCLUDE_DIRECTORIES Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -124,7 +124,7 @@ INCLUDE_DIRECTORIES Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -150,7 +150,7 @@ INCLUDE_DIRECTORIES true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 81bbbe6691bd..d3c8764967b5 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -21,7 +21,7 @@ {46CF2D25-6A36-4189-B59C-E4815388E554} Win32Proj - mbedTLS + mbedTLS @@ -85,7 +85,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -102,7 +102,7 @@ INCLUDE_DIRECTORIES Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -121,7 +121,7 @@ INCLUDE_DIRECTORIES MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -141,7 +141,7 @@ INCLUDE_DIRECTORIES MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES diff --git a/scripts/data_files/vs2010-sln-template.sln b/scripts/data_files/vs2010-sln-template.sln index 78dcde8d19d3..fc65a0be5c10 100644 --- a/scripts/data_files/vs2010-sln-template.sln +++ b/scripts/data_files/vs2010-sln-template.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 11.00 # Visual C++ Express 2010 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" EndProject APP_ENTRIES Global diff --git a/scripts/data_files/vs6-main-template.dsp b/scripts/data_files/vs6-main-template.dsp index dc728c4898f9..89d3fc731163 100644 --- a/scripts/data_files/vs6-main-template.dsp +++ b/scripts/data_files/vs6-main-template.dsp @@ -1,24 +1,24 @@ -# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4> +# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Static Library" 0x0104 -CFG=mbedtls - Win32 Debug +CFG=mbedtls - Win32 Debug !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE -!MESSAGE NMAKE /f "mbedtls.mak". +!MESSAGE NMAKE /f "mbedtls.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug" +!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library") -!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library") +!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library") +!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library") !MESSAGE # Begin Project @@ -28,7 +28,7 @@ CFG=mbedtls - Win32 Debug CPP=cl.exe RSC=rc.exe -!IF "$(CFG)" == "mbedtls - Win32 Release" +!IF "$(CFG)" == "mbedtls - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 @@ -51,7 +51,7 @@ LIB32=link.exe -lib # ADD BASE LIB32 /nologo # ADD LIB32 /nologo -!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug" +!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 @@ -78,8 +78,8 @@ LIB32=link.exe -lib # Begin Target -# Name "mbedtls - Win32 Release" -# Name "mbedtls - Win32 Debug" +# Name "mbedtls - Win32 Release" +# Name "mbedtls - Win32 Debug" # Begin Group "Source Files" # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index ad2a774f3ad5..0fdd2997d1e3 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 7bdcc4be5fcc..4bf7f6f545c1 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index ee7b4a152852..223353f74870 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index 2645e86a48d8..396b6467b025 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index f714d952d1ae..f5d171c1b1c0 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index b218a8909c55..082c1f13a372 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index 2ae86c4a3ba1..bec06ad14d90 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 687ed9dec6cd..0581d02d9e7f 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index 37affb70421e..14186b298657 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index c036f6b87257..ff1e85c2fd9a 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 101227877196..bc256c1d40b8 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index d9834354d466..05c967089fb9 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index 9fb41f74c3f5..9f17eedd5f6d 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 00e589e2b328..7a1e86245f54 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index ae1531ba6270..84dc88386fed 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 884affcba7ec..6b85f62ec722 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index cf41a89fbad4..e7b586a24079 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index dee5bae0484c..2cfdfaaf5436 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 13e219807bcc..48519d6f3b1f 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index c87ce89c8abe..861486592a0e 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index ef0ec146a1de..88112f519638 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index cb93ec2441b0..e90d9da01b85 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index bcd4a3e0a03d..002f9e87bd6d 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index 985cb492ee2b..f157da7f4878 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 73102e1a98f6..4e21fce9b5a1 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 11.00 # Visual C++ Express 2010 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}" ProjectSection(ProjectDependencies) = postProject diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 6643abd29584..b7678ffeb27a 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -21,7 +21,7 @@ {46CF2D25-6A36-4189-B59C-E4815388E554} Win32Proj - mbedTLS + mbedTLS @@ -85,7 +85,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -101,7 +101,7 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -119,7 +119,7 @@ MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -138,7 +138,7 @@ MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index 1f19a10e956f..9f17519861d3 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index a9939072e095..42d526287f31 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 0c4e5e14620d..e56adff457fe 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 05d495035318..17cce620f5db 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 2826a9611993..7c215b23613f 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index b0c86e982533..ca1b1c4ee88c 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 879bc1026c80..b32782a84ad7 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 8b36047ca360..4f484d8b5a7b 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index 7fbb8c5d6c01..0cc8a28203db 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -23,7 +23,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -72,22 +72,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -102,7 +102,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -123,7 +123,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -148,7 +148,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 70e9e1524e37..99e98017c180 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 0e9e99ec6068..137d2bc2ba70 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 8e395878f1c7..1081579eb3fb 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 6eec312a0358..d460a7fd1b27 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index 584496e7d1d3..356df9fa5fcb 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index 994d818b16c2..b8a09eebcd1c 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index 93c84a3e5015..5ce841057f8c 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index ac54a68b5a1b..2cc576b882cb 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 279481f9f443..42fb32abd11b 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 2b188fe30027..f0d6af7f4785 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index 21a6f6be0e42..7db1a52ac446 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -23,7 +23,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -72,22 +72,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -102,7 +102,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -123,7 +123,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -148,7 +148,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index e4fd3620a45c..f67b1bef2471 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index 5341ff5dc743..64629c6af6cf 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index eccee4f92ddf..9c6e2f5618a0 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index 0f7d5e75ff44..94ba22e18764 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -23,7 +23,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -72,22 +72,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -102,7 +102,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -123,7 +123,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -148,7 +148,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 10be4e6819ac..497a4e25a5e4 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 10b28cde10b0..49f92403a209 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index ac9c709df3aa..932c802ba2ef 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) From 9039dc401f022c4e749b9f5ad9a95dc2e18cba1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 2 Apr 2020 11:34:34 +0200 Subject: [PATCH 073/138] Improve ctags invocation in Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding .function was necessary, as otherwise ctags would have no idea what to do with those files. Adding .h may not be necessary, as by default ctags considers them C++ which is probably good enough, but since we're tuning the mapping anyway... Signed-off-by: Manuel Pégourié-Gonnard --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8e72bd17d94b..68522613fc73 100644 --- a/Makefile +++ b/Makefile @@ -125,7 +125,7 @@ endif ## Editor navigation files C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) tags: $(C_SOURCE_FILES) - ctags -o $@ $(C_SOURCE_FILES) + ctags -o $@ --langmap=c:+.h.function $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES) GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) From c9f895606578f1e59124b87e879de4dbaf6f8cac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 2 Apr 2020 12:10:45 +0200 Subject: [PATCH 074/138] Allow alternative ctags versions in Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 68522613fc73..e0eb7a58c5aa 100644 --- a/Makefile +++ b/Makefile @@ -124,8 +124,10 @@ endif ## Editor navigation files C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +# Exuberant-ctags invocation. Other ctags implementations may require different options. +CTAGS = ctags --langmap=c:+.h.function -o tags: $(C_SOURCE_FILES) - ctags -o $@ --langmap=c:+.h.function $(C_SOURCE_FILES) + $(CTAGS) $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES) GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) From e1a05a534aab01167774ac0c0cb1b94f3f395920 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Apr 2020 15:52:06 +0200 Subject: [PATCH 075/138] unit tests main: Fix potential buffer overflow Fix potential buffer overflow when tracking the unmet dependencies of a test case. The identifiers of unmet dependencies are stored in an array of fixed size. Ensure that we don't overrun the array. Signed-off-by: Ronald Cron --- tests/suites/host_test.function | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 1069c2415c46..14925ebaf5d3 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -647,8 +647,12 @@ int execute_tests( int argc , const char ** argv ) int dep_id = strtol( params[i], NULL, 10 ); if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED ) { - unmet_dependencies[unmet_dep_count] = dep_id; - unmet_dep_count++; + if( unmet_dep_count < + ARRAY_LENGTH( unmet_dependencies ) ) + { + unmet_dependencies[unmet_dep_count] = dep_id; + unmet_dep_count++; + } } } From 67a8a37b9179617cc3fbb1354b92c77babe93e0a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Apr 2020 16:04:41 +0200 Subject: [PATCH 076/138] unit test: Indicate missing unmet dependencies The identifiers of the unmet dependencies of a test case are stored in a buffer of fixed size that can be potentially to small to store all the unmet dependencies. Indicate in test reports if some unmet dependencies are missing. Signed-off-by: Ronald Cron --- tests/suites/host_test.function | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 14925ebaf5d3..b6490fbbbc04 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -418,14 +418,17 @@ static void write_outcome_entry( FILE *outcome_file, * * \param outcome_file The file to write to. * If this is \c NULL, this function does nothing. - * \param unmet_dep_count The number of unmet dependencies. - * \param unmet_dependencies The array of unmet dependencies. + * \param unmet_dep_count The number of unmet dependencies. + * \param unmet_dependencies The array of unmet dependencies. + * \param missing_unmet_dependencies Non-zero if there was a problem tracking + * all unmet dependencies, 0 otherwise. * \param ret The test dispatch status (DISPATCH_xxx). * \param test_info A pointer to the test info structure. */ static void write_outcome_result( FILE *outcome_file, size_t unmet_dep_count, int unmet_dependencies[], + int missing_unmet_dependencies, int ret, const test_info_t *info ) { @@ -447,6 +450,8 @@ static void write_outcome_result( FILE *outcome_file, i == 0 ? ';' : ':', unmet_dependencies[i] ); } + if( missing_unmet_dependencies ) + mbedtls_fprintf( outcome_file, ":..." ); break; } switch( info->result ) @@ -599,6 +604,7 @@ int execute_tests( int argc , const char ** argv ) { size_t unmet_dep_count = 0; int unmet_dependencies[20]; + int missing_unmet_dependencies = 0; test_filename = test_files[ testfile_index ]; @@ -621,6 +627,7 @@ int execute_tests( int argc , const char ** argv ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; + missing_unmet_dependencies = 0; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -653,6 +660,10 @@ int execute_tests( int argc , const char ** argv ) unmet_dependencies[unmet_dep_count] = dep_id; unmet_dep_count++; } + else + { + missing_unmet_dependencies = 1; + } } } @@ -706,6 +717,7 @@ int execute_tests( int argc , const char ** argv ) write_outcome_result( outcome_file, unmet_dep_count, unmet_dependencies, + missing_unmet_dependencies, ret, &test_info ); if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) { @@ -725,11 +737,14 @@ int execute_tests( int argc , const char ** argv ) mbedtls_fprintf( stdout, "%d ", unmet_dependencies[i] ); } + if( missing_unmet_dependencies ) + mbedtls_fprintf( stdout, "..." ); } mbedtls_fprintf( stdout, "\n" ); fflush( stdout ); unmet_dep_count = 0; + missing_unmet_dependencies = 0; } else if( ret == DISPATCH_TEST_SUCCESS ) { From 60d6516c60edff75b0c60a177f70604167b6bc8b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Apr 2020 19:50:00 +0200 Subject: [PATCH 077/138] Fix whitespace style Signed-off-by: Gilles Peskine --- library/hkdf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/hkdf.c b/library/hkdf.c index 379035ddbb5a..3b9942c00064 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -115,7 +115,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, n = okm_len / hash_len; - if( (okm_len % hash_len) != 0 ) + if( okm_len % hash_len != 0 ) { n++; } @@ -131,7 +131,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, mbedtls_md_init( &ctx ); - if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 ) { goto exit; } From 3ab121a6034aa36a895e1bbb5daab7a27d8b14c3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Apr 2020 19:51:05 +0200 Subject: [PATCH 078/138] hkdf_expand: explicitly initialize t t is never used uninitialized, since the first loop iteration reads 0 bytes of it and then writes hash_len bytes, and subsequent iterations read and write hash_len bytes. However this is somewhat fragile, and it would be legitimate for a static analyzer to be unsure. Initialize t explicitly, to make the code clearer and more robust, at negligible cost. Reported by Vasily Evseenko in https://github.com/ARMmbed/mbedtls/pull/2942 with a slightly different fix. Signed-off-by: Gilles Peskine --- library/hkdf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/hkdf.c b/library/hkdf.c index 3b9942c00064..82df597a4c69 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -136,6 +136,8 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, goto exit; } + memset( t, 0, hash_len ); + /* * Compute T = T(1) | T(2) | T(3) | ... | T(N) * Where T(N) is defined in RFC 5869 Section 2.3 From 03d3711bb109011b62456eafe30cc6586bd879dc Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Fri, 3 Apr 2020 18:21:19 +0100 Subject: [PATCH 079/138] Fix bracket style Signed-off-by: Guilhem Bryant --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4a8686cc43a6..c0ebfcb675b0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1853,11 +1853,13 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + { /* * This should never happen because the existence of a PSK is always * checked before calling this function */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + } /* * PMS = struct { From 0c9b1955cacc59556370911b3713a6f316766623 Mon Sep 17 00:00:00 2001 From: Guilhem Bryant Date: Wed, 8 Apr 2020 11:02:38 +0100 Subject: [PATCH 080/138] Return internal error if no PSK is found when deriving the premaster secret Signed-off-by: Guilhem Bryant --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c0ebfcb675b0..9a523f5b08df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1859,6 +1859,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * checked before calling this function */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } /* From ee85686339609a65652272ef5d6fd224b4c9d671 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Apr 2020 16:58:36 +0100 Subject: [PATCH 081/138] Add missing ChangeLog entry The MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH build option has been added since the last release, but there was no entry for it in the ChangeLog. Signed-off-by: Janos Follath --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5c4a846214b7..a6983a791398 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,11 @@ Security an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932 +Features + * The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically + resizes the I/O buffers before and after handshakes, reducing the memory + consumption during application data transfer. + Bugfix * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. From 876e0259d50a9672bdd7b41853467eed2b1f51a7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Apr 2020 17:15:18 +0100 Subject: [PATCH 082/138] Bump version to Mbed TLS 2.22.0 Signed-off-by: Janos Follath --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6983a791398..509c74cd89d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.22.0 branch released 2020-04-14 New deprecations * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 8e2539de01ae..749d5c1ebefb 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.21.0 source code documentation + * @mainpage mbed TLS v2.22.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 148fa279a489..418318da593a 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.21.0" +PROJECT_NAME = "mbed TLS v2.22.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 35af4cc432ba..b89e36efd55f 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 21 +#define MBEDTLS_VERSION_MINOR 22 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02150000 -#define MBEDTLS_VERSION_STRING "2.21.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0" +#define MBEDTLS_VERSION_NUMBER 0x02160000 +#define MBEDTLS_VERSION_STRING "2.22.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.22.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 14dfa221b470..fd98fa50e065 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -187,19 +187,19 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.21.0 SOVERSION 4) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) target_link_libraries(mbedcrypto ${libs}) target_include_directories(mbedcrypto PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.21.0 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.21.0 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 868fe06d5aa4..5dc81d334670 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.21.0" +check_compiletime_version:"2.22.0" Check runtime library version -check_runtime_version:"2.21.0" +check_runtime_version:"2.22.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From e52fd3fa551449c41576ba87b1d26e03b951e8c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Apr 2020 10:11:17 +0200 Subject: [PATCH 083/138] Fix integer overflow in benchmark program MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When building with MBEDTLS_MEMORY_DEBUG enabled, and running the ecdh part, the benchmark program would start writing a very large number of space characters on stdout, and would have to be killed because it never seemed to terminate. This was due to an integer overflow in computing how many space to leave after the title in order to get memory measurements aligned, which resulted in up to SIZE_MAX spaces being printed. This commit just fixes the overflow, the next commit is going to fix the magic number (12). Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/benchmark.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 8f89c70c6157..eb2537f44fac 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -158,7 +158,8 @@ do { \ #define MEMORY_MEASURE_PRINT( title_len ) \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ - for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \ + for( ii = 12 > (title_len) ? 12 - (title_len) : 1; ii !=0; ii--) \ + mbedtls_printf( " " ); \ max_used -= prv_used; \ max_blocks -= prv_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ From 90c6e84a9c3e1823af6430d948e1e3e80521b01d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Apr 2020 05:25:29 -0400 Subject: [PATCH 084/138] Split the maximum fragment length into two - an input and output MFL Since the server might want to have a different maximum fragment length for the outgoing messages than the negotiated one - introduce a new way of computing it. This commit also adds additional ssl-opt.sh tests ensuring that the maximum fragment lengths are set as expected. mbedtls_ssl_get_max_frag_len() is now a deprecated function, being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour of this function is the same as before. Signed-off-by: Andrzej Kurek --- ChangeLog | 9 ++ include/mbedtls/ssl.h | 60 +++++++-- include/mbedtls/ssl_internal.h | 8 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 46 ++++++- programs/ssl/ssl_client2.c | 6 +- programs/ssl/ssl_server2.c | 6 +- tests/ssl-opt.sh | 231 ++++++++++++++++++++++++++++++--- 8 files changed, 328 insertions(+), 40 deletions(-) diff --git a/ChangeLog b/ChangeLog index bcceebb7d5d9..0547f69edfee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date) New deprecations * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the SSL module for hardware acceleration of individual records. + * Deprecate mbedtls_ssl_get_max_frag_len() in favour of + mbedtls_ssl_get_output_max_frag_len() and + mbedtls_ssl_get_input_max_frag_len() to be more precise about which max + fragment length is desired. Bugfix * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and @@ -13,6 +17,11 @@ Bugfix Changes * Mbed Crypto is no longer a Git submodule. The crypto part of the library is back directly in the present repository. + * Split mbedtls_ssl_get_max_frag_len() into + mbedtls_ssl_get_output_max_frag_len() and + mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input + buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + is defined), regardless of what MFL was configured for it. = mbed TLS 2.21.0 branch released 2020-02-20 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1a071fc30b10..1c98a5e5a885 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3523,18 +3523,61 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** - * \brief Return the maximum fragment length (payload, in bytes). - * This is the value negotiated with peer if any, - * or the locally configured value. + * \brief Return the maximum fragment length (payload, in bytes) for + * the output buffer. For the client, this is the configured + * value. For the server, it is the minimum of two - the + * configured value and the negotiated one. * * \sa mbedtls_ssl_conf_max_frag_len() * \sa mbedtls_ssl_get_max_record_payload() * * \param ssl SSL context * - * \return Current maximum fragment length. + * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); + +/** + * \brief Return the maximum fragment length (payload, in bytes) for + * the input buffer. This is the negotiated maximum fragment + * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN. + * If it is not defined either, the value is 2^14. This function + * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). + * + * \sa mbedtls_ssl_conf_max_frag_len() + * \sa mbedtls_ssl_get_max_record_payload() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif + +/** + * \brief This function is a deprecated approach to getting the max + * fragment length. Its an alias for + * \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour + * is the same. See \c mbedtls_ssl_get_output_max_frag_len() for + * more detail. + * + * \sa mbedtls_ssl_get_input_max_frag_len() + * \sa mbedtls_ssl_get_output_max_frag_len() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( + const mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ /** @@ -3555,7 +3598,8 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); * when record compression is enabled. * * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_max_frag_len() + * \sa mbedtls_ssl_get_output_max_frag_len() + * \sa mbedtls_ssl_get_input_max_frag_len() * \sa mbedtls_ssl_get_record_expansion() * * \param ssl SSL context @@ -3863,8 +3907,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. - * \c mbedtls_ssl_get_max_frag_len() may be used to query the - * active maximum fragment length. + * \c mbedtls_ssl_get_output_max_frag_len() may be used to + * query the active maximum fragment length. * * \note Attempting to write 0 bytes will result in an empty TLS * application record being sent. diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9ff61fd3cd85..f83d01454fd9 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -260,11 +260,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_OUT_LEN_MAX; #else - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } @@ -272,11 +272,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_IN_LEN_MAX; #else - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18fa55574dea..b4902bef8e36 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -214,7 +214,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); if( max_len > mfl ) max_len = mfl; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 990fa5c0c115..9b0a710a9cde 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4889,7 +4889,42 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) +{ + size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t read_mfl; + + /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE ) + { + return ssl_mfl_code_to_length( ssl->conf->mfl_code ); + } + + /* Check if a smaller max length was negotiated */ + if( ssl->session_out != NULL ) + { + read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); + if( read_mfl < max_len ) + { + max_len = read_mfl; + } + } + + // During a handshake, use the value being negotiated + if( ssl->session_negotiate != NULL ) + { + read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); + if( read_mfl < max_len ) + { + max_len = read_mfl; + } + } + + return( max_len ); +} + +size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ) { size_t max_len; @@ -4914,6 +4949,13 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) return( max_len ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) +{ + return mbedtls_ssl_get_output_max_frag_len( ssl ); +} +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -4946,7 +4988,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); if( max_len > mfl ) max_len = mfl; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d6c3d7751f4b..f6284feeb9be 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2553,8 +2553,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum input fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum output fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); #endif #if defined(MBEDTLS_SSL_ALPN) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f1b5c37aad76..845881f93290 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3633,8 +3633,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum input fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum output fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); #endif #if defined(MBEDTLS_SSL_ALPN) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35f742f67784..b0228d7ae80f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2925,8 +2925,10 @@ run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2937,8 +2939,10 @@ run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2952,8 +2956,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2969,8 +2975,10 @@ run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -C "Maximum fragment length is 16384" \ - -S "Maximum fragment length is 16384" \ + -C "Maximum input fragment length is 16384" \ + -C "Maximum output fragment length is 16384" \ + -S "Maximum input fragment length is 16384" \ + -S "Maximum output fragment length is 16384" \ -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ -s "$MAX_CONTENT_LEN bytes read" \ -s "1 bytes read" @@ -2980,8 +2988,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -C "Maximum fragment length is 16384" \ - -S "Maximum fragment length is 16384" \ + -C "Maximum input fragment length is 16384" \ + -C "Maximum output fragment length is 16384" \ + -S "Maximum input fragment length is 16384" \ + -S "Maximum output fragment length is 16384" \ -c "fragment larger than.*maximum " requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -2989,8 +2999,178 @@ run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum fragment length is 4096" \ - -s "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 4096" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3001,8 +3181,10 @@ run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is 4096" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3014,7 +3196,8 @@ run_test "Max fragment length: gnutls server" \ "$G_SRV" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" @@ -3023,8 +3206,10 @@ run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 0 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3037,8 +3222,10 @@ run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 0 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3052,8 +3239,10 @@ run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 1 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ From 8ea6872889f073876ca3b7c17a51eca419e06f50 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Apr 2020 06:40:47 -0400 Subject: [PATCH 085/138] Improve pointer calculations when resizing I/O buffers This commit introduces two changes: - Add in_msg and out_msg calculations for buffer upsizing. This was previously considered as unnecessary, but renegotiation using certain ciphersuites needs this. - Improving the way out_msg and in_msg pointers are calculated, so that even if no resizing is introduced, the pointers remain the same; New tests added: - various renegotiation schemes with a range of MFL's and ciphersuites; - an ssl-opt.sh test exercising two things that were problematic: renegotiation with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller than the one negotiated by the client. Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 96 +++++++++------ tests/ssl-opt.sh | 23 ++++ tests/suites/test_suite_ssl.data | 168 +++++++++++++++++++++++++-- tests/suites/test_suite_ssl.function | 11 +- 4 files changed, 244 insertions(+), 54 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9b0a710a9cde..d0adfd9515d0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3673,36 +3673,51 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* If the buffers are too small - reallocate */ { int modified = 0; - if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) + size_t written_in = 0; + size_t written_out = 0; + if( ssl->in_buf != NULL ) { - if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, - &ssl->in_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else + written_in = ssl->in_msg - ssl->in_buf; + if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) ); - modified = 1; + if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, + &ssl->in_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) ); + modified = 1; + } } } - if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) + + if( ssl->out_buf != NULL ) { - if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, - &ssl->out_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else + written_out = ssl->out_msg - ssl->out_buf; + if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) ); - modified = 1; + if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, + &ssl->out_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) ); + modified = 1; + } } } if( modified ) { /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); + /* Fields below might not be properly updated with record + * splitting, so they are manually updated here. */ + ssl->out_msg = ssl->out_buf + written_out; + ssl->in_msg = ssl->in_buf + written_in; } } #endif @@ -5934,36 +5949,41 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); size_t written_in = 0; size_t written_out = 0; - if( ssl->in_buf != NULL && - ssl->in_buf_len > buf_len && - ssl->in_left < buf_len ) + if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; - if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) + if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) ); - modified = 1; + written_in = ssl->in_msg - ssl->in_buf; + if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) ); + modified = 1; + } } } + buf_len = mbedtls_ssl_get_output_buflen( ssl ); - if( ssl->out_buf != NULL && - ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && - ssl->out_left < buf_len ) + if(ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; - if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else + if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && + ssl->out_left < buf_len ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) ); - modified = 1; + if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) ); + modified = 1; + } } } if( modified ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b0228d7ae80f..df4baf848e40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3343,6 +3343,29 @@ run_test "Renegotiation: double" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Renegotiation with max fragment length: client 2048, server 512" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" + requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated, server-rejected" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 47ebd92d30a4..9af6a5ca0b79 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -379,40 +379,184 @@ DTLS serialization with MFL=4096 resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 DTLS no legacy renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy break handshake renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" + +DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2a6e99b46a6d..e59a1677c205 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3900,12 +3900,13 @@ void renegotiation( int legacy_renegotiation ) /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls ) + int serialize, int dtls, char *cipher ) { handshake_test_options options; init_handshake_options( &options ); options.mfl = mfl; + options.cipher = cipher; options.renegotiate = renegotiation; options.legacy_renegotiation = legacy_renegotiation; options.serialize = serialize; @@ -3921,7 +3922,8 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */ void resize_buffers_serialize_mfl( int mfl ) { - test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 ); + test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, + (char *) "" ); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; @@ -3929,9 +3931,10 @@ void resize_buffers_serialize_mfl( int mfl ) /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation ) +void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation, + char *cipher ) { - test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 ); + test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher ); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; From 940bc0048ccdce640a3bc5ff3b7770f9832b7503 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 Apr 2020 09:34:47 +0100 Subject: [PATCH 086/138] Add missing ChangeLog entry Signed-off-by: Janos Follath --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 509c74cd89d3..c1463f2d2e22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ Bugfix MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. * Remove a spurious check in ssl_parse_client_psk_identity that triggered a warning with some compilers. Fix contributed by irwir in #2856. + * Fix a function name in a debug message. Contributed by Ercan Ozturk in + #3013. Changes * Mbed Crypto is no longer a Git submodule. The crypto part of the library From a9f64006ea173549d661990a3c57af444e861d72 Mon Sep 17 00:00:00 2001 From: Gaurav Aggarwal Date: Thu, 9 Apr 2020 01:44:52 -0700 Subject: [PATCH 087/138] Add support for const error description strings Problem ------- mbedtls_strerror is a utility function which converts an mbedTLS error code into a human readable string. It requires the caller to allocate a buffer every time an error code needs to be converted to a string. It is an overkill and a waste of RAM for resource constrained microcontrollers - where the most common use case is to use these strings for logging. Solution -------- The proposed commit adds two functions: * const char * mbedtls_high_level_strerr( int error_code ); * const char * mbedtls_low_level_strerr( int error_code ); The above two functions convert the high level and low level parts of an mbedTLS error code to human readable strings. They return a const pointer to an unmodifiable string which is not supposed to be modified by the caller and only to be used for logging purposes. The caller no longer needs to allocate a buffer. Backward Compatibility ---------------------- The proposed change is completely backward compatible as it does not change the existing mbedtls_strerror function and ensures that it continues to behave the same way. Signed-off-by: Gaurav Aggarwal --- include/mbedtls/error.h | 26 + library/error.c | 917 ++++++++++++++--------------------- scripts/data_files/error.fmt | 87 +++- scripts/generate_errors.pl | 16 +- 4 files changed, 459 insertions(+), 587 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 82b018813e97..3f0af04daf51 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -127,6 +127,32 @@ extern "C" { */ void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); +/** + * \brief Translate high level part of a mbed TLS error code into a string + * representation. + * + * This function returns a const pointer to an un-modifiable string. The caller + * must not try to modify the string use it only for logging purposes. + * + * \param error_code error code + * + * \return The string representation of the error code. + */ +const char * mbedtls_high_level_strerr( int error_code ); + +/** + * \brief Translate low level part of a mbed TLS error code into a string + * representation. + * + * This function returns a const pointer to an un-modifiable string. The caller + * must not try to modify the string and use it only for logging purposes. + * + * \param error_code error code + * + * \return The string representation of the error code. + */ +const char * mbedtls_low_level_strerr( int error_code ); + #ifdef __cplusplus } #endif diff --git a/library/error.c b/library/error.c index ee9c852b5973..1656e621b385 100644 --- a/library/error.c +++ b/library/error.c @@ -213,701 +213,502 @@ #endif -void mbedtls_strerror( int ret, char *buf, size_t buflen ) +typedef struct mbedtls_error { - size_t len; - int use_ret; - - if( buflen == 0 ) - return; - - memset( buf, 0x00, buflen ); - - if( ret < 0 ) - ret = -ret; + int code; /* Error code. */ + const char * description; /* Error description. */ +} mbedtls_error_t; - if( ret & 0xFF80 ) - { - use_ret = ret & 0xFF80; - - // High level error codes - // - // BEGIN generated code +static mbedtls_error_t high_level_errors[] = +{ #if defined(MBEDTLS_CIPHER_C) - if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) - mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid. For example, because it was freed" ); - if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE), .description="CIPHER - The selected feature is not available"}, + {.code = -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA), .description="CIPHER - Bad input parameters"}, + {.code = -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED), .description="CIPHER - Failed to allocate memory"}, + {.code = -(MBEDTLS_ERR_CIPHER_INVALID_PADDING), .description="CIPHER - Input data contains invalid padding and is rejected"}, + {.code = -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED), .description="CIPHER - Decryption of block requires a full block"}, + {.code = -(MBEDTLS_ERR_CIPHER_AUTH_FAILED), .description="CIPHER - Authentication failed (for AEAD modes)"}, + {.code = -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT), .description="CIPHER - The context is invalid. For example, because it was freed"}, + {.code = -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED), .description="CIPHER - Cipher hardware accelerator failed"}, #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) - if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters" ); - if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Reading of the public values failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Making of the public value failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_INVALID_FORMAT) ) - mbedtls_snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" ); - if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "DHM - Read or write of file failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) ) - mbedtls_snprintf( buf, buflen, "DHM - Setting the modulus and generator failed" ); + {.code = -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA), .description="DHM - Bad input parameters"}, + {.code = -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED), .description="DHM - Reading of the DHM parameters failed"}, + {.code = -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED), .description="DHM - Making of the DHM parameters failed"}, + {.code = -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED), .description="DHM - Reading of the public values failed"}, + {.code = -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED), .description="DHM - Making of the public value failed"}, + {.code = -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED), .description="DHM - Calculation of the DHM secret failed"}, + {.code = -(MBEDTLS_ERR_DHM_INVALID_FORMAT), .description="DHM - The ASN.1 data is not formatted correctly"}, + {.code = -(MBEDTLS_ERR_DHM_ALLOC_FAILED), .description="DHM - Allocation of memory failed"}, + {.code = -(MBEDTLS_ERR_DHM_FILE_IO_ERROR), .description="DHM - Read or write of file failed"}, + {.code = -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED), .description="DHM - DHM hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED), .description="DHM - Setting the modulus and generator failed"}, #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) - if( use_ret == -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "ECP - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); - if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" ); - if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" ); - if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" ); - if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" ); - if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) - mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); - if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" ); - if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_ECP_IN_PROGRESS) ) - mbedtls_snprintf( buf, buflen, "ECP - Operation in progress, call again with the same parameters to continue" ); + {.code = -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA), .description="ECP - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL), .description="ECP - The buffer is too small to write to"}, + {.code = -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE), .description="ECP - The requested feature is not available, for example, the requested curve is not supported"}, + {.code = -(MBEDTLS_ERR_ECP_VERIFY_FAILED), .description="ECP - The signature is not valid"}, + {.code = -(MBEDTLS_ERR_ECP_ALLOC_FAILED), .description="ECP - Memory allocation failed"}, + {.code = -(MBEDTLS_ERR_ECP_RANDOM_FAILED), .description="ECP - Generation of random value, such as ephemeral key, failed"}, + {.code = -(MBEDTLS_ERR_ECP_INVALID_KEY), .description="ECP - Invalid private or public key"}, + {.code = -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH), .description="ECP - The buffer contains a valid signature followed by more data"}, + {.code = -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED), .description="ECP - The ECP hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_ECP_IN_PROGRESS), .description="ECP - Operation in progress, call again with the same parameters to continue"}, #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) - if( use_ret == -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "MD - The selected feature is not available" ); - if( use_ret == -(MBEDTLS_ERR_MD_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "MD - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_MD_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" ); - if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" ); - if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE), .description="MD - The selected feature is not available"}, + {.code = -(MBEDTLS_ERR_MD_BAD_INPUT_DATA), .description="MD - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_MD_ALLOC_FAILED), .description="MD - Failed to allocate memory"}, + {.code = -(MBEDTLS_ERR_MD_FILE_IO_ERROR), .description="MD - Opening or reading of file failed"}, + {.code = -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED), .description="MD - MD hardware accelerator failed"}, #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) - if( use_ret == -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) ) - mbedtls_snprintf( buf, buflen, "PEM - No PEM header or footer found" ); - if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_DATA) ) - mbedtls_snprintf( buf, buflen, "PEM - PEM string is not as expected" ); - if( use_ret == -(MBEDTLS_ERR_PEM_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "PEM - Failed to allocate memory" ); - if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_ENC_IV) ) - mbedtls_snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" ); - if( use_ret == -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG) ) - mbedtls_snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" ); - if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "PEM - Private key password can't be empty" ); - if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" ); - if( use_ret == -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" ); - if( use_ret == -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "PEM - Bad input parameters to function" ); + {.code = -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT), .description="PEM - No PEM header or footer found"}, + {.code = -(MBEDTLS_ERR_PEM_INVALID_DATA), .description="PEM - PEM string is not as expected"}, + {.code = -(MBEDTLS_ERR_PEM_ALLOC_FAILED), .description="PEM - Failed to allocate memory"}, + {.code = -(MBEDTLS_ERR_PEM_INVALID_ENC_IV), .description="PEM - RSA IV is not in hex-format"}, + {.code = -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG), .description="PEM - Unsupported key encryption algorithm"}, + {.code = -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED), .description="PEM - Private key password can't be empty"}, + {.code = -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH), .description="PEM - Given private key password does not allow for correct decryption"}, + {.code = -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE), .description="PEM - Unavailable feature, e.g. hashing/encryption combination"}, + {.code = -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA), .description="PEM - Bad input parameters to function"}, #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ #if defined(MBEDTLS_PK_C) - if( use_ret == -(MBEDTLS_ERR_PK_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "PK - Memory allocation failed" ); - if( use_ret == -(MBEDTLS_ERR_PK_TYPE_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); - if( use_ret == -(MBEDTLS_ERR_PK_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "PK - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_PK_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "PK - Read/write of file failed" ); - if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION) ) - mbedtls_snprintf( buf, buflen, "PK - Unsupported key version" ); - if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT) ) - mbedtls_snprintf( buf, buflen, "PK - Invalid key tag or value" ); - if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG) ) - mbedtls_snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); - if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "PK - Private key password can't be empty" ); - if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" ); - if( use_ret == -(MBEDTLS_ERR_PK_INVALID_PUBKEY) ) - mbedtls_snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); - if( use_ret == -(MBEDTLS_ERR_PK_INVALID_ALG) ) - mbedtls_snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE) ) - mbedtls_snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); - if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); - if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" ); - if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_PK_ALLOC_FAILED), .description="PK - Memory allocation failed"}, + {.code = -(MBEDTLS_ERR_PK_TYPE_MISMATCH), .description="PK - Type mismatch, eg attempt to encrypt with an ECDSA key"}, + {.code = -(MBEDTLS_ERR_PK_BAD_INPUT_DATA), .description="PK - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_PK_FILE_IO_ERROR), .description="PK - Read/write of file failed"}, + {.code = -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION), .description="PK - Unsupported key version"}, + {.code = -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT), .description="PK - Invalid key tag or value"}, + {.code = -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG), .description="PK - Key algorithm is unsupported (only RSA and EC are supported)"}, + {.code = -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED), .description="PK - Private key password can't be empty"}, + {.code = -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH), .description="PK - Given private key password does not allow for correct decryption"}, + {.code = -(MBEDTLS_ERR_PK_INVALID_PUBKEY), .description="PK - The pubkey tag or value is invalid (only RSA and EC are supported)"}, + {.code = -(MBEDTLS_ERR_PK_INVALID_ALG), .description="PK - The algorithm tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE), .description="PK - Elliptic curve is unsupported (only NIST curves are supported)"}, + {.code = -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE), .description="PK - Unavailable feature, e.g. RSA disabled for RSA key"}, + {.code = -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH), .description="PK - The buffer contains a valid signature followed by more data"}, + {.code = -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED), .description="PK - PK hardware accelerator failed"}, #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) - if( use_ret == -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); - if( use_ret == -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT) ) - mbedtls_snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" ); - if( use_ret == -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" ); + {.code = -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA), .description="PKCS12 - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE), .description="PKCS12 - Feature not available, e.g. unsupported encryption scheme"}, + {.code = -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT), .description="PKCS12 - PBE ASN.1 data not as expected"}, + {.code = -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH), .description="PKCS12 - Given private key password does not allow for correct decryption"}, #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) - if( use_ret == -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT) ) - mbedtls_snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" ); - if( use_ret == -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" ); - if( use_ret == -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" ); + {.code = -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA), .description="PKCS5 - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT), .description="PKCS5 - Unexpected ASN.1 data"}, + {.code = -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE), .description="PKCS5 - Requested encryption or digest alg not available"}, + {.code = -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH), .description="PKCS5 - Given private key password does not allow for correct decryption"}, #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_RSA_C) - if( use_ret == -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "RSA - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_RSA_INVALID_PADDING) ) - mbedtls_snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" ); - if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" ); - if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the validity check of the library" ); - if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" ); - if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - The private key operation failed" ); - if( use_ret == -(MBEDTLS_ERR_RSA_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" ); - if( use_ret == -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) ) - mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); - if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); - if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" ); - if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA), .description="RSA - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_RSA_INVALID_PADDING), .description="RSA - Input data contains invalid padding and is rejected"}, + {.code = -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED), .description="RSA - Something failed during generation of a key"}, + {.code = -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED), .description="RSA - Key failed to pass the validity check of the library"}, + {.code = -(MBEDTLS_ERR_RSA_PUBLIC_FAILED), .description="RSA - The public key operation failed"}, + {.code = -(MBEDTLS_ERR_RSA_PRIVATE_FAILED), .description="RSA - The private key operation failed"}, + {.code = -(MBEDTLS_ERR_RSA_VERIFY_FAILED), .description="RSA - The PKCS#1 verification failed"}, + {.code = -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE), .description="RSA - The output buffer for decryption is not large enough"}, + {.code = -(MBEDTLS_ERR_RSA_RNG_FAILED), .description="RSA - The random generator failed to generate non-zeros"}, + {.code = -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION), .description="RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality"}, + {.code = -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED), .description="RSA - RSA hardware accelerator failed"}, #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) - if( use_ret == -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "SSL - The requested feature is not available" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SSL - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_MAC) ) - mbedtls_snprintf( buf, buflen, "SSL - Verification of the message MAC failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_RECORD) ) - mbedtls_snprintf( buf, buflen, "SSL - An invalid SSL record was received" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CONN_EOF) ) - mbedtls_snprintf( buf, buflen, "SSL - The connection indicated an EOF" ); - if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER) ) - mbedtls_snprintf( buf, buflen, "SSL - An unknown cipher was received" ); - if( use_ret == -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN) ) - mbedtls_snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" ); - if( use_ret == -(MBEDTLS_ERR_SSL_NO_RNG) ) - mbedtls_snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" ); - if( use_ret == -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE) ) - mbedtls_snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE) ) - mbedtls_snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" ); - if( use_ret == -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" ); - if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) ) - mbedtls_snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" ); - if( use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE) ) - { - mbedtls_snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" ); - return; - } - if( use_ret == -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "SSL - Verification of our peer failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) ) - mbedtls_snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "SSL - Memory allocation failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" ); - if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) ) - mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" ); - if( use_ret == -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION) ) - mbedtls_snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) ) - mbedtls_snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" ); - if( use_ret == -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) ) - mbedtls_snprintf( buf, buflen, "SSL - Session ticket has expired" ); - if( use_ret == -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); - if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) ) - mbedtls_snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" ); - if( use_ret == -(MBEDTLS_ERR_SSL_INTERNAL_ERROR) ) - mbedtls_snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" ); - if( use_ret == -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING) ) - mbedtls_snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); - if( use_ret == -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) ) - mbedtls_snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" ); - if( use_ret == -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) ) - mbedtls_snprintf( buf, buflen, "SSL - DTLS client must retry for hello verification" ); - if( use_ret == -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" ); - if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) ) - mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); - if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) ) - mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" ); - if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) ) - mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" ); - if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) ) - mbedtls_snprintf( buf, buflen, "SSL - The operation timed out" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT) ) - mbedtls_snprintf( buf, buflen, "SSL - The client initiated a reconnect from the same port" ); - if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) ) - mbedtls_snprintf( buf, buflen, "SSL - Record header looks valid but is not expected" ); - if( use_ret == -(MBEDTLS_ERR_SSL_NON_FATAL) ) - mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); - if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) - mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) - mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" ); - if( use_ret == -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) ) - mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" ); - if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) ) - mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" ); - if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) ) - mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); - if( use_ret == -(MBEDTLS_ERR_SSL_VERSION_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "SSL - An operation failed due to an unexpected version or configuration" ); - if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) ) - mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" ); + {.code = -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE), .description="SSL - The requested feature is not available"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA), .description="SSL - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_SSL_INVALID_MAC), .description="SSL - Verification of the message MAC failed"}, + {.code = -(MBEDTLS_ERR_SSL_INVALID_RECORD), .description="SSL - An invalid SSL record was received"}, + {.code = -(MBEDTLS_ERR_SSL_CONN_EOF), .description="SSL - The connection indicated an EOF"}, + {.code = -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER), .description="SSL - An unknown cipher was received"}, + {.code = -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN), .description="SSL - The server has no ciphersuites in common with the client"}, + {.code = -(MBEDTLS_ERR_SSL_NO_RNG), .description="SSL - No RNG was provided to the SSL module"}, + {.code = -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE), .description="SSL - No client certification received from the client, but required by the authentication mode"}, + {.code = -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE), .description="SSL - Our own certificate(s) is/are too large to send in an SSL message"}, + {.code = -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED), .description="SSL - The own certificate is not set, but needed by the server"}, + {.code = -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED), .description="SSL - The own private key or pre-shared key is not set, but needed"}, + {.code = -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED), .description="SSL - No CA Chain is set, but required to operate"}, + {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE), .description="SSL - An unexpected message was received from our peer"}, + {.code = -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), .description="SSL - A fatal alert message was received from our peer"}, + {.code = -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED), .description="SSL - Verification of our peer failed"}, + {.code = -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY), .description="SSL - The peer notified us that the connection is going to be closed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO), .description="SSL - Processing of the ClientHello handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO), .description="SSL - Processing of the ServerHello handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE), .description="SSL - Processing of the Certificate handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST), .description="SSL - Processing of the CertificateRequest handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE), .description="SSL - Processing of the ServerKeyExchange handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE), .description="SSL - Processing of the ServerHelloDone handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE), .description="SSL - Processing of the ClientKeyExchange handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP), .description="SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS), .description="SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY), .description="SSL - Processing of the CertificateVerify handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC), .description="SSL - Processing of the ChangeCipherSpec handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED), .description="SSL - Processing of the Finished handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_ALLOC_FAILED), .description="SSL - Memory allocation failed"}, + {.code = -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED), .description="SSL - Hardware acceleration function returned with error"}, + {.code = -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH), .description="SSL - Hardware acceleration function skipped / left alone data"}, + {.code = -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED), .description="SSL - Processing of the compression / decompression failed"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION), .description="SSL - Handshake protocol not within min/max boundaries"}, + {.code = -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET), .description="SSL - Processing of the NewSessionTicket handshake message failed"}, + {.code = -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED), .description="SSL - Session ticket has expired"}, + {.code = -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH), .description="SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)"}, + {.code = -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY), .description="SSL - Unknown identity received (eg, PSK identity)"}, + {.code = -(MBEDTLS_ERR_SSL_INTERNAL_ERROR), .description="SSL - Internal error (eg, unexpected failure in lower-level module)"}, + {.code = -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING), .description="SSL - A counter would wrap (eg, too many messages exchanged)"}, + {.code = -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO), .description="SSL - Unexpected message at ServerHello in renegotiation"}, + {.code = -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED), .description="SSL - DTLS client must retry for hello verification"}, + {.code = -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL), .description="SSL - A buffer is too small to receive or write a message"}, + {.code = -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE), .description="SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)"}, + {.code = -(MBEDTLS_ERR_SSL_WANT_READ), .description="SSL - No data of requested type currently available on underlying transport"}, + {.code = -(MBEDTLS_ERR_SSL_WANT_WRITE), .description="SSL - Connection requires a write call"}, + {.code = -(MBEDTLS_ERR_SSL_TIMEOUT), .description="SSL - The operation timed out"}, + {.code = -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT), .description="SSL - The client initiated a reconnect from the same port"}, + {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD), .description="SSL - Record header looks valid but is not expected"}, + {.code = -(MBEDTLS_ERR_SSL_NON_FATAL), .description="SSL - The alert message received indicates a non-fatal error"}, + {.code = -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH), .description="SSL - Couldn't set the hash for verifying CertificateVerify"}, + {.code = -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING), .description="SSL - Internal-only message signaling that further message-processing should be done"}, + {.code = -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS), .description="SSL - The asynchronous operation is not completed yet"}, + {.code = -(MBEDTLS_ERR_SSL_EARLY_MESSAGE), .description="SSL - Internal-only message signaling that a message arrived early"}, + {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_CID), .description="SSL - An encrypted DTLS-frame with an unexpected CID was received"}, + {.code = -(MBEDTLS_ERR_SSL_VERSION_MISMATCH), .description="SSL - An operation failed due to an unexpected version or configuration"}, + {.code = -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS), .description="SSL - A cryptographic operation is in progress. Try again later"}, #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) - if( use_ret == -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); - if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_OID) ) - mbedtls_snprintf( buf, buflen, "X509 - Requested OID is unknown" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_FORMAT) ) - mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_VERSION) ) - mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SERIAL) ) - mbedtls_snprintf( buf, buflen, "X509 - The serial tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_ALG) ) - mbedtls_snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_NAME) ) - mbedtls_snprintf( buf, buflen, "X509 - The name tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_DATE) ) - mbedtls_snprintf( buf, buflen, "X509 - The date tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SIGNATURE) ) - mbedtls_snprintf( buf, buflen, "X509 - The signature tag or value invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS) ) - mbedtls_snprintf( buf, buflen, "X509 - The extension tag or value is invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_VERSION) ) - mbedtls_snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" ); - if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG) ) - mbedtls_snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" ); - if( use_ret == -(MBEDTLS_ERR_X509_SIG_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" ); - if( use_ret == -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) ) - mbedtls_snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); - if( use_ret == -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT) ) - mbedtls_snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" ); - if( use_ret == -(MBEDTLS_ERR_X509_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "X509 - Input invalid" ); - if( use_ret == -(MBEDTLS_ERR_X509_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "X509 - Allocation of memory failed" ); - if( use_ret == -(MBEDTLS_ERR_X509_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" ); - if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); - if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) - mbedtls_snprintf( buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); + {.code = -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE), .description="X509 - Unavailable feature, e.g. RSA hashing/encryption combination"}, + {.code = -(MBEDTLS_ERR_X509_UNKNOWN_OID), .description="X509 - Requested OID is unknown"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_FORMAT), .description="X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_VERSION), .description="X509 - The CRT/CRL/CSR version element is invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_SERIAL), .description="X509 - The serial tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_ALG), .description="X509 - The algorithm tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_NAME), .description="X509 - The name tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_DATE), .description="X509 - The date tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_SIGNATURE), .description="X509 - The signature tag or value invalid"}, + {.code = -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS), .description="X509 - The extension tag or value is invalid"}, + {.code = -(MBEDTLS_ERR_X509_UNKNOWN_VERSION), .description="X509 - CRT/CRL/CSR has an unsupported version number"}, + {.code = -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG), .description="X509 - Signature algorithm (oid) is unsupported"}, + {.code = -(MBEDTLS_ERR_X509_SIG_MISMATCH), .description="X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)"}, + {.code = -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED), .description="X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"}, + {.code = -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT), .description="X509 - Format not recognized as DER or PEM"}, + {.code = -(MBEDTLS_ERR_X509_BAD_INPUT_DATA), .description="X509 - Input invalid"}, + {.code = -(MBEDTLS_ERR_X509_ALLOC_FAILED), .description="X509 - Allocation of memory failed"}, + {.code = -(MBEDTLS_ERR_X509_FILE_IO_ERROR), .description="X509 - Read/write of file failed"}, + {.code = -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL), .description="X509 - Destination buffer is too small"}, + {.code = -(MBEDTLS_ERR_X509_FATAL_ERROR), .description="X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"}, #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ - // END generated code +}; - if( strlen( buf ) == 0 ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); - } +#define NUM_HIGH_LEVEL_ERRORS ( sizeof(high_level_errors)/sizeof(mbedtls_error_t) ) - use_ret = ret & ~0xFF80; - - if( use_ret == 0 ) - return; - - // If high level code is present, make a concatenation between both - // error strings. - // - len = strlen( buf ); - - if( len > 0 ) - { - if( buflen - len < 5 ) - return; - - mbedtls_snprintf( buf + len, buflen - len, " : " ); - - buf += len + 3; - buflen -= len + 3; - } - - // Low level error codes - // - // BEGIN generated code +static mbedtls_error_t low_level_errors[] = +{ #if defined(MBEDTLS_AES_C) - if( use_ret == -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); - if( use_ret == -(MBEDTLS_ERR_AES_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "AES - Invalid input data" ); - if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" ); - if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH), .description="AES - Invalid key length"}, + {.code = -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH), .description="AES - Invalid data input length"}, + {.code = -(MBEDTLS_ERR_AES_BAD_INPUT_DATA), .description="AES - Invalid input data"}, + {.code = -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE), .description="AES - Feature not available. For example, an unsupported AES key size"}, + {.code = -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED), .description="AES - AES hardware accelerator failed"}, #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ARC4_C) - if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED), .description="ARC4 - ARC4 hardware accelerator failed"}, #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) - if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "ARIA - ARIA hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA), .description="ARIA - Bad input data"}, + {.code = -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH), .description="ARIA - Invalid data input length"}, + {.code = -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE), .description="ARIA - Feature not available. For example, an unsupported ARIA key size"}, + {.code = -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED), .description="ARIA - ARIA hardware accelerator failed"}, #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) - if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) ) - mbedtls_snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_DATA) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Data is invalid" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Memory allocation failed" ); - if( use_ret == -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" ); + {.code = -(MBEDTLS_ERR_ASN1_OUT_OF_DATA), .description="ASN1 - Out of data when parsing an ASN1 data structure"}, + {.code = -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG), .description="ASN1 - ASN1 tag was of an unexpected value"}, + {.code = -(MBEDTLS_ERR_ASN1_INVALID_LENGTH), .description="ASN1 - Error when trying to determine the length or invalid length"}, + {.code = -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH), .description="ASN1 - Actual length differs from expected length"}, + {.code = -(MBEDTLS_ERR_ASN1_INVALID_DATA), .description="ASN1 - Data is invalid"}, + {.code = -(MBEDTLS_ERR_ASN1_ALLOC_FAILED), .description="ASN1 - Memory allocation failed"}, + {.code = -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL), .description="ASN1 - Buffer too small when writing ASN.1 data structure"}, #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_BASE64_C) - if( use_ret == -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "BASE64 - Output buffer too small" ); - if( use_ret == -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER) ) - mbedtls_snprintf( buf, buflen, "BASE64 - Invalid character in input" ); + {.code = -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL), .description="BASE64 - Output buffer too small"}, + {.code = -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER), .description="BASE64 - Invalid character in input"}, #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_BIGNUM_C) - if( use_ret == -(MBEDTLS_ERR_MPI_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" ); - if( use_ret == -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_MPI_INVALID_CHARACTER) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" ); - if( use_ret == -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" ); - if( use_ret == -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" ); - if( use_ret == -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" ); - if( use_ret == -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" ); - if( use_ret == -(MBEDTLS_ERR_MPI_ALLOC_FAILED) ) - mbedtls_snprintf( buf, buflen, "BIGNUM - Memory allocation failed" ); + {.code = -(MBEDTLS_ERR_MPI_FILE_IO_ERROR), .description="BIGNUM - An error occurred while reading from or writing to a file"}, + {.code = -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA), .description="BIGNUM - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_MPI_INVALID_CHARACTER), .description="BIGNUM - There is an invalid character in the digit string"}, + {.code = -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL), .description="BIGNUM - The buffer is too small to write to"}, + {.code = -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE), .description="BIGNUM - The input arguments are negative or result in illegal output"}, + {.code = -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO), .description="BIGNUM - The input argument for division is zero, which is not allowed"}, + {.code = -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE), .description="BIGNUM - The input arguments are not acceptable"}, + {.code = -(MBEDTLS_ERR_MPI_ALLOC_FAILED), .description="BIGNUM - Memory allocation failed"}, #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA), .description="BLOWFISH - Bad input data"}, + {.code = -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH), .description="BLOWFISH - Invalid data input length"}, + {.code = -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED), .description="BLOWFISH - Blowfish hardware accelerator failed"}, #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA), .description="CAMELLIA - Bad input data"}, + {.code = -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH), .description="CAMELLIA - Invalid data input length"}, + {.code = -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED), .description="CAMELLIA - Camellia hardware accelerator failed"}, #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) - if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) ) - mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" ); - if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) ) - mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); - if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_CCM_BAD_INPUT), .description="CCM - Bad input parameters to the function"}, + {.code = -(MBEDTLS_ERR_CCM_AUTH_FAILED), .description="CCM - Authenticated decryption failed"}, + {.code = -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED), .description="CCM - CCM hardware accelerator failed"}, #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHA20_C) - if( use_ret == -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" ); - if( use_ret == -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "CHACHA20 - Feature not available. For example, s part of the API is not implemented" ); - if( use_ret == -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "CHACHA20 - Chacha20 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA), .description="CHACHA20 - Invalid input parameter(s)"}, + {.code = -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE), .description="CHACHA20 - Feature not available. For example, s part of the API is not implemented"}, + {.code = -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED), .description="CHACHA20 - Chacha20 hardware accelerator failed"}, #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE) ) - mbedtls_snprintf( buf, buflen, "CHACHAPOLY - The requested operation is not permitted in the current state" ); - if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) ) - mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); + {.code = -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE), .description="CHACHAPOLY - The requested operation is not permitted in the current state"}, + {.code = -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED), .description="CHACHAPOLY - Authenticated decryption failed: data was not authentic"}, #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) - if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED), .description="CMAC - CMAC hardware accelerator failed"}, #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) - if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); - if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - The requested random buffer length is too big" ); - if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - The input (entropy + additional data) is too large" ); - if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read or write error in file" ); + {.code = -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED), .description="CTR_DRBG - The entropy source failed"}, + {.code = -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG), .description="CTR_DRBG - The requested random buffer length is too big"}, + {.code = -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG), .description="CTR_DRBG - The input (entropy + additional data) is too large"}, + {.code = -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR), .description="CTR_DRBG - Read or write error in file"}, #endif /* MBEDTLS_CTR_DRBG_C */ #if defined(MBEDTLS_DES_C) - if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" ); - if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH), .description="DES - The data input has an invalid length"}, + {.code = -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED), .description="DES - DES hardware accelerator failed"}, #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) - if( use_ret == -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED) ) - mbedtls_snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" ); - if( use_ret == -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES) ) - mbedtls_snprintf( buf, buflen, "ENTROPY - No more sources can be added" ); - if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED) ) - mbedtls_snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" ); - if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE) ) - mbedtls_snprintf( buf, buflen, "ENTROPY - No strong sources have been added to poll" ); - if( use_ret == -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); + {.code = -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED), .description="ENTROPY - Critical entropy source failure"}, + {.code = -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES), .description="ENTROPY - No more sources can be added"}, + {.code = -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED), .description="ENTROPY - No sources have been added to poll"}, + {.code = -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE), .description="ENTROPY - No strong sources have been added to poll"}, + {.code = -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR), .description="ENTROPY - Read/write error in file"}, #endif /* MBEDTLS_ENTROPY_C */ #if defined(MBEDTLS_ERROR_C) - if( use_ret == -(MBEDTLS_ERR_ERROR_GENERIC_ERROR) ) - mbedtls_snprintf( buf, buflen, "ERROR - Generic error" ); - if( use_ret == -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED) ) - mbedtls_snprintf( buf, buflen, "ERROR - This is a bug in the library" ); + {.code = -(MBEDTLS_ERR_ERROR_GENERIC_ERROR), .description="ERROR - Generic error"}, + {.code = -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED), .description="ERROR - This is a bug in the library"}, #endif /* MBEDTLS_ERROR_C */ #if defined(MBEDTLS_GCM_C) - if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) - mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); - if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) ) - mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" ); + {.code = -(MBEDTLS_ERR_GCM_AUTH_FAILED), .description="GCM - Authenticated decryption failed"}, + {.code = -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED), .description="GCM - GCM hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_GCM_BAD_INPUT), .description="GCM - Bad input parameters to function"}, #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_HKDF_C) - if( use_ret == -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "HKDF - Bad input parameters to function" ); + {.code = -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA), .description="HKDF - Bad input parameters to function"}, #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_HMAC_DRBG_C) - if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" ); - if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" ); - if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" ); - if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) ) - mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); + {.code = -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG), .description="HMAC_DRBG - Too many random requested in single call"}, + {.code = -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG), .description="HMAC_DRBG - Input too large (Entropy + additional)"}, + {.code = -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR), .description="HMAC_DRBG - Read/write error in file"}, + {.code = -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED), .description="HMAC_DRBG - The entropy source failed"}, #endif /* MBEDTLS_HMAC_DRBG_C */ #if defined(MBEDTLS_MD2_C) - if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED), .description="MD2 - MD2 hardware accelerator failed"}, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) - if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED), .description="MD4 - MD4 hardware accelerator failed"}, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) - if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED), .description="MD5 - MD5 hardware accelerator failed"}, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_NET_C) - if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" ); - if( use_ret == -(MBEDTLS_ERR_NET_CONNECT_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - The connection to the given server / port failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_BIND_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Binding of the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_LISTEN_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Could not listen on the socket" ); - if( use_ret == -(MBEDTLS_ERR_NET_ACCEPT_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Could not accept the incoming connection" ); - if( use_ret == -(MBEDTLS_ERR_NET_RECV_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Reading information from the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_SEND_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) ) - mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" ); - if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) ) - mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" ); - if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); - if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) - mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); - if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "NET - Input invalid" ); + {.code = -(MBEDTLS_ERR_NET_SOCKET_FAILED), .description="NET - Failed to open a socket"}, + {.code = -(MBEDTLS_ERR_NET_CONNECT_FAILED), .description="NET - The connection to the given server / port failed"}, + {.code = -(MBEDTLS_ERR_NET_BIND_FAILED), .description="NET - Binding of the socket failed"}, + {.code = -(MBEDTLS_ERR_NET_LISTEN_FAILED), .description="NET - Could not listen on the socket"}, + {.code = -(MBEDTLS_ERR_NET_ACCEPT_FAILED), .description="NET - Could not accept the incoming connection"}, + {.code = -(MBEDTLS_ERR_NET_RECV_FAILED), .description="NET - Reading information from the socket failed"}, + {.code = -(MBEDTLS_ERR_NET_SEND_FAILED), .description="NET - Sending information through the socket failed"}, + {.code = -(MBEDTLS_ERR_NET_CONN_RESET), .description="NET - Connection was reset by peer"}, + {.code = -(MBEDTLS_ERR_NET_UNKNOWN_HOST), .description="NET - Failed to get an IP address for the given hostname"}, + {.code = -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL), .description="NET - Buffer is too small to hold the data"}, + {.code = -(MBEDTLS_ERR_NET_INVALID_CONTEXT), .description="NET - The context is invalid, eg because it was free()ed"}, + {.code = -(MBEDTLS_ERR_NET_POLL_FAILED), .description="NET - Polling the net context failed"}, + {.code = -(MBEDTLS_ERR_NET_BAD_INPUT_DATA), .description="NET - Input invalid"}, #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) - if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) ) - mbedtls_snprintf( buf, buflen, "OID - OID is not found" ); - if( use_ret == -(MBEDTLS_ERR_OID_BUF_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "OID - output buffer is too small" ); + {.code = -(MBEDTLS_ERR_OID_NOT_FOUND), .description="OID - OID is not found"}, + {.code = -(MBEDTLS_ERR_OID_BUF_TOO_SMALL), .description="OID - output buffer is too small"}, #endif /* MBEDTLS_OID_C */ #if defined(MBEDTLS_PADLOCK_C) - if( use_ret == -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED) ) - mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); + {.code = -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED), .description="PADLOCK - Input data should be aligned"}, #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) - if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) ) - mbedtls_snprintf( buf, buflen, "PLATFORM - The requested feature is not supported by the platform" ); + {.code = -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED), .description="PLATFORM - Hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED), .description="PLATFORM - The requested feature is not supported by the platform"}, #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) - if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" ); - if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" ); - if( use_ret == -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "POLY1305 - Poly1305 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA), .description="POLY1305 - Invalid input parameter(s)"}, + {.code = -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE), .description="POLY1305 - Feature not available. For example, s part of the API is not implemented"}, + {.code = -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED), .description="POLY1305 - Poly1305 hardware accelerator failed"}, #endif /* MBEDTLS_POLY1305_C */ #if defined(MBEDTLS_RIPEMD160_C) - if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED), .description="RIPEMD160 - RIPEMD160 hardware accelerator failed"}, #endif /* MBEDTLS_RIPEMD160_C */ #if defined(MBEDTLS_SHA1_C) - if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 input data was malformed" ); + {.code = -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED), .description="SHA1 - SHA-1 hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA), .description="SHA1 - SHA-1 input data was malformed"}, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" ); + {.code = -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED), .description="SHA256 - SHA-256 hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA), .description="SHA256 - SHA-256 input data was malformed"}, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 input data was malformed" ); + {.code = -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED), .description="SHA512 - SHA-512 hardware accelerator failed"}, + {.code = -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA), .description="SHA512 - SHA-512 input data was malformed"}, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) - if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" ); - if( use_ret == -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "THREADING - Bad input parameters to function" ); - if( use_ret == -(MBEDTLS_ERR_THREADING_MUTEX_ERROR) ) - mbedtls_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" ); + {.code = -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE), .description="THREADING - The selected feature is not available"}, + {.code = -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA), .description="THREADING - Bad input parameters to function"}, + {.code = -(MBEDTLS_ERR_THREADING_MUTEX_ERROR), .description="THREADING - Locking / unlocking / free failed with error code"}, #endif /* MBEDTLS_THREADING_C */ #if defined(MBEDTLS_XTEA_C) - if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" ); - if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" ); + {.code = -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH), .description="XTEA - The data input has an invalid length"}, + {.code = -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED), .description="XTEA - XTEA hardware accelerator failed"}, #endif /* MBEDTLS_XTEA_C */ - // END generated code +}; + +#define NUM_LOW_LEVEL_ERRORS ( sizeof(low_level_errors)/sizeof(mbedtls_error_t) ) + +const char * mbedtls_high_level_strerr( int error_code ) +{ + size_t i; + const char *error_description = NULL; + + for(i = 0; i < NUM_HIGH_LEVEL_ERRORS; i++ ) + { + if( high_level_errors[i].code == error_code ) + { + error_description = high_level_errors[i].description; + break; + } + } + + return error_description; +} + +const char * mbedtls_low_level_strerr( int error_code ) +{ + size_t i; + const char *error_description = NULL; + + for(i = 0; i < NUM_LOW_LEVEL_ERRORS; i++ ) + { + if( low_level_errors[i].code == error_code ) + { + error_description = low_level_errors[i].description; + break; + } + } + + return error_description; +} - if( strlen( buf ) != 0 ) +void mbedtls_strerror( int ret, char *buf, size_t buflen ) +{ + size_t len; + int use_ret; + const char * high_level_error_description = NULL; + const char * low_level_error_description = NULL; + + if( buflen == 0 ) return; - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + memset( buf, 0x00, buflen ); + + if( ret < 0 ) + ret = -ret; + + if( ret & 0xFF80 ) + { + use_ret = ret & 0xFF80; + + // Translate high level error code. + high_level_error_description = mbedtls_high_level_strerr(use_ret); + + if( high_level_error_description == NULL ) + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + else + mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); + + // Early return in case of a fatal error - do not try to translate low + // level code. + if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) + return; + } + + use_ret = ret & ~0xFF80; + + if( use_ret == 0 ) + return; + + // If high level code is present, make a concatenation between both + // error strings. + // + len = strlen( buf ); + + if( len > 0 ) + { + if( buflen - len < 5 ) + return; + + mbedtls_snprintf( buf + len, buflen - len, " : " ); + + buf += len + 3; + buflen -= len + 3; + } + + // Translate low level error code. + low_level_error_description = mbedtls_low_level_strerr( use_ret ); + + if( low_level_error_description == NULL ) + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + else + mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); } #else /* MBEDTLS_ERROR_C */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 63607054edff..c54ab906f049 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -42,10 +42,66 @@ HEADER_INCLUDED +typedef struct mbedtls_error +{ + int code; /* Error code. */ + const char * description; /* Error description. */ +} mbedtls_error_t; + +static mbedtls_error_t high_level_errors[] = +{ +HIGH_LEVEL_CODE_CHECKS +}; + +#define NUM_HIGH_LEVEL_ERRORS ( sizeof(high_level_errors)/sizeof(mbedtls_error_t) ) + +static mbedtls_error_t low_level_errors[] = +{ +LOW_LEVEL_CODE_CHECKS +}; + +#define NUM_LOW_LEVEL_ERRORS ( sizeof(low_level_errors)/sizeof(mbedtls_error_t) ) + +const char * mbedtls_high_level_strerr( int error_code ) +{ + size_t i; + const char *error_description = NULL; + + for(i = 0; i < NUM_HIGH_LEVEL_ERRORS; i++ ) + { + if( high_level_errors[i].code == error_code ) + { + error_description = high_level_errors[i].description; + break; + } + } + + return error_description; +} + +const char * mbedtls_low_level_strerr( int error_code ) +{ + size_t i; + const char *error_description = NULL; + + for(i = 0; i < NUM_LOW_LEVEL_ERRORS; i++ ) + { + if( low_level_errors[i].code == error_code ) + { + error_description = low_level_errors[i].description; + break; + } + } + + return error_description; +} + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; int use_ret; + const char * high_level_error_description = NULL; + const char * low_level_error_description = NULL; if( buflen == 0 ) return; @@ -59,14 +115,18 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) { use_ret = ret & 0xFF80; - // High level error codes - // - // BEGIN generated code -HIGH_LEVEL_CODE_CHECKS - // END generated code + // Translate high level error code. + high_level_error_description = mbedtls_high_level_strerr(use_ret); - if( strlen( buf ) == 0 ) + if( high_level_error_description == NULL ) mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + else + mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); + + // Early return in case of a fatal error - do not try to translate low + // level code. + if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) + return; } use_ret = ret & ~0xFF80; @@ -90,16 +150,13 @@ HIGH_LEVEL_CODE_CHECKS buflen -= len + 3; } - // Low level error codes - // - // BEGIN generated code -LOW_LEVEL_CODE_CHECKS - // END generated code - - if( strlen( buf ) != 0 ) - return; + // Translate low level error code. + low_level_error_description = mbedtls_low_level_strerr( use_ret ); - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + if( low_level_error_description == NULL ) + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + else + mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); } #else /* MBEDTLS_ERROR_C */ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 87c8bf7ac760..ee9029d3a786 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -125,7 +125,7 @@ { $code_check = \$hl_code_check; $old_define = \$hl_old_define; - $white_space = ' '; + $white_space = ' '; } if ($define_name ne ${$old_define}) @@ -160,19 +160,7 @@ ${$old_define} = $define_name; } - if ($error_name eq "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE") - { - ${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n". - "${white_space}\{\n". - "${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n". - "${white_space} return;\n". - "${white_space}}\n" - } - else - { - ${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n". - "${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n" - } + ${$code_check} .= "${white_space}\{.code = -($error_name), .description=\"$module_name - $description\"},\n"; }; if ($ll_old_define ne "") From 6d6ee98c140e70fb8b07301e270081eb1fe91d13 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:28:14 +0200 Subject: [PATCH 088/138] Exit with a failure status if some tests failed Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 6419f05e4155..7490777ec0da 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -224,3 +224,7 @@ make clean if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi + +if [ $TOTAL_FAIL -ne 0 ]; then + exit 1 +fi From a4a2aa516943d66062b7418ecf2a27240b1433b4 Mon Sep 17 00:00:00 2001 From: Gaurav Aggarwal Date: Thu, 9 Apr 2020 11:39:04 -0700 Subject: [PATCH 089/138] Address review comments - Use switch case instead of loop to generate faster code - Add #if defined to address compiler error Signed-off-by: Gaurav Aggarwal --- library/error.c | 1070 ++++++++++++++++++++++++---------- scripts/data_files/error.fmt | 42 +- scripts/generate_errors.pl | 8 +- 3 files changed, 792 insertions(+), 328 deletions(-) diff --git a/library/error.c b/library/error.c index 1656e621b385..200e579778db 100644 --- a/library/error.c +++ b/library/error.c @@ -213,436 +213,918 @@ #endif -typedef struct mbedtls_error +const char * mbedtls_high_level_strerr( int error_code ) { - int code; /* Error code. */ - const char * description; /* Error description. */ -} mbedtls_error_t; + const char *error_description = NULL; -static mbedtls_error_t high_level_errors[] = -{ + switch( error_code ) + { #if defined(MBEDTLS_CIPHER_C) - {.code = -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE), .description="CIPHER - The selected feature is not available"}, - {.code = -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA), .description="CIPHER - Bad input parameters"}, - {.code = -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED), .description="CIPHER - Failed to allocate memory"}, - {.code = -(MBEDTLS_ERR_CIPHER_INVALID_PADDING), .description="CIPHER - Input data contains invalid padding and is rejected"}, - {.code = -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED), .description="CIPHER - Decryption of block requires a full block"}, - {.code = -(MBEDTLS_ERR_CIPHER_AUTH_FAILED), .description="CIPHER - Authentication failed (for AEAD modes)"}, - {.code = -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT), .description="CIPHER - The context is invalid. For example, because it was freed"}, - {.code = -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED), .description="CIPHER - Cipher hardware accelerator failed"}, + case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): + error_description = "CIPHER - The selected feature is not available"; + break; + case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): + error_description = "CIPHER - Bad input parameters"; + break; + case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED): + error_description = "CIPHER - Failed to allocate memory"; + break; + case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING): + error_description = "CIPHER - Input data contains invalid padding and is rejected"; + break; + case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED): + error_description = "CIPHER - Decryption of block requires a full block"; + break; + case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED): + error_description = "CIPHER - Authentication failed (for AEAD modes)"; + break; + case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT): + error_description = "CIPHER - The context is invalid. For example, because it was freed"; + break; + case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED): + error_description = "CIPHER - Cipher hardware accelerator failed"; + break; #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) - {.code = -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA), .description="DHM - Bad input parameters"}, - {.code = -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED), .description="DHM - Reading of the DHM parameters failed"}, - {.code = -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED), .description="DHM - Making of the DHM parameters failed"}, - {.code = -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED), .description="DHM - Reading of the public values failed"}, - {.code = -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED), .description="DHM - Making of the public value failed"}, - {.code = -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED), .description="DHM - Calculation of the DHM secret failed"}, - {.code = -(MBEDTLS_ERR_DHM_INVALID_FORMAT), .description="DHM - The ASN.1 data is not formatted correctly"}, - {.code = -(MBEDTLS_ERR_DHM_ALLOC_FAILED), .description="DHM - Allocation of memory failed"}, - {.code = -(MBEDTLS_ERR_DHM_FILE_IO_ERROR), .description="DHM - Read or write of file failed"}, - {.code = -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED), .description="DHM - DHM hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED), .description="DHM - Setting the modulus and generator failed"}, + case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA): + error_description = "DHM - Bad input parameters"; + break; + case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED): + error_description = "DHM - Reading of the DHM parameters failed"; + break; + case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED): + error_description = "DHM - Making of the DHM parameters failed"; + break; + case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED): + error_description = "DHM - Reading of the public values failed"; + break; + case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED): + error_description = "DHM - Making of the public value failed"; + break; + case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED): + error_description = "DHM - Calculation of the DHM secret failed"; + break; + case -(MBEDTLS_ERR_DHM_INVALID_FORMAT): + error_description = "DHM - The ASN.1 data is not formatted correctly"; + break; + case -(MBEDTLS_ERR_DHM_ALLOC_FAILED): + error_description = "DHM - Allocation of memory failed"; + break; + case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR): + error_description = "DHM - Read or write of file failed"; + break; + case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED): + error_description = "DHM - DHM hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED): + error_description = "DHM - Setting the modulus and generator failed"; + break; #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) - {.code = -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA), .description="ECP - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL), .description="ECP - The buffer is too small to write to"}, - {.code = -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE), .description="ECP - The requested feature is not available, for example, the requested curve is not supported"}, - {.code = -(MBEDTLS_ERR_ECP_VERIFY_FAILED), .description="ECP - The signature is not valid"}, - {.code = -(MBEDTLS_ERR_ECP_ALLOC_FAILED), .description="ECP - Memory allocation failed"}, - {.code = -(MBEDTLS_ERR_ECP_RANDOM_FAILED), .description="ECP - Generation of random value, such as ephemeral key, failed"}, - {.code = -(MBEDTLS_ERR_ECP_INVALID_KEY), .description="ECP - Invalid private or public key"}, - {.code = -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH), .description="ECP - The buffer contains a valid signature followed by more data"}, - {.code = -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED), .description="ECP - The ECP hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_ECP_IN_PROGRESS), .description="ECP - Operation in progress, call again with the same parameters to continue"}, + case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA): + error_description = "ECP - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL): + error_description = "ECP - The buffer is too small to write to"; + break; + case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE): + error_description = "ECP - The requested feature is not available, for example, the requested curve is not supported"; + break; + case -(MBEDTLS_ERR_ECP_VERIFY_FAILED): + error_description = "ECP - The signature is not valid"; + break; + case -(MBEDTLS_ERR_ECP_ALLOC_FAILED): + error_description = "ECP - Memory allocation failed"; + break; + case -(MBEDTLS_ERR_ECP_RANDOM_FAILED): + error_description = "ECP - Generation of random value, such as ephemeral key, failed"; + break; + case -(MBEDTLS_ERR_ECP_INVALID_KEY): + error_description = "ECP - Invalid private or public key"; + break; + case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH): + error_description = "ECP - The buffer contains a valid signature followed by more data"; + break; + case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED): + error_description = "ECP - The ECP hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_ECP_IN_PROGRESS): + error_description = "ECP - Operation in progress, call again with the same parameters to continue"; + break; #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) - {.code = -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE), .description="MD - The selected feature is not available"}, - {.code = -(MBEDTLS_ERR_MD_BAD_INPUT_DATA), .description="MD - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_MD_ALLOC_FAILED), .description="MD - Failed to allocate memory"}, - {.code = -(MBEDTLS_ERR_MD_FILE_IO_ERROR), .description="MD - Opening or reading of file failed"}, - {.code = -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED), .description="MD - MD hardware accelerator failed"}, + case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE): + error_description = "MD - The selected feature is not available"; + break; + case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA): + error_description = "MD - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_MD_ALLOC_FAILED): + error_description = "MD - Failed to allocate memory"; + break; + case -(MBEDTLS_ERR_MD_FILE_IO_ERROR): + error_description = "MD - Opening or reading of file failed"; + break; + case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED): + error_description = "MD - MD hardware accelerator failed"; + break; #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) - {.code = -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT), .description="PEM - No PEM header or footer found"}, - {.code = -(MBEDTLS_ERR_PEM_INVALID_DATA), .description="PEM - PEM string is not as expected"}, - {.code = -(MBEDTLS_ERR_PEM_ALLOC_FAILED), .description="PEM - Failed to allocate memory"}, - {.code = -(MBEDTLS_ERR_PEM_INVALID_ENC_IV), .description="PEM - RSA IV is not in hex-format"}, - {.code = -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG), .description="PEM - Unsupported key encryption algorithm"}, - {.code = -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED), .description="PEM - Private key password can't be empty"}, - {.code = -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH), .description="PEM - Given private key password does not allow for correct decryption"}, - {.code = -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE), .description="PEM - Unavailable feature, e.g. hashing/encryption combination"}, - {.code = -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA), .description="PEM - Bad input parameters to function"}, + case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT): + error_description = "PEM - No PEM header or footer found"; + break; + case -(MBEDTLS_ERR_PEM_INVALID_DATA): + error_description = "PEM - PEM string is not as expected"; + break; + case -(MBEDTLS_ERR_PEM_ALLOC_FAILED): + error_description = "PEM - Failed to allocate memory"; + break; + case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV): + error_description = "PEM - RSA IV is not in hex-format"; + break; + case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG): + error_description = "PEM - Unsupported key encryption algorithm"; + break; + case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED): + error_description = "PEM - Private key password can't be empty"; + break; + case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH): + error_description = "PEM - Given private key password does not allow for correct decryption"; + break; + case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE): + error_description = "PEM - Unavailable feature, e.g. hashing/encryption combination"; + break; + case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA): + error_description = "PEM - Bad input parameters to function"; + break; #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ #if defined(MBEDTLS_PK_C) - {.code = -(MBEDTLS_ERR_PK_ALLOC_FAILED), .description="PK - Memory allocation failed"}, - {.code = -(MBEDTLS_ERR_PK_TYPE_MISMATCH), .description="PK - Type mismatch, eg attempt to encrypt with an ECDSA key"}, - {.code = -(MBEDTLS_ERR_PK_BAD_INPUT_DATA), .description="PK - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_PK_FILE_IO_ERROR), .description="PK - Read/write of file failed"}, - {.code = -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION), .description="PK - Unsupported key version"}, - {.code = -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT), .description="PK - Invalid key tag or value"}, - {.code = -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG), .description="PK - Key algorithm is unsupported (only RSA and EC are supported)"}, - {.code = -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED), .description="PK - Private key password can't be empty"}, - {.code = -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH), .description="PK - Given private key password does not allow for correct decryption"}, - {.code = -(MBEDTLS_ERR_PK_INVALID_PUBKEY), .description="PK - The pubkey tag or value is invalid (only RSA and EC are supported)"}, - {.code = -(MBEDTLS_ERR_PK_INVALID_ALG), .description="PK - The algorithm tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE), .description="PK - Elliptic curve is unsupported (only NIST curves are supported)"}, - {.code = -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE), .description="PK - Unavailable feature, e.g. RSA disabled for RSA key"}, - {.code = -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH), .description="PK - The buffer contains a valid signature followed by more data"}, - {.code = -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED), .description="PK - PK hardware accelerator failed"}, + case -(MBEDTLS_ERR_PK_ALLOC_FAILED): + error_description = "PK - Memory allocation failed"; + break; + case -(MBEDTLS_ERR_PK_TYPE_MISMATCH): + error_description = "PK - Type mismatch, eg attempt to encrypt with an ECDSA key"; + break; + case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA): + error_description = "PK - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_PK_FILE_IO_ERROR): + error_description = "PK - Read/write of file failed"; + break; + case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION): + error_description = "PK - Unsupported key version"; + break; + case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT): + error_description = "PK - Invalid key tag or value"; + break; + case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG): + error_description = "PK - Key algorithm is unsupported (only RSA and EC are supported)"; + break; + case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED): + error_description = "PK - Private key password can't be empty"; + break; + case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH): + error_description = "PK - Given private key password does not allow for correct decryption"; + break; + case -(MBEDTLS_ERR_PK_INVALID_PUBKEY): + error_description = "PK - The pubkey tag or value is invalid (only RSA and EC are supported)"; + break; + case -(MBEDTLS_ERR_PK_INVALID_ALG): + error_description = "PK - The algorithm tag or value is invalid"; + break; + case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE): + error_description = "PK - Elliptic curve is unsupported (only NIST curves are supported)"; + break; + case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE): + error_description = "PK - Unavailable feature, e.g. RSA disabled for RSA key"; + break; + case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH): + error_description = "PK - The buffer contains a valid signature followed by more data"; + break; + case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED): + error_description = "PK - PK hardware accelerator failed"; + break; #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) - {.code = -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA), .description="PKCS12 - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE), .description="PKCS12 - Feature not available, e.g. unsupported encryption scheme"}, - {.code = -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT), .description="PKCS12 - PBE ASN.1 data not as expected"}, - {.code = -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH), .description="PKCS12 - Given private key password does not allow for correct decryption"}, + case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA): + error_description = "PKCS12 - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE): + error_description = "PKCS12 - Feature not available, e.g. unsupported encryption scheme"; + break; + case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT): + error_description = "PKCS12 - PBE ASN.1 data not as expected"; + break; + case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH): + error_description = "PKCS12 - Given private key password does not allow for correct decryption"; + break; #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) - {.code = -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA), .description="PKCS5 - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT), .description="PKCS5 - Unexpected ASN.1 data"}, - {.code = -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE), .description="PKCS5 - Requested encryption or digest alg not available"}, - {.code = -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH), .description="PKCS5 - Given private key password does not allow for correct decryption"}, + case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA): + error_description = "PKCS5 - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT): + error_description = "PKCS5 - Unexpected ASN.1 data"; + break; + case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE): + error_description = "PKCS5 - Requested encryption or digest alg not available"; + break; + case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH): + error_description = "PKCS5 - Given private key password does not allow for correct decryption"; + break; #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_RSA_C) - {.code = -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA), .description="RSA - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_RSA_INVALID_PADDING), .description="RSA - Input data contains invalid padding and is rejected"}, - {.code = -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED), .description="RSA - Something failed during generation of a key"}, - {.code = -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED), .description="RSA - Key failed to pass the validity check of the library"}, - {.code = -(MBEDTLS_ERR_RSA_PUBLIC_FAILED), .description="RSA - The public key operation failed"}, - {.code = -(MBEDTLS_ERR_RSA_PRIVATE_FAILED), .description="RSA - The private key operation failed"}, - {.code = -(MBEDTLS_ERR_RSA_VERIFY_FAILED), .description="RSA - The PKCS#1 verification failed"}, - {.code = -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE), .description="RSA - The output buffer for decryption is not large enough"}, - {.code = -(MBEDTLS_ERR_RSA_RNG_FAILED), .description="RSA - The random generator failed to generate non-zeros"}, - {.code = -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION), .description="RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality"}, - {.code = -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED), .description="RSA - RSA hardware accelerator failed"}, + case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA): + error_description = "RSA - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_RSA_INVALID_PADDING): + error_description = "RSA - Input data contains invalid padding and is rejected"; + break; + case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED): + error_description = "RSA - Something failed during generation of a key"; + break; + case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED): + error_description = "RSA - Key failed to pass the validity check of the library"; + break; + case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED): + error_description = "RSA - The public key operation failed"; + break; + case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED): + error_description = "RSA - The private key operation failed"; + break; + case -(MBEDTLS_ERR_RSA_VERIFY_FAILED): + error_description = "RSA - The PKCS#1 verification failed"; + break; + case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE): + error_description = "RSA - The output buffer for decryption is not large enough"; + break; + case -(MBEDTLS_ERR_RSA_RNG_FAILED): + error_description = "RSA - The random generator failed to generate non-zeros"; + break; + case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION): + error_description = "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality"; + break; + case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED): + error_description = "RSA - RSA hardware accelerator failed"; + break; #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) - {.code = -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE), .description="SSL - The requested feature is not available"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA), .description="SSL - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_SSL_INVALID_MAC), .description="SSL - Verification of the message MAC failed"}, - {.code = -(MBEDTLS_ERR_SSL_INVALID_RECORD), .description="SSL - An invalid SSL record was received"}, - {.code = -(MBEDTLS_ERR_SSL_CONN_EOF), .description="SSL - The connection indicated an EOF"}, - {.code = -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER), .description="SSL - An unknown cipher was received"}, - {.code = -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN), .description="SSL - The server has no ciphersuites in common with the client"}, - {.code = -(MBEDTLS_ERR_SSL_NO_RNG), .description="SSL - No RNG was provided to the SSL module"}, - {.code = -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE), .description="SSL - No client certification received from the client, but required by the authentication mode"}, - {.code = -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE), .description="SSL - Our own certificate(s) is/are too large to send in an SSL message"}, - {.code = -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED), .description="SSL - The own certificate is not set, but needed by the server"}, - {.code = -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED), .description="SSL - The own private key or pre-shared key is not set, but needed"}, - {.code = -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED), .description="SSL - No CA Chain is set, but required to operate"}, - {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE), .description="SSL - An unexpected message was received from our peer"}, - {.code = -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE), .description="SSL - A fatal alert message was received from our peer"}, - {.code = -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED), .description="SSL - Verification of our peer failed"}, - {.code = -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY), .description="SSL - The peer notified us that the connection is going to be closed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO), .description="SSL - Processing of the ClientHello handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO), .description="SSL - Processing of the ServerHello handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE), .description="SSL - Processing of the Certificate handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST), .description="SSL - Processing of the CertificateRequest handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE), .description="SSL - Processing of the ServerKeyExchange handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE), .description="SSL - Processing of the ServerHelloDone handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE), .description="SSL - Processing of the ClientKeyExchange handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP), .description="SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS), .description="SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY), .description="SSL - Processing of the CertificateVerify handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC), .description="SSL - Processing of the ChangeCipherSpec handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED), .description="SSL - Processing of the Finished handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_ALLOC_FAILED), .description="SSL - Memory allocation failed"}, - {.code = -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED), .description="SSL - Hardware acceleration function returned with error"}, - {.code = -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH), .description="SSL - Hardware acceleration function skipped / left alone data"}, - {.code = -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED), .description="SSL - Processing of the compression / decompression failed"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION), .description="SSL - Handshake protocol not within min/max boundaries"}, - {.code = -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET), .description="SSL - Processing of the NewSessionTicket handshake message failed"}, - {.code = -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED), .description="SSL - Session ticket has expired"}, - {.code = -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH), .description="SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)"}, - {.code = -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY), .description="SSL - Unknown identity received (eg, PSK identity)"}, - {.code = -(MBEDTLS_ERR_SSL_INTERNAL_ERROR), .description="SSL - Internal error (eg, unexpected failure in lower-level module)"}, - {.code = -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING), .description="SSL - A counter would wrap (eg, too many messages exchanged)"}, - {.code = -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO), .description="SSL - Unexpected message at ServerHello in renegotiation"}, - {.code = -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED), .description="SSL - DTLS client must retry for hello verification"}, - {.code = -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL), .description="SSL - A buffer is too small to receive or write a message"}, - {.code = -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE), .description="SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)"}, - {.code = -(MBEDTLS_ERR_SSL_WANT_READ), .description="SSL - No data of requested type currently available on underlying transport"}, - {.code = -(MBEDTLS_ERR_SSL_WANT_WRITE), .description="SSL - Connection requires a write call"}, - {.code = -(MBEDTLS_ERR_SSL_TIMEOUT), .description="SSL - The operation timed out"}, - {.code = -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT), .description="SSL - The client initiated a reconnect from the same port"}, - {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD), .description="SSL - Record header looks valid but is not expected"}, - {.code = -(MBEDTLS_ERR_SSL_NON_FATAL), .description="SSL - The alert message received indicates a non-fatal error"}, - {.code = -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH), .description="SSL - Couldn't set the hash for verifying CertificateVerify"}, - {.code = -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING), .description="SSL - Internal-only message signaling that further message-processing should be done"}, - {.code = -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS), .description="SSL - The asynchronous operation is not completed yet"}, - {.code = -(MBEDTLS_ERR_SSL_EARLY_MESSAGE), .description="SSL - Internal-only message signaling that a message arrived early"}, - {.code = -(MBEDTLS_ERR_SSL_UNEXPECTED_CID), .description="SSL - An encrypted DTLS-frame with an unexpected CID was received"}, - {.code = -(MBEDTLS_ERR_SSL_VERSION_MISMATCH), .description="SSL - An operation failed due to an unexpected version or configuration"}, - {.code = -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS), .description="SSL - A cryptographic operation is in progress. Try again later"}, + case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE): + error_description = "SSL - The requested feature is not available"; + break; + case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA): + error_description = "SSL - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_SSL_INVALID_MAC): + error_description = "SSL - Verification of the message MAC failed"; + break; + case -(MBEDTLS_ERR_SSL_INVALID_RECORD): + error_description = "SSL - An invalid SSL record was received"; + break; + case -(MBEDTLS_ERR_SSL_CONN_EOF): + error_description = "SSL - The connection indicated an EOF"; + break; + case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER): + error_description = "SSL - An unknown cipher was received"; + break; + case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN): + error_description = "SSL - The server has no ciphersuites in common with the client"; + break; + case -(MBEDTLS_ERR_SSL_NO_RNG): + error_description = "SSL - No RNG was provided to the SSL module"; + break; + case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): + error_description = "SSL - No client certification received from the client, but required by the authentication mode"; + break; + case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE): + error_description = "SSL - Our own certificate(s) is/are too large to send in an SSL message"; + break; + case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): + error_description = "SSL - The own certificate is not set, but needed by the server"; + break; + case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): + error_description = "SSL - The own private key or pre-shared key is not set, but needed"; + break; + case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): + error_description = "SSL - No CA Chain is set, but required to operate"; + break; + case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE): + error_description = "SSL - An unexpected message was received from our peer"; + break; + case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): + error_description = "SSL - A fatal alert message was received from our peer"; + break; + case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED): + error_description = "SSL - Verification of our peer failed"; + break; + case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): + error_description = "SSL - The peer notified us that the connection is going to be closed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO): + error_description = "SSL - Processing of the ClientHello handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO): + error_description = "SSL - Processing of the ServerHello handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE): + error_description = "SSL - Processing of the Certificate handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST): + error_description = "SSL - Processing of the CertificateRequest handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE): + error_description = "SSL - Processing of the ServerKeyExchange handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE): + error_description = "SSL - Processing of the ServerHelloDone handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE): + error_description = "SSL - Processing of the ClientKeyExchange handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP): + error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS): + error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY): + error_description = "SSL - Processing of the CertificateVerify handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC): + error_description = "SSL - Processing of the ChangeCipherSpec handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED): + error_description = "SSL - Processing of the Finished handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_ALLOC_FAILED): + error_description = "SSL - Memory allocation failed"; + break; + case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED): + error_description = "SSL - Hardware acceleration function returned with error"; + break; + case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH): + error_description = "SSL - Hardware acceleration function skipped / left alone data"; + break; + case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED): + error_description = "SSL - Processing of the compression / decompression failed"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION): + error_description = "SSL - Handshake protocol not within min/max boundaries"; + break; + case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET): + error_description = "SSL - Processing of the NewSessionTicket handshake message failed"; + break; + case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED): + error_description = "SSL - Session ticket has expired"; + break; + case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH): + error_description = "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)"; + break; + case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY): + error_description = "SSL - Unknown identity received (eg, PSK identity)"; + break; + case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR): + error_description = "SSL - Internal error (eg, unexpected failure in lower-level module)"; + break; + case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING): + error_description = "SSL - A counter would wrap (eg, too many messages exchanged)"; + break; + case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO): + error_description = "SSL - Unexpected message at ServerHello in renegotiation"; + break; + case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED): + error_description = "SSL - DTLS client must retry for hello verification"; + break; + case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL): + error_description = "SSL - A buffer is too small to receive or write a message"; + break; + case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE): + error_description = "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)"; + break; + case -(MBEDTLS_ERR_SSL_WANT_READ): + error_description = "SSL - No data of requested type currently available on underlying transport"; + break; + case -(MBEDTLS_ERR_SSL_WANT_WRITE): + error_description = "SSL - Connection requires a write call"; + break; + case -(MBEDTLS_ERR_SSL_TIMEOUT): + error_description = "SSL - The operation timed out"; + break; + case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT): + error_description = "SSL - The client initiated a reconnect from the same port"; + break; + case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD): + error_description = "SSL - Record header looks valid but is not expected"; + break; + case -(MBEDTLS_ERR_SSL_NON_FATAL): + error_description = "SSL - The alert message received indicates a non-fatal error"; + break; + case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH): + error_description = "SSL - Couldn't set the hash for verifying CertificateVerify"; + break; + case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): + error_description = "SSL - Internal-only message signaling that further message-processing should be done"; + break; + case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): + error_description = "SSL - The asynchronous operation is not completed yet"; + break; + case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE): + error_description = "SSL - Internal-only message signaling that a message arrived early"; + break; + case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID): + error_description = "SSL - An encrypted DTLS-frame with an unexpected CID was received"; + break; + case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH): + error_description = "SSL - An operation failed due to an unexpected version or configuration"; + break; + case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): + error_description = "SSL - A cryptographic operation is in progress. Try again later"; + break; #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) - {.code = -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE), .description="X509 - Unavailable feature, e.g. RSA hashing/encryption combination"}, - {.code = -(MBEDTLS_ERR_X509_UNKNOWN_OID), .description="X509 - Requested OID is unknown"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_FORMAT), .description="X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_VERSION), .description="X509 - The CRT/CRL/CSR version element is invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_SERIAL), .description="X509 - The serial tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_ALG), .description="X509 - The algorithm tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_NAME), .description="X509 - The name tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_DATE), .description="X509 - The date tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_SIGNATURE), .description="X509 - The signature tag or value invalid"}, - {.code = -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS), .description="X509 - The extension tag or value is invalid"}, - {.code = -(MBEDTLS_ERR_X509_UNKNOWN_VERSION), .description="X509 - CRT/CRL/CSR has an unsupported version number"}, - {.code = -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG), .description="X509 - Signature algorithm (oid) is unsupported"}, - {.code = -(MBEDTLS_ERR_X509_SIG_MISMATCH), .description="X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)"}, - {.code = -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED), .description="X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"}, - {.code = -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT), .description="X509 - Format not recognized as DER or PEM"}, - {.code = -(MBEDTLS_ERR_X509_BAD_INPUT_DATA), .description="X509 - Input invalid"}, - {.code = -(MBEDTLS_ERR_X509_ALLOC_FAILED), .description="X509 - Allocation of memory failed"}, - {.code = -(MBEDTLS_ERR_X509_FILE_IO_ERROR), .description="X509 - Read/write of file failed"}, - {.code = -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL), .description="X509 - Destination buffer is too small"}, - {.code = -(MBEDTLS_ERR_X509_FATAL_ERROR), .description="X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"}, + case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE): + error_description = "X509 - Unavailable feature, e.g. RSA hashing/encryption combination"; + break; + case -(MBEDTLS_ERR_X509_UNKNOWN_OID): + error_description = "X509 - Requested OID is unknown"; + break; + case -(MBEDTLS_ERR_X509_INVALID_FORMAT): + error_description = "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected"; + break; + case -(MBEDTLS_ERR_X509_INVALID_VERSION): + error_description = "X509 - The CRT/CRL/CSR version element is invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_SERIAL): + error_description = "X509 - The serial tag or value is invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_ALG): + error_description = "X509 - The algorithm tag or value is invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_NAME): + error_description = "X509 - The name tag or value is invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_DATE): + error_description = "X509 - The date tag or value is invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE): + error_description = "X509 - The signature tag or value invalid"; + break; + case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS): + error_description = "X509 - The extension tag or value is invalid"; + break; + case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION): + error_description = "X509 - CRT/CRL/CSR has an unsupported version number"; + break; + case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG): + error_description = "X509 - Signature algorithm (oid) is unsupported"; + break; + case -(MBEDTLS_ERR_X509_SIG_MISMATCH): + error_description = "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)"; + break; + case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED): + error_description = "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"; + break; + case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT): + error_description = "X509 - Format not recognized as DER or PEM"; + break; + case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA): + error_description = "X509 - Input invalid"; + break; + case -(MBEDTLS_ERR_X509_ALLOC_FAILED): + error_description = "X509 - Allocation of memory failed"; + break; + case -(MBEDTLS_ERR_X509_FILE_IO_ERROR): + error_description = "X509 - Read/write of file failed"; + break; + case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL): + error_description = "X509 - Destination buffer is too small"; + break; + case -(MBEDTLS_ERR_X509_FATAL_ERROR): + error_description = "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"; + break; #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ -}; -#define NUM_HIGH_LEVEL_ERRORS ( sizeof(high_level_errors)/sizeof(mbedtls_error_t) ) + default: + break; + } + + return error_description; +} -static mbedtls_error_t low_level_errors[] = +const char * mbedtls_low_level_strerr( int error_code ) { + const char *error_description = NULL; + + switch( error_code ) + { #if defined(MBEDTLS_AES_C) - {.code = -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH), .description="AES - Invalid key length"}, - {.code = -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH), .description="AES - Invalid data input length"}, - {.code = -(MBEDTLS_ERR_AES_BAD_INPUT_DATA), .description="AES - Invalid input data"}, - {.code = -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE), .description="AES - Feature not available. For example, an unsupported AES key size"}, - {.code = -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED), .description="AES - AES hardware accelerator failed"}, + case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): + error_description = "AES - Invalid key length"; + break; + case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): + error_description = "AES - Invalid data input length"; + break; + case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA): + error_description = "AES - Invalid input data"; + break; + case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE): + error_description = "AES - Feature not available. For example, an unsupported AES key size"; + break; + case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED): + error_description = "AES - AES hardware accelerator failed"; + break; #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ARC4_C) - {.code = -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED), .description="ARC4 - ARC4 hardware accelerator failed"}, + case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED): + error_description = "ARC4 - ARC4 hardware accelerator failed"; + break; #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) - {.code = -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA), .description="ARIA - Bad input data"}, - {.code = -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH), .description="ARIA - Invalid data input length"}, - {.code = -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE), .description="ARIA - Feature not available. For example, an unsupported ARIA key size"}, - {.code = -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED), .description="ARIA - ARIA hardware accelerator failed"}, + case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA): + error_description = "ARIA - Bad input data"; + break; + case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH): + error_description = "ARIA - Invalid data input length"; + break; + case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE): + error_description = "ARIA - Feature not available. For example, an unsupported ARIA key size"; + break; + case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED): + error_description = "ARIA - ARIA hardware accelerator failed"; + break; #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) - {.code = -(MBEDTLS_ERR_ASN1_OUT_OF_DATA), .description="ASN1 - Out of data when parsing an ASN1 data structure"}, - {.code = -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG), .description="ASN1 - ASN1 tag was of an unexpected value"}, - {.code = -(MBEDTLS_ERR_ASN1_INVALID_LENGTH), .description="ASN1 - Error when trying to determine the length or invalid length"}, - {.code = -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH), .description="ASN1 - Actual length differs from expected length"}, - {.code = -(MBEDTLS_ERR_ASN1_INVALID_DATA), .description="ASN1 - Data is invalid"}, - {.code = -(MBEDTLS_ERR_ASN1_ALLOC_FAILED), .description="ASN1 - Memory allocation failed"}, - {.code = -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL), .description="ASN1 - Buffer too small when writing ASN.1 data structure"}, + case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA): + error_description = "ASN1 - Out of data when parsing an ASN1 data structure"; + break; + case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG): + error_description = "ASN1 - ASN1 tag was of an unexpected value"; + break; + case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH): + error_description = "ASN1 - Error when trying to determine the length or invalid length"; + break; + case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH): + error_description = "ASN1 - Actual length differs from expected length"; + break; + case -(MBEDTLS_ERR_ASN1_INVALID_DATA): + error_description = "ASN1 - Data is invalid"; + break; + case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED): + error_description = "ASN1 - Memory allocation failed"; + break; + case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL): + error_description = "ASN1 - Buffer too small when writing ASN.1 data structure"; + break; #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_BASE64_C) - {.code = -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL), .description="BASE64 - Output buffer too small"}, - {.code = -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER), .description="BASE64 - Invalid character in input"}, + case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL): + error_description = "BASE64 - Output buffer too small"; + break; + case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER): + error_description = "BASE64 - Invalid character in input"; + break; #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_BIGNUM_C) - {.code = -(MBEDTLS_ERR_MPI_FILE_IO_ERROR), .description="BIGNUM - An error occurred while reading from or writing to a file"}, - {.code = -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA), .description="BIGNUM - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_MPI_INVALID_CHARACTER), .description="BIGNUM - There is an invalid character in the digit string"}, - {.code = -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL), .description="BIGNUM - The buffer is too small to write to"}, - {.code = -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE), .description="BIGNUM - The input arguments are negative or result in illegal output"}, - {.code = -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO), .description="BIGNUM - The input argument for division is zero, which is not allowed"}, - {.code = -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE), .description="BIGNUM - The input arguments are not acceptable"}, - {.code = -(MBEDTLS_ERR_MPI_ALLOC_FAILED), .description="BIGNUM - Memory allocation failed"}, + case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR): + error_description = "BIGNUM - An error occurred while reading from or writing to a file"; + break; + case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA): + error_description = "BIGNUM - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER): + error_description = "BIGNUM - There is an invalid character in the digit string"; + break; + case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL): + error_description = "BIGNUM - The buffer is too small to write to"; + break; + case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE): + error_description = "BIGNUM - The input arguments are negative or result in illegal output"; + break; + case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO): + error_description = "BIGNUM - The input argument for division is zero, which is not allowed"; + break; + case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE): + error_description = "BIGNUM - The input arguments are not acceptable"; + break; + case -(MBEDTLS_ERR_MPI_ALLOC_FAILED): + error_description = "BIGNUM - Memory allocation failed"; + break; #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) - {.code = -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA), .description="BLOWFISH - Bad input data"}, - {.code = -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH), .description="BLOWFISH - Invalid data input length"}, - {.code = -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED), .description="BLOWFISH - Blowfish hardware accelerator failed"}, + case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA): + error_description = "BLOWFISH - Bad input data"; + break; + case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH): + error_description = "BLOWFISH - Invalid data input length"; + break; + case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED): + error_description = "BLOWFISH - Blowfish hardware accelerator failed"; + break; #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) - {.code = -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA), .description="CAMELLIA - Bad input data"}, - {.code = -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH), .description="CAMELLIA - Invalid data input length"}, - {.code = -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED), .description="CAMELLIA - Camellia hardware accelerator failed"}, + case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA): + error_description = "CAMELLIA - Bad input data"; + break; + case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH): + error_description = "CAMELLIA - Invalid data input length"; + break; + case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED): + error_description = "CAMELLIA - Camellia hardware accelerator failed"; + break; #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) - {.code = -(MBEDTLS_ERR_CCM_BAD_INPUT), .description="CCM - Bad input parameters to the function"}, - {.code = -(MBEDTLS_ERR_CCM_AUTH_FAILED), .description="CCM - Authenticated decryption failed"}, - {.code = -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED), .description="CCM - CCM hardware accelerator failed"}, + case -(MBEDTLS_ERR_CCM_BAD_INPUT): + error_description = "CCM - Bad input parameters to the function"; + break; + case -(MBEDTLS_ERR_CCM_AUTH_FAILED): + error_description = "CCM - Authenticated decryption failed"; + break; + case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED): + error_description = "CCM - CCM hardware accelerator failed"; + break; #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHA20_C) - {.code = -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA), .description="CHACHA20 - Invalid input parameter(s)"}, - {.code = -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE), .description="CHACHA20 - Feature not available. For example, s part of the API is not implemented"}, - {.code = -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED), .description="CHACHA20 - Chacha20 hardware accelerator failed"}, + case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA): + error_description = "CHACHA20 - Invalid input parameter(s)"; + break; + case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE): + error_description = "CHACHA20 - Feature not available. For example, s part of the API is not implemented"; + break; + case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED): + error_description = "CHACHA20 - Chacha20 hardware accelerator failed"; + break; #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - {.code = -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE), .description="CHACHAPOLY - The requested operation is not permitted in the current state"}, - {.code = -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED), .description="CHACHAPOLY - Authenticated decryption failed: data was not authentic"}, + case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE): + error_description = "CHACHAPOLY - The requested operation is not permitted in the current state"; + break; + case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED): + error_description = "CHACHAPOLY - Authenticated decryption failed: data was not authentic"; + break; #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) - {.code = -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED), .description="CMAC - CMAC hardware accelerator failed"}, + case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED): + error_description = "CMAC - CMAC hardware accelerator failed"; + break; #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) - {.code = -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED), .description="CTR_DRBG - The entropy source failed"}, - {.code = -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG), .description="CTR_DRBG - The requested random buffer length is too big"}, - {.code = -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG), .description="CTR_DRBG - The input (entropy + additional data) is too large"}, - {.code = -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR), .description="CTR_DRBG - Read or write error in file"}, + case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED): + error_description = "CTR_DRBG - The entropy source failed"; + break; + case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG): + error_description = "CTR_DRBG - The requested random buffer length is too big"; + break; + case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG): + error_description = "CTR_DRBG - The input (entropy + additional data) is too large"; + break; + case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR): + error_description = "CTR_DRBG - Read or write error in file"; + break; #endif /* MBEDTLS_CTR_DRBG_C */ #if defined(MBEDTLS_DES_C) - {.code = -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH), .description="DES - The data input has an invalid length"}, - {.code = -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED), .description="DES - DES hardware accelerator failed"}, + case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH): + error_description = "DES - The data input has an invalid length"; + break; + case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED): + error_description = "DES - DES hardware accelerator failed"; + break; #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) - {.code = -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED), .description="ENTROPY - Critical entropy source failure"}, - {.code = -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES), .description="ENTROPY - No more sources can be added"}, - {.code = -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED), .description="ENTROPY - No sources have been added to poll"}, - {.code = -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE), .description="ENTROPY - No strong sources have been added to poll"}, - {.code = -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR), .description="ENTROPY - Read/write error in file"}, + case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED): + error_description = "ENTROPY - Critical entropy source failure"; + break; + case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES): + error_description = "ENTROPY - No more sources can be added"; + break; + case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED): + error_description = "ENTROPY - No sources have been added to poll"; + break; + case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE): + error_description = "ENTROPY - No strong sources have been added to poll"; + break; + case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR): + error_description = "ENTROPY - Read/write error in file"; + break; #endif /* MBEDTLS_ENTROPY_C */ #if defined(MBEDTLS_ERROR_C) - {.code = -(MBEDTLS_ERR_ERROR_GENERIC_ERROR), .description="ERROR - Generic error"}, - {.code = -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED), .description="ERROR - This is a bug in the library"}, + case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): + error_description = "ERROR - Generic error"; + break; + case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): + error_description = "ERROR - This is a bug in the library"; + break; #endif /* MBEDTLS_ERROR_C */ #if defined(MBEDTLS_GCM_C) - {.code = -(MBEDTLS_ERR_GCM_AUTH_FAILED), .description="GCM - Authenticated decryption failed"}, - {.code = -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED), .description="GCM - GCM hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_GCM_BAD_INPUT), .description="GCM - Bad input parameters to function"}, + case -(MBEDTLS_ERR_GCM_AUTH_FAILED): + error_description = "GCM - Authenticated decryption failed"; + break; + case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED): + error_description = "GCM - GCM hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_GCM_BAD_INPUT): + error_description = "GCM - Bad input parameters to function"; + break; #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_HKDF_C) - {.code = -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA), .description="HKDF - Bad input parameters to function"}, + case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA): + error_description = "HKDF - Bad input parameters to function"; + break; #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_HMAC_DRBG_C) - {.code = -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG), .description="HMAC_DRBG - Too many random requested in single call"}, - {.code = -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG), .description="HMAC_DRBG - Input too large (Entropy + additional)"}, - {.code = -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR), .description="HMAC_DRBG - Read/write error in file"}, - {.code = -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED), .description="HMAC_DRBG - The entropy source failed"}, + case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG): + error_description = "HMAC_DRBG - Too many random requested in single call"; + break; + case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG): + error_description = "HMAC_DRBG - Input too large (Entropy + additional)"; + break; + case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR): + error_description = "HMAC_DRBG - Read/write error in file"; + break; + case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED): + error_description = "HMAC_DRBG - The entropy source failed"; + break; #endif /* MBEDTLS_HMAC_DRBG_C */ #if defined(MBEDTLS_MD2_C) - {.code = -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED), .description="MD2 - MD2 hardware accelerator failed"}, + case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED): + error_description = "MD2 - MD2 hardware accelerator failed"; + break; #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) - {.code = -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED), .description="MD4 - MD4 hardware accelerator failed"}, + case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED): + error_description = "MD4 - MD4 hardware accelerator failed"; + break; #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) - {.code = -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED), .description="MD5 - MD5 hardware accelerator failed"}, + case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED): + error_description = "MD5 - MD5 hardware accelerator failed"; + break; #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_NET_C) - {.code = -(MBEDTLS_ERR_NET_SOCKET_FAILED), .description="NET - Failed to open a socket"}, - {.code = -(MBEDTLS_ERR_NET_CONNECT_FAILED), .description="NET - The connection to the given server / port failed"}, - {.code = -(MBEDTLS_ERR_NET_BIND_FAILED), .description="NET - Binding of the socket failed"}, - {.code = -(MBEDTLS_ERR_NET_LISTEN_FAILED), .description="NET - Could not listen on the socket"}, - {.code = -(MBEDTLS_ERR_NET_ACCEPT_FAILED), .description="NET - Could not accept the incoming connection"}, - {.code = -(MBEDTLS_ERR_NET_RECV_FAILED), .description="NET - Reading information from the socket failed"}, - {.code = -(MBEDTLS_ERR_NET_SEND_FAILED), .description="NET - Sending information through the socket failed"}, - {.code = -(MBEDTLS_ERR_NET_CONN_RESET), .description="NET - Connection was reset by peer"}, - {.code = -(MBEDTLS_ERR_NET_UNKNOWN_HOST), .description="NET - Failed to get an IP address for the given hostname"}, - {.code = -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL), .description="NET - Buffer is too small to hold the data"}, - {.code = -(MBEDTLS_ERR_NET_INVALID_CONTEXT), .description="NET - The context is invalid, eg because it was free()ed"}, - {.code = -(MBEDTLS_ERR_NET_POLL_FAILED), .description="NET - Polling the net context failed"}, - {.code = -(MBEDTLS_ERR_NET_BAD_INPUT_DATA), .description="NET - Input invalid"}, + case -(MBEDTLS_ERR_NET_SOCKET_FAILED): + error_description = "NET - Failed to open a socket"; + break; + case -(MBEDTLS_ERR_NET_CONNECT_FAILED): + error_description = "NET - The connection to the given server / port failed"; + break; + case -(MBEDTLS_ERR_NET_BIND_FAILED): + error_description = "NET - Binding of the socket failed"; + break; + case -(MBEDTLS_ERR_NET_LISTEN_FAILED): + error_description = "NET - Could not listen on the socket"; + break; + case -(MBEDTLS_ERR_NET_ACCEPT_FAILED): + error_description = "NET - Could not accept the incoming connection"; + break; + case -(MBEDTLS_ERR_NET_RECV_FAILED): + error_description = "NET - Reading information from the socket failed"; + break; + case -(MBEDTLS_ERR_NET_SEND_FAILED): + error_description = "NET - Sending information through the socket failed"; + break; + case -(MBEDTLS_ERR_NET_CONN_RESET): + error_description = "NET - Connection was reset by peer"; + break; + case -(MBEDTLS_ERR_NET_UNKNOWN_HOST): + error_description = "NET - Failed to get an IP address for the given hostname"; + break; + case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL): + error_description = "NET - Buffer is too small to hold the data"; + break; + case -(MBEDTLS_ERR_NET_INVALID_CONTEXT): + error_description = "NET - The context is invalid, eg because it was free()ed"; + break; + case -(MBEDTLS_ERR_NET_POLL_FAILED): + error_description = "NET - Polling the net context failed"; + break; + case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA): + error_description = "NET - Input invalid"; + break; #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) - {.code = -(MBEDTLS_ERR_OID_NOT_FOUND), .description="OID - OID is not found"}, - {.code = -(MBEDTLS_ERR_OID_BUF_TOO_SMALL), .description="OID - output buffer is too small"}, + case -(MBEDTLS_ERR_OID_NOT_FOUND): + error_description = "OID - OID is not found"; + break; + case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL): + error_description = "OID - output buffer is too small"; + break; #endif /* MBEDTLS_OID_C */ #if defined(MBEDTLS_PADLOCK_C) - {.code = -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED), .description="PADLOCK - Input data should be aligned"}, + case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED): + error_description = "PADLOCK - Input data should be aligned"; + break; #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) - {.code = -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED), .description="PLATFORM - Hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED), .description="PLATFORM - The requested feature is not supported by the platform"}, + case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED): + error_description = "PLATFORM - Hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED): + error_description = "PLATFORM - The requested feature is not supported by the platform"; + break; #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) - {.code = -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA), .description="POLY1305 - Invalid input parameter(s)"}, - {.code = -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE), .description="POLY1305 - Feature not available. For example, s part of the API is not implemented"}, - {.code = -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED), .description="POLY1305 - Poly1305 hardware accelerator failed"}, + case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA): + error_description = "POLY1305 - Invalid input parameter(s)"; + break; + case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE): + error_description = "POLY1305 - Feature not available. For example, s part of the API is not implemented"; + break; + case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED): + error_description = "POLY1305 - Poly1305 hardware accelerator failed"; + break; #endif /* MBEDTLS_POLY1305_C */ #if defined(MBEDTLS_RIPEMD160_C) - {.code = -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED), .description="RIPEMD160 - RIPEMD160 hardware accelerator failed"}, + case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED): + error_description = "RIPEMD160 - RIPEMD160 hardware accelerator failed"; + break; #endif /* MBEDTLS_RIPEMD160_C */ #if defined(MBEDTLS_SHA1_C) - {.code = -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED), .description="SHA1 - SHA-1 hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA), .description="SHA1 - SHA-1 input data was malformed"}, + case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED): + error_description = "SHA1 - SHA-1 hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA): + error_description = "SHA1 - SHA-1 input data was malformed"; + break; #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - {.code = -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED), .description="SHA256 - SHA-256 hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA), .description="SHA256 - SHA-256 input data was malformed"}, + case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED): + error_description = "SHA256 - SHA-256 hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA): + error_description = "SHA256 - SHA-256 input data was malformed"; + break; #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - {.code = -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED), .description="SHA512 - SHA-512 hardware accelerator failed"}, - {.code = -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA), .description="SHA512 - SHA-512 input data was malformed"}, + case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED): + error_description = "SHA512 - SHA-512 hardware accelerator failed"; + break; + case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA): + error_description = "SHA512 - SHA-512 input data was malformed"; + break; #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) - {.code = -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE), .description="THREADING - The selected feature is not available"}, - {.code = -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA), .description="THREADING - Bad input parameters to function"}, - {.code = -(MBEDTLS_ERR_THREADING_MUTEX_ERROR), .description="THREADING - Locking / unlocking / free failed with error code"}, + case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE): + error_description = "THREADING - The selected feature is not available"; + break; + case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA): + error_description = "THREADING - Bad input parameters to function"; + break; + case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR): + error_description = "THREADING - Locking / unlocking / free failed with error code"; + break; #endif /* MBEDTLS_THREADING_C */ #if defined(MBEDTLS_XTEA_C) - {.code = -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH), .description="XTEA - The data input has an invalid length"}, - {.code = -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED), .description="XTEA - XTEA hardware accelerator failed"}, -#endif /* MBEDTLS_XTEA_C */ -}; - -#define NUM_LOW_LEVEL_ERRORS ( sizeof(low_level_errors)/sizeof(mbedtls_error_t) ) - -const char * mbedtls_high_level_strerr( int error_code ) -{ - size_t i; - const char *error_description = NULL; - - for(i = 0; i < NUM_HIGH_LEVEL_ERRORS; i++ ) - { - if( high_level_errors[i].code == error_code ) - { - error_description = high_level_errors[i].description; + case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH): + error_description = "XTEA - The data input has an invalid length"; break; - } - } - - return error_description; -} - -const char * mbedtls_low_level_strerr( int error_code ) -{ - size_t i; - const char *error_description = NULL; + case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED): + error_description = "XTEA - XTEA hardware accelerator failed"; + break; +#endif /* MBEDTLS_XTEA_C */ - for(i = 0; i < NUM_LOW_LEVEL_ERRORS; i++ ) - { - if( low_level_errors[i].code == error_code ) - { - error_description = low_level_errors[i].description; + default: break; - } } return error_description; @@ -675,10 +1157,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) else mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); +#if defined(MBEDTLS_SSL_TLS_C) // Early return in case of a fatal error - do not try to translate low // level code. if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) return; +#endif /* MBEDTLS_SSL_TLS_C */ } use_ret = ret & ~0xFF80; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index c54ab906f049..4cf3a9d3f5b0 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -42,38 +42,16 @@ HEADER_INCLUDED -typedef struct mbedtls_error -{ - int code; /* Error code. */ - const char * description; /* Error description. */ -} mbedtls_error_t; - -static mbedtls_error_t high_level_errors[] = -{ -HIGH_LEVEL_CODE_CHECKS -}; - -#define NUM_HIGH_LEVEL_ERRORS ( sizeof(high_level_errors)/sizeof(mbedtls_error_t) ) - -static mbedtls_error_t low_level_errors[] = -{ -LOW_LEVEL_CODE_CHECKS -}; - -#define NUM_LOW_LEVEL_ERRORS ( sizeof(low_level_errors)/sizeof(mbedtls_error_t) ) - const char * mbedtls_high_level_strerr( int error_code ) { - size_t i; const char *error_description = NULL; - for(i = 0; i < NUM_HIGH_LEVEL_ERRORS; i++ ) + switch( error_code ) { - if( high_level_errors[i].code == error_code ) - { - error_description = high_level_errors[i].description; +HIGH_LEVEL_CODE_CHECKS + + default: break; - } } return error_description; @@ -81,16 +59,14 @@ const char * mbedtls_high_level_strerr( int error_code ) const char * mbedtls_low_level_strerr( int error_code ) { - size_t i; const char *error_description = NULL; - for(i = 0; i < NUM_LOW_LEVEL_ERRORS; i++ ) + switch( error_code ) { - if( low_level_errors[i].code == error_code ) - { - error_description = low_level_errors[i].description; +LOW_LEVEL_CODE_CHECKS + + default: break; - } } return error_description; @@ -123,10 +99,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) else mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); +#if defined(MBEDTLS_SSL_TLS_C) // Early return in case of a fatal error - do not try to translate low // level code. if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) return; +#endif /* MBEDTLS_SSL_TLS_C */ } use_ret = ret & ~0xFF80; diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index ee9029d3a786..cb596694cda2 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -119,13 +119,13 @@ { $code_check = \$ll_code_check; $old_define = \$ll_old_define; - $white_space = ' '; + $white_space = ' '; } else { $code_check = \$hl_code_check; $old_define = \$hl_old_define; - $white_space = ' '; + $white_space = ' '; } if ($define_name ne ${$old_define}) @@ -160,7 +160,9 @@ ${$old_define} = $define_name; } - ${$code_check} .= "${white_space}\{.code = -($error_name), .description=\"$module_name - $description\"},\n"; + ${$code_check} .= "${white_space}case -($error_name):\n". + "${white_space} error_description = \"$module_name - $description\";\n". + "${white_space} break;\n" }; if ($ll_old_define ne "") From ca51b474dc2966576a98a59d094647423fb0dd35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:29:42 +0200 Subject: [PATCH 090/138] Note that we keep going even if some tests fail Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 7490777ec0da..a2f12f890ed6 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -79,15 +79,15 @@ if [ ! -f "seedfile" ]; then dd if=/dev/urandom of="seedfile" bs=32 count=1 fi -# Step 2a - Unit Tests +# Step 2a - Unit Tests (keep going even if some tests fail) perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT echo -# Step 2b - System Tests +# Step 2b - System Tests (keep going even if some tests fail) sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo -# Step 2c - Compatibility tests +# Step 2c - Compatibility tests (keep going even if some tests fail) sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ tee compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_LEGACY" \ From 5757d542619bc84e1a1b2ff9eecb35195fbc1cbd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:32:48 +0200 Subject: [PATCH 091/138] If 'make lcov' failed, exit immediately Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index a2f12f890ed6..e248c22679e7 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -104,7 +104,15 @@ echo # Step 3 - Process the coverage report cd .. -make lcov |tee tests/cov-$TEST_OUTPUT +{ + make lcov + echo SUCCESS +} | tee tests/cov-$TEST_OUTPUT + +if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then + echo >&2 "Fatal: 'make lcov' failed" + exit 2 +fi # Step 4 - Summarise the test report From bfcb6e16ab669814478b1de63e48d4ff6b408711 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:33:34 +0200 Subject: [PATCH 092/138] Create a large enough seedfile The seedfile needs to have the size of the entropy accumulator, which is 64 bytes (512 bits) since the entropy accumulator uses SHA-512 and the seed size needs to be the same as the hash output (or larger). We used to enable MBEDTLS_ENTROPY_FORCE_SHA256 in the full config, so the entropy accumulator was 256 bits (32 bytes), and therefore a 32-byte seedfile worked. But we no longer turn on this option in the full config, so the 32-byte seedfile no longer works. Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index e248c22679e7..bbfcf25c8faf 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -76,7 +76,7 @@ make -j TEST_OUTPUT=out_${PPID} cd tests if [ ! -f "seedfile" ]; then - dd if=/dev/urandom of="seedfile" bs=32 count=1 + dd if=/dev/urandom of="seedfile" bs=64 count=1 fi # Step 2a - Unit Tests (keep going even if some tests fail) From 40be51ffe32f729dbaf8da8876faa60d83caaa09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:50:08 +0200 Subject: [PATCH 093/138] Add a few echo statements to make the logs easier to follow Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 39 +++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index bbfcf25c8faf..1b92e418371e 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -78,28 +78,43 @@ cd tests if [ ! -f "seedfile" ]; then dd if=/dev/urandom of="seedfile" bs=64 count=1 fi +echo # Step 2a - Unit Tests (keep going even if some tests fail) +echo '################ Unit tests ################' perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^' echo # Step 2b - System Tests (keep going even if some tests fail) +echo +echo '################ ssl-opt.sh ################' sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ ssl-opt.sh ^^^^^^^^^^^^^^^^' echo # Step 2c - Compatibility tests (keep going even if some tests fail) -sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ - tee compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_LEGACY" \ - sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_LEGACY" \ - GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ - tee -a compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_NEXT" \ - sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ - tee -a compat-test-$TEST_OUTPUT +echo '################ compat.sh ################' +{ + echo '#### compat.sh: Default versions' + sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + echo + + echo '#### compat.sh: legacy (SSLv3)' + OPENSSL_CMD="$OPENSSL_LEGACY" sh compat.sh -m 'ssl3' + echo + + echo '#### compat.sh: legacy (null, DES, RC4)' + OPENSSL_CMD="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ + sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' + echo + + echo '#### compat.sh: next (ARIA, ChaCha)' + OPENSSL_CMD="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' + echo +} | tee compat-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' echo # Step 3 - Process the coverage report From b3d0bab10b32d113deeeba4704da0f184d0d1a78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 19:47:48 +0200 Subject: [PATCH 094/138] MBEDTLS_MEMORY_BACKTRACE is no longer included in the full config Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 1b92e418371e..08c141052879 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,7 +68,6 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE make -j From c877c24ed0514ad0e398d0fd6ca7db3593bef740 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Apr 2020 00:18:55 +0200 Subject: [PATCH 095/138] Enable extra features that have tests The "full" configuration excludes some deprecated or experimental features. Enable the ones that have tests, don't have extra requirements and don't turn off some other feature. Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 08c141052879..aca2f11fb429 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,6 +68,10 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full +# Enable some deprecated or experimental features that are not in the +# full config, but are compatible with it and have tests. +scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 +scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C make -j From aaee444c68e5545ed2522cc330100ecbcef3eca7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 16:49:21 +0100 Subject: [PATCH 096/138] Document more methods in Python scripts Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 19 +++++++++++++++++++ tests/scripts/check-test-cases.py | 2 ++ 2 files changed, 21 insertions(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 6e35f5224167..16aebb59a3a2 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -37,20 +37,31 @@ def __init__(self): self.files_with_issues = {} def should_check_file(self, filepath): + """Whether the given file name should be checked. + + Files whose name ends with a string listed in ``self.files_exemptions`` + will not be checked. + """ for files_exemption in self.files_exemptions: if filepath.endswith(files_exemption): return False return True def check_file_for_issue(self, filepath): + """Check the specified file for the issue that this class is for. + + Subclasses must implement this method. + """ raise NotImplementedError def record_issue(self, filepath, line_number): + """Record that an issue was found at the specified location.""" if filepath not in self.files_with_issues.keys(): self.files_with_issues[filepath] = [] self.files_with_issues[filepath].append(line_number) def output_file_issues(self, logger): + """Log all the locations where the issue was found.""" if self.files_with_issues.values(): logger.info(self.heading) for filename, lines in sorted(self.files_with_issues.items()): @@ -70,6 +81,10 @@ class LineIssueTracker(FileIssueTracker): """ def issue_with_line(self, line, filepath): + """Check the specified line for the issue that this class is for. + + Subclasses must implement this method. + """ raise NotImplementedError def check_file_line(self, filepath, line, line_number): @@ -77,6 +92,10 @@ def check_file_line(self, filepath, line, line_number): self.record_issue(filepath, line_number) def check_file_for_issue(self, filepath): + """Check the lines of the specified file. + + Subclasses must implement the ``issue_with_line`` method. + """ with open(filepath, "rb") as f: for i, line in enumerate(iter(f.readline, b"")): self.check_file_line(filepath, line, i + 1) diff --git a/tests/scripts/check-test-cases.py b/tests/scripts/check-test-cases.py index 4abaa688242a..35a9987497e8 100755 --- a/tests/scripts/check-test-cases.py +++ b/tests/scripts/check-test-cases.py @@ -77,6 +77,7 @@ def check_description(results, seen, file_name, line_number, description): seen[description] = line_number def check_test_suite(results, data_file_name): + """Check the test cases in the given unit test data file.""" in_paragraph = False descriptions = {} with open(data_file_name, 'rb') as data_file: @@ -94,6 +95,7 @@ def check_test_suite(results, data_file_name): in_paragraph = True def check_ssl_opt_sh(results, file_name): + """Check the test cases in ssl-opt.sh or a file with a similar format.""" descriptions = {} with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): From dd4c1c6fe79eeb9384af211183dde923fcade31a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:20:59 +0100 Subject: [PATCH 097/138] mbedtls_test.py: drop compatibility with Python 2 Python 2 is no longer supported upstream. Actively drop compatibility with Python 2. Removing the inheritance of a class on object pacifies recent versions of Pylint (useless-object-inheritance). Signed-off-by: Gilles Peskine --- tests/scripts/mbedtls_test.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 8f24435bfef3..9a58a369aed5 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -1,3 +1,5 @@ +#!/usr/bin/env python3 + # Greentea host test script for Mbed TLS on-target test suite testing. # # Copyright (C) 2018, Arm Limited, All Rights Reserved @@ -46,7 +48,7 @@ class TestDataParserError(Exception): pass -class TestDataParser(object): +class TestDataParser: """ Parses test name, dependencies, test function name and test parameters from the data file. From 184c096e956323600a4b20995079a3d7ff9adc78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:25:17 +0100 Subject: [PATCH 098/138] Pylint: abide by useless-object-inheritance warnings Inheriting from object is a remainder of Python 2 habits and is just clutter in Python 3. Signed-off-by: Gilles Peskine --- scripts/abi_check.py | 2 +- tests/scripts/check-files.py | 4 ++-- tests/scripts/generate_test_code.py | 2 +- tests/scripts/test_generate_test_code.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index e19f2c0c660a..c2aca501d676 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -29,7 +29,7 @@ import xml.etree.ElementTree as ET -class AbiChecker(object): +class AbiChecker: """API and ABI checker.""" def __init__(self, old_version, new_version, configuration): diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 16aebb59a3a2..65edecc783c6 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -17,7 +17,7 @@ import sys -class FileIssueTracker(object): +class FileIssueTracker: """Base class for file-wide issue tracking. To implement a checker that processes a file as a whole, inherit from @@ -189,7 +189,7 @@ def issue_with_line(self, line, _filepath): return False -class IntegrityChecker(object): +class IntegrityChecker: """Sanity-check files under the current directory.""" def __init__(self, log_file): diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 1fff09992c03..c0f99f74fa57 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -208,7 +208,7 @@ class GeneratorInputError(Exception): pass -class FileWrapper(io.FileIO, object): +class FileWrapper(io.FileIO): """ This class extends built-in io.FileIO class with attribute line_no, that indicates line number for the line that is read. diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index 6d7113e18bee..e39b29b8316f 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -294,7 +294,7 @@ def test_empty_dependencies(self): self.assertEqual(code, expected) -class StringIOWrapper(StringIO, object): +class StringIOWrapper(StringIO): """ file like class to mock file object in tests. """ From 8b022359e88515cc16a26f3498f955fcf02e0efe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:36:56 +0100 Subject: [PATCH 099/138] Pylint: minor code simplifications Simplify the code in minor ways. Each of this changes fixes a warning from Pylint 2.4 that doesn't appear with Pylint 1.7. Signed-off-by: Gilles Peskine --- tests/scripts/generate_test_code.py | 3 +-- tests/scripts/mbedtls_test.py | 2 +- tests/scripts/test_generate_test_code.py | 10 ++++------ tests/scripts/test_psa_constant_names.py | 2 +- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index c0f99f74fa57..21f816ea9ae2 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -402,8 +402,7 @@ def parse_dependencies(inp_str): :param inp_str: Input string with macros delimited by ':'. :return: list of dependencies """ - dependencies = [dep for dep in map(validate_dependency, - inp_str.split(':'))] + dependencies = list(map(validate_dependency, inp_str.split(':'))) return dependencies diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 9a58a369aed5..709bb1a3e038 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -262,7 +262,7 @@ def test_vector_to_bytes(self, function_id, dependencies, parameters): data_bytes += bytearray(dependencies) data_bytes += bytearray([function_id, len(parameters)]) for typ, param in parameters: - if typ == 'int' or typ == 'exp': + if typ in ('int', 'exp'): i = int(param, 0) data_bytes += b'I' if typ == 'int' else b'E' self.align_32bit(data_bytes) diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index e39b29b8316f..c8e8c5ce1417 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -1127,9 +1127,8 @@ def test_parser(self): dhm_selftest: """ stream = StringIOWrapper('test_suite_ut.function', data) - tests = [(name, test_function, dependencies, args) - for name, test_function, dependencies, args in - parse_test_data(stream)] + # List of (name, function_name, dependencies, args) + tests = list(parse_test_data(stream)) test1, test2, test3, test4 = tests self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1') self.assertEqual(test1[1], 'dhm_do_dhm') @@ -1170,9 +1169,8 @@ def test_with_dependencies(self): """ stream = StringIOWrapper('test_suite_ut.function', data) - tests = [(name, function_name, dependencies, args) - for name, function_name, dependencies, args in - parse_test_data(stream)] + # List of (name, function_name, dependencies, args) + tests = list(parse_test_data(stream)) test1, test2 = tests self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1') self.assertEqual(test1[1], 'dhm_do_dhm') diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index c02555e88028..2c9f058ea2c0 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -453,7 +453,7 @@ def main(): tests.run_all(inputs) tests.report(sys.stdout) if tests.errors: - exit(1) + sys.exit(1) if __name__ == '__main__': main() From 7747efce147846467ab33bf6d4d5334fb1532104 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:39:50 +0100 Subject: [PATCH 100/138] Pylint: allow using pass even when not strictly necessary If we take the trouble of using pass, it's because we think the code is clearer that way. For example, Pylint 2.4 rejects pass in def foo(): """Do nothing.""" pass But relying on a docstring as the sole code is weird, hence the use of pass. Signed-off-by: Gilles Peskine --- .pylintrc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index a5df688d97c9..9ff6eae04876 100644 --- a/.pylintrc +++ b/.pylintrc @@ -55,7 +55,9 @@ max-module-lines=2000 # return value1 # else: # return value2 -disable=logging-format-interpolation,no-else-return +# * unnecessary-pass: If we take the trouble of adding a line with "pass", +# it's because we think the code is clearer that way. +disable=logging-format-interpolation,no-else-return,unnecessary-pass [REPORTS] # Don't diplay statistics. Just the facts. From 1759602b296233cc9a1b751ff33bf468c1efaf48 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:47:06 +0100 Subject: [PATCH 101/138] Pylint: silence locally-disabled/enabled messages If we disable or enable a message locally, it's by design. There's no need to clutter the Pylint output with this information. Signed-off-by: Gilles Peskine --- .pylintrc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index 9ff6eae04876..ad25a7ca1788 100644 --- a/.pylintrc +++ b/.pylintrc @@ -40,6 +40,9 @@ max-attributes=15 max-module-lines=2000 [MESSAGES CONTROL] +# * locally-disabled, locally-enabled: If we disable or enable a message +# locally, it's by design. There's no need to clutter the Pylint output +# with this information. # * logging-format-interpolation: Pylint warns about things like # ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. # This is of minor utility (mainly a performance gain when there are @@ -57,7 +60,7 @@ max-module-lines=2000 # return value2 # * unnecessary-pass: If we take the trouble of adding a line with "pass", # it's because we think the code is clearer that way. -disable=logging-format-interpolation,no-else-return,unnecessary-pass +disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass [REPORTS] # Don't diplay statistics. Just the facts. From e0c84ac4d2fbba2822bd0960ca154b654b30da97 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 18:47:53 +0100 Subject: [PATCH 102/138] Pylint: explicitly note why we're doing an unchecked subprocess.run Signed-off-by: Gilles Peskine --- tests/scripts/test_config_script.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index 40ed9fd9b484..c8fdea5eedb6 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -92,6 +92,7 @@ def list_presets(options): return re.split(r'[ ,]+', options.presets) else: help_text = subprocess.run([options.script, '--help'], + check=False, # config.pl --help returns 255 stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout return guess_presets_from_help(help_text.decode('ascii')) From 3d02db23e85345ff4c8600559670e08fcbddc813 Mon Sep 17 00:00:00 2001 From: Gaurav Aggarwal Date: Sat, 11 Apr 2020 17:14:03 -0700 Subject: [PATCH 103/138] Add auto-generated code markers The presence of these markers in the original code was helpful to me in figuring out that this portion of the code is auto-generated. Therefore, I think those are useful and should be present. Signed-off-by: Gaurav Aggarwal --- include/mbedtls/error.h | 2 +- library/error.c | 4 ++++ scripts/data_files/error.fmt | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 3f0af04daf51..cff22eaa84ff 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -132,7 +132,7 @@ void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); * representation. * * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string use it only for logging purposes. + * must not try to modify the string and use it only for logging purposes. * * \param error_code error code * diff --git a/library/error.c b/library/error.c index 200e579778db..ee1f8b704beb 100644 --- a/library/error.c +++ b/library/error.c @@ -219,6 +219,7 @@ const char * mbedtls_high_level_strerr( int error_code ) switch( error_code ) { + /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_CIPHER_C) case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): error_description = "CIPHER - The selected feature is not available"; @@ -713,6 +714,7 @@ const char * mbedtls_high_level_strerr( int error_code ) error_description = "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"; break; #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ + /* End Auto-Generated Code. */ default: break; @@ -727,6 +729,7 @@ const char * mbedtls_low_level_strerr( int error_code ) switch( error_code ) { + /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_AES_C) case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): error_description = "AES - Invalid key length"; @@ -1122,6 +1125,7 @@ const char * mbedtls_low_level_strerr( int error_code ) error_description = "XTEA - XTEA hardware accelerator failed"; break; #endif /* MBEDTLS_XTEA_C */ + /* End Auto-Generated Code. */ default: break; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 4cf3a9d3f5b0..5699d9ea22f9 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -48,7 +48,9 @@ const char * mbedtls_high_level_strerr( int error_code ) switch( error_code ) { + /* Begin Auto-Generated Code. */ HIGH_LEVEL_CODE_CHECKS + /* End Auto-Generated Code. */ default: break; @@ -63,7 +65,9 @@ const char * mbedtls_low_level_strerr( int error_code ) switch( error_code ) { + /* Begin Auto-Generated Code. */ LOW_LEVEL_CODE_CHECKS + /* End Auto-Generated Code. */ default: break; From 9370f90d46f7ab02e3cc0389ef3c4e0aca32e368 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Fri, 13 Mar 2020 14:43:22 +0100 Subject: [PATCH 104/138] Initial work on the ssl dump program from base64 code Signed-off-by: Piotr Nowicki --- programs/.gitignore | 1 + programs/Makefile | 5 +++++ programs/ssl/CMakeLists.txt | 3 +++ programs/ssl/ssl_base64_dump.c | 26 ++++++++++++++++++++++++++ 4 files changed, 35 insertions(+) create mode 100644 programs/ssl/ssl_base64_dump.c diff --git a/programs/.gitignore b/programs/.gitignore index d19162de1b03..2fd5b21ebae2 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -45,6 +45,7 @@ ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 +ssl/ssl_base64_dump ssl/mini_client test/benchmark test/ecp-bench diff --git a/programs/Makefile b/programs/Makefile index deb19b6e3c3c..9ae8f459bfad 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -84,6 +84,7 @@ APPS = \ ssl/ssl_client2$(EXEXT) \ ssl/ssl_server$(EXEXT) \ ssl/ssl_server2$(EXEXT) \ + ssl/ssl_base64_dump$(EXEXT) \ ssl/ssl_fork_server$(EXEXT) \ ssl/mini_client$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) \ @@ -282,6 +283,10 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +ssl/ssl_base64_dump$(EXEXT): ssl/ssl_base64_dump.c test/query_config.c $(DEP) + echo " CC ssl/ssl_base64_dump.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_base64_dump.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP) echo " CC ssl/ssl_fork_server.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index f28a47d87ae5..0e6c6324b18a 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -44,6 +44,9 @@ add_executable(ssl_server2 ssl_server2.c) target_sources(ssl_server2 PUBLIC ../test/query_config.c) target_link_libraries(ssl_server2 ${libs}) +add_executable(ssl_base64_dump ssl_base64_dump.c) +target_link_libraries(ssl_base64_dump ${libs}) + add_executable(ssl_fork_server ssl_fork_server.c) target_link_libraries(ssl_fork_server ${libs}) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c new file mode 100644 index 000000000000..3b664c990c4d --- /dev/null +++ b/programs/ssl/ssl_base64_dump.c @@ -0,0 +1,26 @@ +/* + * MbedTLS SSL context deserializer from base64 code + * + * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +int main( int argc, char *argv[] ) +{ + + return 0; +} From 88ebbbf0fe6d03fc5509ebf0c1f568763e04cce4 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Fri, 13 Mar 2020 16:26:08 +0100 Subject: [PATCH 105/138] Add function for parsing arguments Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 126 +++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index 3b664c990c4d..ca435f2c37ef 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -19,8 +19,134 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#include +#include +#include +#include + +/* + * This program version + */ +#define PROG_NAME "ssl_base64_dump" +#define VER_MAJOR 0 +#define VER_MINOR 1 + +/* + * Global values + */ +FILE *b64_file = NULL; /* file with base64 codes to deserialize */ +char debug = 0; /* flag for debug messages */ + +/* + * Basic printing functions + */ +void print_version( ) +{ + printf( "%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR ); +} + +void print_usage( ) +{ + print_version(); + printf( + "Usage:\n" + "\t-f path - Path to the file with base64 code\n" + "\t-v - Show version\n" + "\t-h - Show this usage\n" + "\t-d - Print more information\n" + "\n" + ); +} + +void printf_dbg( const char *str, ... ) +{ + if( debug ) + { + va_list args; + va_start( args, str ); + printf( "debug: " ); + vprintf( str, args ); + fflush( stdout ); + va_end( args ); + } +} + +void printf_err( const char *str, ... ) +{ + va_list args; + va_start( args, str ); + fprintf( stderr, "ERROR: " ); + vfprintf( stderr, str, args ); + fflush( stderr ); + va_end( args ); +} + +/* + * Exit from the program in case of error + */ +void error_exit() +{ + if( NULL != b64_file ) + { + fclose( b64_file ); + } + exit( -1 ); +} + +/* + * This function takes the input arguments of this program + */ +void parse_arguments( int argc, char *argv[] ) +{ + int i = 1; + + if( argc < 2 ) + { + print_usage(); + error_exit(); + } + + while( i < argc ) + { + if( strcmp( argv[i], "-d" ) == 0 ) + { + debug = 1; + } + else if( strcmp( argv[i], "-h" ) == 0 ) + { + print_usage(); + } + else if( strcmp( argv[i], "-v" ) == 0 ) + { + print_version(); + } + else if( strcmp( argv[i], "-f" ) == 0 ) + { + if( ++i >= argc ) + { + printf_err( "File path is empty\n" ); + error_exit(); + } + + if( ( b64_file = fopen( argv[i], "r" ) ) == NULL ) + { + printf_err( "Cannot find file \"%s\"\n", argv[i] ); + error_exit(); + } + } + else + { + print_usage(); + error_exit(); + } + + i++; + } +} + int main( int argc, char *argv[] ) { + parse_arguments( argc, argv ); return 0; } From 14d3105f78cdca5fb6ae734ca8d7c5d87aa9d8db Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Mon, 16 Mar 2020 14:05:22 +0100 Subject: [PATCH 106/138] Add reading base64 code from file Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 98 ++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index ca435f2c37ef..2ee1f113e219 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -21,6 +21,7 @@ #include #include +#include #include #include @@ -144,9 +145,106 @@ void parse_arguments( int argc, char *argv[] ) } } +/* + * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened + * previously. After each call to this function, the internal file position + * indicator of the global b64_file is advanced. + * + * /p b64 buffer for input data + * /p max_len the maximum number of bytes to write + * + * \retval number of bytes written in to the b64 buffer or 0 in case no more + * data was found + */ +size_t read_next_b64_code( char *b64, const size_t max_len ) +{ + size_t len = 0; + uint32_t missed = 0; + char pad = 0; + char c = 0; + + while( EOF != c ) + { + char c_valid = 0; + + c = (char) fgetc( b64_file ); + + if( pad == 1 ) + { + if( c == '=' ) + { + c_valid = 1; + pad = 2; + } + } + else if( ( c >= 'A' && c <= 'Z' ) || + ( c >= 'a' && c <= 'z' ) || + ( c >= '0' && c <= '9' ) || + c == '+' || c == '/' ) + { + c_valid = 1; + } + else if( c == '=' ) + { + c_valid = 1; + pad = 1; + } + else if( c == '-' ) + { + c = '+'; + c_valid = 1; + } + else if( c == '_' ) + { + c = '/'; + c_valid = 1; + } + + if( c_valid ) + { + if( len < max_len ) + { + b64[ len++ ] = c; + } + else + { + missed++; + } + } + else if( len > 0 ) + { + if( missed > 0 ) + { + printf_err( "Buffer for the base64 code is too small. Missed %u characters\n", missed ); + } + return len; + } + } + + printf_dbg( "End of file\n" ); + return 0; +} + int main( int argc, char *argv[] ) { + enum { B64BUF_LEN = 4 * 1024 }; + char b64[ B64BUF_LEN ]; parse_arguments( argc, argv ); + while( NULL != b64_file ) + { + size_t len = read_next_b64_code( b64, B64BUF_LEN ); + if( len > 0) + { + + /* TODO: deserializing */ + } + else + { + fclose( b64_file ); + b64_file = NULL; + } + } + return 0; } From 6842c9bde8068b87c2a2bc98a4a3e2ff9ce72406 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Mon, 16 Mar 2020 17:52:56 +0100 Subject: [PATCH 107/138] Add printing the read base64 code Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index 2ee1f113e219..1ea02d075b75 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -145,6 +145,26 @@ void parse_arguments( int argc, char *argv[] ) } } +/* + * This function prints base64 code to the stdout + */ +void print_b64( const char *b, const size_t len ) +{ + size_t i = 0; + const char *end = b + len; + while( b < end ) + { + if( ++i > 70 ) + { + printf( "\n" ); + i = 0; + } + printf( "%c", *b++ ); + } + printf( "\n" ); + fflush( stdout ); +} + /* * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened * previously. After each call to this function, the internal file position @@ -229,6 +249,8 @@ int main( int argc, char *argv[] ) { enum { B64BUF_LEN = 4 * 1024 }; char b64[ B64BUF_LEN ]; + uint32_t b64_counter = 0; + parse_arguments( argc, argv ); while( NULL != b64_file ) @@ -236,8 +258,17 @@ int main( int argc, char *argv[] ) size_t len = read_next_b64_code( b64, B64BUF_LEN ); if( len > 0) { + b64_counter++; + + if( debug ) + { + printf( "%u.\n", b64_counter ); + print_b64( b64, len ); + } /* TODO: deserializing */ + + printf( "\n" ); } else { @@ -246,5 +277,7 @@ int main( int argc, char *argv[] ) } } + printf( "Finish. Found %u base64 codes\n", b64_counter ); + return 0; } From c7d681c5bd2c11ee49c2d5ce51f1b3ab5df24814 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Tue, 17 Mar 2020 09:51:31 +0100 Subject: [PATCH 108/138] Add base64 code decoding Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 64 ++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index 1ea02d075b75..9c7c21b4bcbc 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -24,6 +24,8 @@ #include #include #include +#include "mbedtls/error.h" +#include "mbedtls/base64.h" /* * This program version @@ -148,15 +150,16 @@ void parse_arguments( int argc, char *argv[] ) /* * This function prints base64 code to the stdout */ -void print_b64( const char *b, const size_t len ) +void print_b64( const unsigned char *b, size_t len ) { size_t i = 0; - const char *end = b + len; + const unsigned char *end = b + len; + printf("\t"); while( b < end ) { - if( ++i > 70 ) + if( ++i > 75 ) { - printf( "\n" ); + printf( "\n\t" ); i = 0; } printf( "%c", *b++ ); @@ -165,6 +168,27 @@ void print_b64( const char *b, const size_t len ) fflush( stdout ); } +/* + * This function prints hex code from the buffer to the stdout. + */ +void print_hex( const unsigned char *b, size_t len ) +{ + size_t i = 0; + const unsigned char *end = b + len; + printf("\t"); + while( b < end ) + { + printf( "%02X ", (unsigned char) *b++ ); + if( ++i > 25 ) + { + printf("\n\t"); + i = 0; + } + } + printf("\n"); + fflush(stdout); +} + /* * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened * previously. After each call to this function, the internal file position @@ -176,7 +200,7 @@ void print_b64( const char *b, const size_t len ) * \retval number of bytes written in to the b64 buffer or 0 in case no more * data was found */ -size_t read_next_b64_code( char *b64, const size_t max_len ) +size_t read_next_b64_code( unsigned char *b64, size_t max_len ) { size_t len = 0; uint32_t missed = 0; @@ -248,22 +272,42 @@ size_t read_next_b64_code( char *b64, const size_t max_len ) int main( int argc, char *argv[] ) { enum { B64BUF_LEN = 4 * 1024 }; - char b64[ B64BUF_LEN ]; + enum { SSLBUF_LEN = B64BUF_LEN * 3 / 4 + 1 }; + + unsigned char b64[ B64BUF_LEN ]; + unsigned char ssl[ SSLBUF_LEN ]; uint32_t b64_counter = 0; parse_arguments( argc, argv ); while( NULL != b64_file ) { - size_t len = read_next_b64_code( b64, B64BUF_LEN ); - if( len > 0) + size_t ssl_len; + size_t b64_len = read_next_b64_code( b64, B64BUF_LEN ); + if( b64_len > 0) { + int ret; + b64_counter++; if( debug ) { - printf( "%u.\n", b64_counter ); - print_b64( b64, len ); + printf( "%u. Base64 code:\n", b64_counter ); + print_b64( b64, b64_len ); + } + + ret = mbedtls_base64_decode( ssl, SSLBUF_LEN, &ssl_len, b64, b64_len ); + if( ret != 0) + { + mbedtls_strerror( ret, (char*) b64, B64BUF_LEN ); + printf_err( "base64 code cannot be decoded - %s\n", b64 ); + continue; + } + + if( debug ) + { + printf( "\n Decoded data in hex:\n"); + print_hex( ssl, ssl_len ); } /* TODO: deserializing */ From 6b2baf99f18ead31c0f43363ae26150067805d28 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Tue, 17 Mar 2020 15:36:52 +0100 Subject: [PATCH 109/138] Print mbedtls version and configuration Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 114 +++++++++++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index 9c7c21b4bcbc..dc146f276dd7 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -34,6 +34,22 @@ #define VER_MAJOR 0 #define VER_MINOR 1 +/* + * Flags copied from the mbedTLS library. + */ +#define SESSION_CONFIG_TIME_BIT ( 1 << 0 ) +#define SESSION_CONFIG_CRT_BIT ( 1 << 1 ) +#define SESSION_CONFIG_CLIENT_TICKET_BIT ( 1 << 2 ) +#define SESSION_CONFIG_MFL_BIT ( 1 << 3 ) +#define SESSION_CONFIG_TRUNC_HMAC_BIT ( 1 << 4 ) +#define SESSION_CONFIG_ETM_BIT ( 1 << 5 ) +#define SESSION_CONFIG_TICKET_BIT ( 1 << 6 ) + +#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ( 1 << 0 ) +#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ( 1 << 1 ) +#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ( 1 << 2 ) +#define CONTEXT_CONFIG_ALPN_BIT ( 1 << 3 ) + /* * Global values */ @@ -189,6 +205,17 @@ void print_hex( const unsigned char *b, size_t len ) fflush(stdout); } +/* + * Print the input string if the bit is set in the value + */ +void print_if_bit( const char *str, int bit, int val ) +{ + if( bit & val ) + { + printf( "\t%s\n", str ); + } +} + /* * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened * previously. After each call to this function, the internal file position @@ -269,6 +296,82 @@ size_t read_next_b64_code( unsigned char *b64, size_t max_len ) return 0; } +/* + * This function deserializes and prints to the stdout all obtained information + * about the context from provided data. This function was built based on + * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used + * due to dependencies on the mbedTLS configuration and the configuration of + * the context when serialization was created. + * + * The data structure in the buffer: + * // session sub-structure + * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() + * // transform sub-structure + * uint8 random[64]; // ServerHello.random+ClientHello.random + * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value + * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use + * // fields from ssl_context + * uint32 badmac_seen; // DTLS: number of records with failing MAC + * uint64 in_window_top; // DTLS: last validated record seq_num + * uint64 in_window; // DTLS: bitmask for replay protection + * uint8 disable_datagram_packing; // DTLS: only one record per datagram + * uint64 cur_out_ctr; // Record layer: outgoing sequence number + * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) + * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol + * + * /p ssl pointer to serialized session + * /p len number of bytes in the buffer + */ +void print_deserialized_ssl( const unsigned char *ssl, size_t len ) +{ + /* TODO: which versions are compatible */ + /* TODO: add checking len */ + const unsigned char *end = ssl + len; + int session_cfg_flag; + int context_cfg_flag; + uint32_t session_len; + + printf( "\nMbed TLS version:\n" ); + + printf( "\tmajor:\t%u\n", (unsigned int) *ssl++ ); + printf( "\tminor:\t%u\n", (unsigned int) *ssl++ ); + printf( "\tpath:\t%u\n", (unsigned int) *ssl++ ); + + session_cfg_flag = ( (int) ssl[0] << 8 ) | ( (int) ssl[1] ); + ssl += 2; + + context_cfg_flag = ( (int) ssl[0] << 16 ) | + ( (int) ssl[1] << 8 ) | + ( (int) ssl[2] ) ; + ssl += 3; + + printf( "\nEnabled session and context configuration:\n" ); + printf_dbg( "Session config flags 0x%04X\n", session_cfg_flag ); + printf_dbg( "Context config flags 0x%06X\n", context_cfg_flag ); + + print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag ); + + print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag ); + print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag ); + + session_len = ( (uint32_t) ssl[0] << 24 ) | + ( (uint32_t) ssl[1] << 16 ) | + ( (uint32_t) ssl[2] << 8 ) | + ( (uint32_t) ssl[3] ); + ssl += 4; + printf_dbg( "session length %u\n", session_len ); + + printf( "\n" ); +} + int main( int argc, char *argv[] ) { enum { B64BUF_LEN = 4 * 1024 }; @@ -288,11 +391,11 @@ int main( int argc, char *argv[] ) { int ret; - b64_counter++; + printf( "%u. Desierializing:\n", ++b64_counter ); if( debug ) { - printf( "%u. Base64 code:\n", b64_counter ); + printf( "\nBase64 code:\n" ); print_b64( b64, b64_len ); } @@ -306,13 +409,12 @@ int main( int argc, char *argv[] ) if( debug ) { - printf( "\n Decoded data in hex:\n"); + printf( "\nDecoded data in hex:\n"); print_hex( ssl, ssl_len ); } - /* TODO: deserializing */ + print_deserialized_ssl( ssl, ssl_len ); - printf( "\n" ); } else { @@ -321,7 +423,7 @@ int main( int argc, char *argv[] ) } } - printf( "Finish. Found %u base64 codes\n", b64_counter ); + printf_dbg( "Finish. Found %u base64 codes\n", b64_counter ); return 0; } From ab3ecd8ac2b13c052cb2135bec49d81246f1ec0e Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Wed, 18 Mar 2020 15:12:41 +0100 Subject: [PATCH 110/138] Print more information and add TODOs Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 161 ++++++++++++++++++++++++++++++--- 1 file changed, 146 insertions(+), 15 deletions(-) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index dc146f276dd7..fdd4287aacd0 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -50,6 +50,8 @@ #define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ( 1 << 2 ) #define CONTEXT_CONFIG_ALPN_BIT ( 1 << 3 ) +#define TRANSFORM_RANDBYTE_LEN 64 + /* * Global values */ @@ -166,10 +168,10 @@ void parse_arguments( int argc, char *argv[] ) /* * This function prints base64 code to the stdout */ -void print_b64( const unsigned char *b, size_t len ) +void print_b64( const uint8_t *b, size_t len ) { size_t i = 0; - const unsigned char *end = b + len; + const uint8_t *end = b + len; printf("\t"); while( b < end ) { @@ -187,14 +189,14 @@ void print_b64( const unsigned char *b, size_t len ) /* * This function prints hex code from the buffer to the stdout. */ -void print_hex( const unsigned char *b, size_t len ) +void print_hex( const uint8_t *b, size_t len ) { size_t i = 0; - const unsigned char *end = b + len; + const uint8_t *end = b + len; printf("\t"); while( b < end ) { - printf( "%02X ", (unsigned char) *b++ ); + printf( "%02X ", (uint8_t) *b++ ); if( ++i > 25 ) { printf("\n\t"); @@ -227,7 +229,7 @@ void print_if_bit( const char *str, int bit, int val ) * \retval number of bytes written in to the b64 buffer or 0 in case no more * data was found */ -size_t read_next_b64_code( unsigned char *b64, size_t max_len ) +size_t read_next_b64_code( uint8_t *b64, size_t max_len ) { size_t len = 0; uint32_t missed = 0; @@ -296,6 +298,38 @@ size_t read_next_b64_code( unsigned char *b64, size_t max_len ) return 0; } +/* + * This function deserializes and prints to the stdout all obtained information + * about the session from provided data. This function was built based on + * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used + * due to dependencies on the mbedTLS configuration. + * + * The data structure in the buffer: + * uint64 start_time; + * uint8 ciphersuite[2]; // defined by the standard + * uint8 compression; // 0 or 1 + * uint8 session_id_len; // at most 32 + * opaque session_id[32]; + * opaque master[48]; // fixed length in the standard + * uint32 verify_result; + * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert + * opaque ticket<0..2^24-1>; // length 0 means no ticket + * uint32 ticket_lifetime; + * uint8 mfl_code; // up to 255 according to standard + * uint8 trunc_hmac; // 0 or 1 + * uint8 encrypt_then_mac; // 0 or 1 + * + * /p ssl pointer to serialized session + * /p len number of bytes in the buffer + * /p session_cfg_flag session configuration flags + */ +void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, + int session_cfg_flag ) +{ + const uint8_t *end = ssl + len; + printf( "TODO\n" ); +} + /* * This function deserializes and prints to the stdout all obtained information * about the context from provided data. This function was built based on @@ -322,20 +356,24 @@ size_t read_next_b64_code( unsigned char *b64, size_t max_len ) * /p ssl pointer to serialized session * /p len number of bytes in the buffer */ -void print_deserialized_ssl( const unsigned char *ssl, size_t len ) +void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) { /* TODO: which versions are compatible */ /* TODO: add checking len */ - const unsigned char *end = ssl + len; + const uint8_t *end = ssl + len; int session_cfg_flag; int context_cfg_flag; uint32_t session_len; + /* TODO is DTLS compiled? */ + char dtls_used = 1; printf( "\nMbed TLS version:\n" ); - printf( "\tmajor:\t%u\n", (unsigned int) *ssl++ ); - printf( "\tminor:\t%u\n", (unsigned int) *ssl++ ); - printf( "\tpath:\t%u\n", (unsigned int) *ssl++ ); + printf( "\tmajor:\t%u\n", (uint32_t) *ssl++ ); + printf( "\tminor:\t%u\n", (uint32_t) *ssl++ ); + printf( "\tpath:\t%u\n", (uint32_t) *ssl++ ); + + printf( "\nEnabled session and context configuration:\n" ); session_cfg_flag = ( (int) ssl[0] << 8 ) | ( (int) ssl[1] ); ssl += 2; @@ -345,7 +383,6 @@ void print_deserialized_ssl( const unsigned char *ssl, size_t len ) ( (int) ssl[2] ) ; ssl += 3; - printf( "\nEnabled session and context configuration:\n" ); printf_dbg( "Session config flags 0x%04X\n", session_cfg_flag ); printf_dbg( "Context config flags 0x%06X\n", context_cfg_flag ); @@ -369,6 +406,100 @@ void print_deserialized_ssl( const unsigned char *ssl, size_t len ) ssl += 4; printf_dbg( "session length %u\n", session_len ); + print_deserialized_ssl_session( ssl, session_len, session_cfg_flag ); + ssl += session_len; + + /* TODO ssl_populate_transform */ + printf( "\nRandom bytes: \n"); + print_hex( ssl, TRANSFORM_RANDBYTE_LEN ); + printf( "TODO: ssl_populate_transform\n"); + ssl += TRANSFORM_RANDBYTE_LEN; + + if( CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag ) + { + uint8_t cid_len; + printf( "\nDTLS connection ID:\n" ); + + cid_len = *ssl++; + printf_dbg( "in_cid_len %u\n", (uint32_t) cid_len ); + + printf( "\tin_cid:" ); + print_hex( ssl, cid_len ); + ssl += cid_len; + + cid_len = *ssl++; + printf_dbg( "out_cid_len %u\n", (uint32_t) cid_len ); + + printf( "\tout_cid:" ); + print_hex( ssl, cid_len ); + ssl += cid_len; + } + + if( CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag ) + { + uint32_t badmac_seen = ( (uint32_t) ssl[0] << 24 ) | + ( (uint32_t) ssl[1] << 16 ) | + ( (uint32_t) ssl[2] << 8 ) | + ( (uint32_t) ssl[3] ); + ssl += 4; + printf( "\tibadmac_seen: %d\n", badmac_seen ); + + printf( "\tin_window_top: " ); + print_hex( ssl, 8 ); + ssl += 8; + + printf( "\twindow_top: " ); + print_hex( ssl, 8 ); + ssl += 8; + } + + if( dtls_used ) + { + printf( "\tDTLS datagram packing: %s\n", + ( ( *ssl++ ) == 0 ) ? + "enabled" : "disabled" ); + } + + printf( "\tcur_out_ctr: "); + print_hex( ssl, 8 ); + ssl += 8; + + if( dtls_used ) + { + uint16_t mtu = ( ssl[0] << 8 ) | ssl[1]; + ssl += 2; + printf( "\tMTU: %u\n", mtu ); + } + + + if( CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag ) + { + uint8_t alpn_len = *ssl++; + if( alpn_len > 0 ) + { + if( strlen( (const char*) ssl ) == alpn_len ) + { + printf( "\talpn_chosen: %s\n", ssl ); + } + else + { + printf_err( "\talpn_len is incorrect\n" ); + } + ssl += alpn_len; + } + else + { + printf( "\talpn_chosen: not selected\n" ); + } + } + + /* TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); */ + printf( "TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform );\n" ); + + if( 0 < ( end - ssl ) ) + { + printf_dbg( "Left to analyze %u\n", (uint32_t)( end - ssl ) ); + } printf( "\n" ); } @@ -377,8 +508,8 @@ int main( int argc, char *argv[] ) enum { B64BUF_LEN = 4 * 1024 }; enum { SSLBUF_LEN = B64BUF_LEN * 3 / 4 + 1 }; - unsigned char b64[ B64BUF_LEN ]; - unsigned char ssl[ SSLBUF_LEN ]; + uint8_t b64[ B64BUF_LEN ]; + uint8_t ssl[ SSLBUF_LEN ]; uint32_t b64_counter = 0; parse_arguments( argc, argv ); @@ -413,7 +544,7 @@ int main( int argc, char *argv[] ) print_hex( ssl, ssl_len ); } - print_deserialized_ssl( ssl, ssl_len ); + print_deserialized_ssl_context( ssl, ssl_len ); } else From 4e192000fafe5cae70dc8945e03bd29a4865134e Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Wed, 18 Mar 2020 17:27:29 +0100 Subject: [PATCH 111/138] Add session deserializing (not completed) Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 127 +++++++++++++++++++++++++++++++-- 1 file changed, 123 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index fdd4287aacd0..09116b952cb9 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -26,6 +26,7 @@ #include #include "mbedtls/error.h" #include "mbedtls/base64.h" +#include "mbedtls/md.h" /* * This program version @@ -326,8 +327,126 @@ size_t read_next_b64_code( uint8_t *b64, size_t max_len ) void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, int session_cfg_flag ) { + mbedtls_md_type_t peer_cert_digest_type; + uint32_t peer_cert_digest_len, cert_len, ticket_len; + uint32_t verify_result, ticket_lifetime; + /* TODO is keep_peer_certificate? */ + char keep_peer_certificate = 1; const uint8_t *end = ssl + len; - printf( "TODO\n" ); + + printf( "\nSession info:\n" ); + + if( session_cfg_flag & SESSION_CONFIG_TIME_BIT ) + { + uint64_t start = ( (uint64_t) ssl[0] << 56 ) | + ( (uint64_t) ssl[1] << 48 ) | + ( (uint64_t) ssl[2] << 40 ) | + ( (uint64_t) ssl[3] << 32 ) | + ( (uint64_t) ssl[4] << 24 ) | + ( (uint64_t) ssl[5] << 16 ) | + ( (uint64_t) ssl[6] << 8 ) | + ( (uint64_t) ssl[7] ); + ssl += 8; + printf( "\tstart: %lu\n", start ); + } + + printf( "\tciphersuite: 0x%02X%02X\n", ssl[0], ssl[1] ); + ssl += 2; + + printf( "\tcompression: 0x%02X\n", *ssl++ ); + printf( "\tid_len: 0x%02X\n", *ssl++ ); + + printf( "\tsession ID: "); + print_hex( ssl, 32 ); + ssl += 32; + + printf( "\tmaster: "); + print_hex( ssl, 48 ); + ssl += 48; + + verify_result = ( (uint32_t) ssl[0] << 24 ) | + ( (uint32_t) ssl[1] << 16 ) | + ( (uint32_t) ssl[2] << 8 ) | + ( (uint32_t) ssl[3] ); + ssl += 4; + printf( "\tverify_result: %u\n", verify_result ); + + if( SESSION_CONFIG_CRT_BIT & session_cfg_flag ) + { + if( keep_peer_certificate ) + { + cert_len = ( (uint32_t) ssl[0] << 16 ) | + ( (uint32_t) ssl[1] << 8 ) | + ( (uint32_t) ssl[2] ); + ssl += 3; + printf_dbg( "cert_len: %u\n", cert_len ); + + if( cert_len > 0 ) + { + /* TODO: cert */ + printf( "TODO: cert\n" ); + ssl += cert_len; + } + } + else + { + peer_cert_digest_type = (mbedtls_md_type_t) *ssl++; + printf( "\tpeer_cert_digest_type: %d\n", (int)peer_cert_digest_type ); + + peer_cert_digest_len = (uint32_t) *ssl++; + printf_dbg( "peer_cert_digest_len: %u\n", peer_cert_digest_len ); + + if( peer_cert_digest_len > 0 ) + { + /* TODO: peer_cert_digest */ + printf( "TODO: peer_cert_digest\n" ); + ssl += peer_cert_digest_len; + } + } + } + + if( SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag ) + { + ticket_len = ( (uint32_t) ssl[0] << 16 ) | + ( (uint32_t) ssl[1] << 8 ) | + ( (uint32_t) ssl[2] ); + ssl += 3; + printf_dbg( "ticket_len: %u\n", ticket_len ); + + if( ticket_len > 0 ) + { + /* TODO ticket dump */ + printf( "TODO ticket dump\n" ); + ssl += ticket_len; + } + + ticket_lifetime = ( (uint32_t) ssl[0] << 24 ) | + ( (uint32_t) ssl[1] << 16 ) | + ( (uint32_t) ssl[2] << 8 ) | + ( (uint32_t) ssl[3] ); + ssl += 4; + printf( "\tticket_lifetime: %u\n", ticket_lifetime ); + } + + if( SESSION_CONFIG_MFL_BIT & session_cfg_flag ) + { + printf( "\tmfl_code: 0x%02X\n", *ssl++ ); + } + + if( SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag ) + { + printf( "\ttrunc_hmac: 0x%02X\n", *ssl++ ); + } + + if( SESSION_CONFIG_ETM_BIT & session_cfg_flag ) + { + printf( "\tencrypt_then_mac: 0x%02X\n", *ssl++ ); + } + + if( 0 != ( end - ssl ) ) + { + printf_err( "%i bytes left to analyze from session\n", (int32_t)( end - ssl ) ); + } } /* @@ -496,9 +615,9 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) /* TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); */ printf( "TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform );\n" ); - if( 0 < ( end - ssl ) ) + if( 0 != ( end - ssl ) ) { - printf_dbg( "Left to analyze %u\n", (uint32_t)( end - ssl ) ); + printf_err( "%i bytes left to analyze from context\n", (int32_t)( end - ssl ) ); } printf( "\n" ); } @@ -522,7 +641,7 @@ int main( int argc, char *argv[] ) { int ret; - printf( "%u. Desierializing:\n", ++b64_counter ); + printf( "%u. Deserializing...\n", ++b64_counter ); if( debug ) { From e5fa8b7cdf58f6cf90e62fca39cca7c31e7d21a8 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Fri, 20 Mar 2020 12:16:33 +0100 Subject: [PATCH 112/138] Add certificate printing Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 499 ++++++++++++++++++++++++++------- 1 file changed, 392 insertions(+), 107 deletions(-) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index 09116b952cb9..e4bd150b7d46 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -24,9 +24,14 @@ #include #include #include +#include +#include "mbedtls/ssl.h" #include "mbedtls/error.h" #include "mbedtls/base64.h" #include "mbedtls/md.h" +#include "mbedtls/md_internal.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/ssl_ciphersuites.h" /* * This program version @@ -53,11 +58,27 @@ #define TRANSFORM_RANDBYTE_LEN 64 +/* + * A macro that prevents from reading out of the ssl buffer range. + */ +#define CHECK_SSL_END( LEN ) \ +do \ +{ \ + if( end - ssl < (int)( LEN ) ) \ + { \ + printf_err( "%s", buf_ln_err ); \ + return; \ + } \ +} while( 0 ) + /* * Global values */ -FILE *b64_file = NULL; /* file with base64 codes to deserialize */ -char debug = 0; /* flag for debug messages */ +FILE *b64_file = NULL; /* file with base64 codes to deserialize */ +char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */ +char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */ +char debug = 0; /* flag for debug messages */ +const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n"; /* * Basic printing functions @@ -70,12 +91,21 @@ void print_version( ) void print_usage( ) { print_version(); + printf( "\nThis program is used to deserialize an mbedTLS SSL session from the base64 code provided\n" + "in the text file. The program can deserialize many codes from one file, but they must be\n" + "separated, e.g. by a newline.\n\n" ); printf( "Usage:\n" - "\t-f path - Path to the file with base64 code\n" - "\t-v - Show version\n" - "\t-h - Show this usage\n" - "\t-d - Print more information\n" + "\t-f path - Path to the file with base64 code\n" + "\t-v - Show version\n" + "\t-h - Show this usage\n" + "\t-d - Print more information\n" + "\t--keep-peer-cert=0 - Use this option if you know that the mbedTLS library\n" + "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n" + "\t flag. You can also use it if there are some problems with reading\n" + "\t the information about certificate\n" + "\t--dtls-protocol=0 - Use this option if you know that the mbedTLS library\n" + "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n" "\n" ); } @@ -97,6 +127,7 @@ void printf_err( const char *str, ... ) { va_list args; va_start( args, str ); + fflush( stdout ); fprintf( stderr, "ERROR: " ); vfprintf( stderr, str, args ); fflush( stderr ); @@ -156,6 +187,14 @@ void parse_arguments( int argc, char *argv[] ) error_exit(); } } + else if( strcmp( argv[i], "--keep-peer-cert=0" ) == 0 ) + { + conf_keep_peer_certificate = 0; + } + else if( strcmp( argv[i], "--dtls-protocol=0" ) == 0 ) + { + conf_dtls_proto = 0; + } else { print_usage(); @@ -189,25 +228,55 @@ void print_b64( const uint8_t *b, size_t len ) /* * This function prints hex code from the buffer to the stdout. + * + * /p b buffer with data to print + * /p len number of bytes to print + * /p in_line number of bytes in one line + * /p prefix prefix for the new lines */ -void print_hex( const uint8_t *b, size_t len ) +void print_hex( const uint8_t *b, size_t len, + const size_t in_line, const char *prefix ) { size_t i = 0; const uint8_t *end = b + len; - printf("\t"); + + if( prefix == NULL ) + { + prefix = ""; + } + while( b < end ) { - printf( "%02X ", (uint8_t) *b++ ); - if( ++i > 25 ) + if( ++i > in_line ) { - printf("\n\t"); - i = 0; + printf( "\n%s", prefix ); + i = 1; } + printf( "%02X ", (uint8_t) *b++ ); } printf("\n"); fflush(stdout); } +/* + * Print the value of time_t in format e.g. 2020-01-23 13:05:59 + */ +void print_time( const time_t *time ) +{ + char buf[20]; + struct tm *t = gmtime( time ); + static const char format[] = "%Y-%m-%d %H:%M:%S"; + if( NULL != t ) + { + strftime( buf, sizeof( buf ), format, t ); + printf( "%s\n", buf ); + } + else + { + printf( "unknown\n" ); + } +} + /* * Print the input string if the bit is set in the value */ @@ -219,6 +288,36 @@ void print_if_bit( const char *str, int bit, int val ) } } +/* + * Return pointer to hardcoded "enabled" or "disabled" depending on the input value + */ +const char * get_enabled_str( int is_en ) +{ + return ( is_en ) ? "enabled" : "disabled"; +} + +/* + * Return pointer to hardcoded MFL string value depending on the MFL code at the input + */ +const char * get_mfl_str( int mfl_code ) +{ + switch( mfl_code ) + { + case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: + return "none"; + case MBEDTLS_SSL_MAX_FRAG_LEN_512: + return "512"; + case MBEDTLS_SSL_MAX_FRAG_LEN_1024: + return "1024"; + case MBEDTLS_SSL_MAX_FRAG_LEN_2048: + return "2048"; + case MBEDTLS_SSL_MAX_FRAG_LEN_4096: + return "4096"; + default: + return "error"; + } +} + /* * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened * previously. After each call to this function, the internal file position @@ -299,6 +398,61 @@ size_t read_next_b64_code( uint8_t *b64, size_t max_len ) return 0; } +/* + * This function deserializes and prints to the stdout all obtained information + * about the certificates from provided data. + * + * /p ssl pointer to serialized certificate + * /p len number of bytes in the buffer +*/ +void print_deserialized_ssl_cert( const uint8_t *ssl, uint32_t len ) +{ + enum { STRLEN = 4096 }; + mbedtls_x509_crt crt; + int ret; + char str[STRLEN]; + + printf( "\nCertificate:\n" ); + + mbedtls_x509_crt_init( &crt ); + ret = mbedtls_x509_crt_parse_der( &crt, ssl, len ); + if( 0 != ret ) + { + mbedtls_strerror( ret, str, STRLEN ); + printf_err( "Invalid format of X.509 - %s\n", str ); + printf( "Cannot deserialize:\n\t" ); + print_hex( ssl, len, 25, "\t" ); + } + else + { + mbedtls_x509_crt *current = &crt; + + while( current != NULL ) + { + ret = mbedtls_x509_crt_info( str, STRLEN, "\t", current ); + if( 0 > ret ) + { + mbedtls_strerror( ret, str, STRLEN ); + printf_err( "Cannot write to the output - %s\n", str ); + } + else + { + printf( "%s", str ); + } + + current = current->next; + + if( current ) + { + printf( "\n" ); + } + + } + } + + mbedtls_x509_crt_free( &crt ); +} + /* * This function deserializes and prints to the stdout all obtained information * about the session from provided data. This function was built based on @@ -327,120 +481,219 @@ size_t read_next_b64_code( uint8_t *b64, size_t max_len ) void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, int session_cfg_flag ) { - mbedtls_md_type_t peer_cert_digest_type; - uint32_t peer_cert_digest_len, cert_len, ticket_len; + const struct mbedtls_ssl_ciphersuite_t * ciphersuite_info; + int ciphersuite_id; + uint32_t cert_len, ticket_len; uint32_t verify_result, ticket_lifetime; - /* TODO is keep_peer_certificate? */ - char keep_peer_certificate = 1; const uint8_t *end = ssl + len; printf( "\nSession info:\n" ); if( session_cfg_flag & SESSION_CONFIG_TIME_BIT ) { - uint64_t start = ( (uint64_t) ssl[0] << 56 ) | - ( (uint64_t) ssl[1] << 48 ) | - ( (uint64_t) ssl[2] << 40 ) | - ( (uint64_t) ssl[3] << 32 ) | - ( (uint64_t) ssl[4] << 24 ) | - ( (uint64_t) ssl[5] << 16 ) | - ( (uint64_t) ssl[6] << 8 ) | - ( (uint64_t) ssl[7] ); + uint64_t start; + CHECK_SSL_END( 8 ); + start = ( (uint64_t) ssl[0] << 56 ) | + ( (uint64_t) ssl[1] << 48 ) | + ( (uint64_t) ssl[2] << 40 ) | + ( (uint64_t) ssl[3] << 32 ) | + ( (uint64_t) ssl[4] << 24 ) | + ( (uint64_t) ssl[5] << 16 ) | + ( (uint64_t) ssl[6] << 8 ) | + ( (uint64_t) ssl[7] ); ssl += 8; - printf( "\tstart: %lu\n", start ); + printf( "\tstart time : " ); + print_time( (time_t*) &start ); } - printf( "\tciphersuite: 0x%02X%02X\n", ssl[0], ssl[1] ); + CHECK_SSL_END( 2 ); + ciphersuite_id = ( (int) ssl[0] << 8 ) | (int) ssl[1]; + printf_dbg( "Ciphersuite ID: %d\n", ciphersuite_id ); ssl += 2; - printf( "\tcompression: 0x%02X\n", *ssl++ ); - printf( "\tid_len: 0x%02X\n", *ssl++ ); + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + if( ciphersuite_info == NULL ) + { + printf_err( "Cannot find ciphersuite info\n" ); + } + else + { + const mbedtls_cipher_info_t *cipher_info; + const mbedtls_md_info_t *md_info; + + printf( "\tciphersuite : %s\n", ciphersuite_info->name ); + printf( "\tcipher flags : 0x%02X\n", ciphersuite_info->flags ); - printf( "\tsession ID: "); - print_hex( ssl, 32 ); + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); + if( cipher_info == NULL ) + { + printf_err( "Cannot find cipher info\n" ); + } + else + { + printf( "\tcipher : %s\n", cipher_info->name ); + } + + md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); + if( md_info == NULL ) + { + printf_err( "Cannot find Message-Digest info\n" ); + } + else + { + printf( "\tMessage-Digest : %s\n", md_info->name ); + } + } + + CHECK_SSL_END( 1 ); + printf( "\tcompression : %s\n", get_enabled_str( *ssl++ ) ); + + /* Note - Here we can get session ID length from serialized data, but we + * use hardcoded 32-bytes length. This approach was taken from + * 'mbedtls_ssl_session_load()'. */ + CHECK_SSL_END( 1 + 32 ); + printf_dbg( "Session id length: %u\n", (uint32_t) *ssl++ ); + printf( "\tsession ID : "); + print_hex( ssl, 32, 16, "\t " ); ssl += 32; - printf( "\tmaster: "); - print_hex( ssl, 48 ); + printf( "\tmaster secret : "); + CHECK_SSL_END( 48 ); + print_hex( ssl, 48, 16, "\t " ); ssl += 48; + CHECK_SSL_END( 4 ); verify_result = ( (uint32_t) ssl[0] << 24 ) | ( (uint32_t) ssl[1] << 16 ) | ( (uint32_t) ssl[2] << 8 ) | ( (uint32_t) ssl[3] ); ssl += 4; - printf( "\tverify_result: %u\n", verify_result ); + printf( "\tverify result : 0x%08X\n", verify_result ); if( SESSION_CONFIG_CRT_BIT & session_cfg_flag ) { - if( keep_peer_certificate ) + if( conf_keep_peer_certificate ) { + CHECK_SSL_END( 3 ); cert_len = ( (uint32_t) ssl[0] << 16 ) | ( (uint32_t) ssl[1] << 8 ) | ( (uint32_t) ssl[2] ); ssl += 3; - printf_dbg( "cert_len: %u\n", cert_len ); + printf_dbg( "Certificate length: %u\n", cert_len ); if( cert_len > 0 ) { - /* TODO: cert */ - printf( "TODO: cert\n" ); + CHECK_SSL_END( cert_len ); + print_deserialized_ssl_cert( ssl, cert_len ); ssl += cert_len; } } else { - peer_cert_digest_type = (mbedtls_md_type_t) *ssl++; - printf( "\tpeer_cert_digest_type: %d\n", (int)peer_cert_digest_type ); + printf( "\tPeer digest : " ); + + CHECK_SSL_END( 1 ); + switch( (mbedtls_md_type_t) *ssl++ ) + { + case MBEDTLS_MD_NONE: + printf( "none\n" ); + break; + case MBEDTLS_MD_MD2: + printf( "MD2\n" ); + break; + case MBEDTLS_MD_MD4: + printf( "MD4\n" ); + break; + case MBEDTLS_MD_MD5: + printf( "MD5\n" ); + break; + case MBEDTLS_MD_SHA1: + printf( "SHA1\n" ); + break; + case MBEDTLS_MD_SHA224: + printf( "SHA224\n" ); + break; + case MBEDTLS_MD_SHA256: + printf( "SHA256\n" ); + break; + case MBEDTLS_MD_SHA384: + printf( "SHA384\n" ); + break; + case MBEDTLS_MD_SHA512: + printf( "SHA512\n" ); + break; + case MBEDTLS_MD_RIPEMD160: + printf( "RIPEMD160\n" ); + break; + default: + printf( "undefined or erroneous\n" ); + break; + } - peer_cert_digest_len = (uint32_t) *ssl++; - printf_dbg( "peer_cert_digest_len: %u\n", peer_cert_digest_len ); + CHECK_SSL_END( 1 ); + cert_len = (uint32_t) *ssl++; + printf_dbg( "Message-Digest length: %u\n", cert_len ); - if( peer_cert_digest_len > 0 ) + if( cert_len > 0 ) { - /* TODO: peer_cert_digest */ - printf( "TODO: peer_cert_digest\n" ); - ssl += peer_cert_digest_len; + printf( "\tPeer digest cert : " ); + CHECK_SSL_END( cert_len ); + print_hex( ssl, cert_len, 16, "\t " ); + ssl += cert_len; } } } if( SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag ) { + printf( "\nTicket:\n" ); + + CHECK_SSL_END( 3 ); ticket_len = ( (uint32_t) ssl[0] << 16 ) | ( (uint32_t) ssl[1] << 8 ) | ( (uint32_t) ssl[2] ); ssl += 3; - printf_dbg( "ticket_len: %u\n", ticket_len ); + printf_dbg( "Ticket length: %u\n", ticket_len ); if( ticket_len > 0 ) { - /* TODO ticket dump */ - printf( "TODO ticket dump\n" ); + printf( "\t" ); + CHECK_SSL_END( ticket_len ); + print_hex( ssl, ticket_len, 22, "\t" ); ssl += ticket_len; + printf( "\n" ); } + CHECK_SSL_END( 4 ); ticket_lifetime = ( (uint32_t) ssl[0] << 24 ) | ( (uint32_t) ssl[1] << 16 ) | ( (uint32_t) ssl[2] << 8 ) | ( (uint32_t) ssl[3] ); ssl += 4; - printf( "\tticket_lifetime: %u\n", ticket_lifetime ); + printf( "\tlifetime : %u sec.\n", ticket_lifetime ); + } + + if( ssl < end ) + { + printf( "\nSession others:\n" ); } if( SESSION_CONFIG_MFL_BIT & session_cfg_flag ) { - printf( "\tmfl_code: 0x%02X\n", *ssl++ ); + CHECK_SSL_END( 1 ); + printf( "\tMFL : %s\n", get_mfl_str( *ssl++ ) ); } if( SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag ) { - printf( "\ttrunc_hmac: 0x%02X\n", *ssl++ ); + CHECK_SSL_END( 1 ); + printf( "\tnegotiate truncated HMAC : %s\n", get_enabled_str( *ssl++ ) ); } if( SESSION_CONFIG_ETM_BIT & session_cfg_flag ) { - printf( "\tencrypt_then_mac: 0x%02X\n", *ssl++ ); + CHECK_SSL_END( 1 ); + printf( "\tEncrypt-then-MAC : %s\n", get_enabled_str( *ssl++ ) ); } if( 0 != ( end - ssl ) ) @@ -477,20 +730,18 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, */ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) { - /* TODO: which versions are compatible */ - /* TODO: add checking len */ const uint8_t *end = ssl + len; + uint32_t session_len; int session_cfg_flag; int context_cfg_flag; - uint32_t session_len; - /* TODO is DTLS compiled? */ - char dtls_used = 1; printf( "\nMbed TLS version:\n" ); - printf( "\tmajor:\t%u\n", (uint32_t) *ssl++ ); - printf( "\tminor:\t%u\n", (uint32_t) *ssl++ ); - printf( "\tpath:\t%u\n", (uint32_t) *ssl++ ); + CHECK_SSL_END( 3 + 2 + 3 ); + + printf( "\tmajor %u\n", (uint32_t) *ssl++ ); + printf( "\tminor %u\n", (uint32_t) *ssl++ ); + printf( "\tpath %u\n", (uint32_t) *ssl++ ); printf( "\nEnabled session and context configuration:\n" ); @@ -518,103 +769,140 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag ); print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag ); + CHECK_SSL_END( 4 ); session_len = ( (uint32_t) ssl[0] << 24 ) | ( (uint32_t) ssl[1] << 16 ) | ( (uint32_t) ssl[2] << 8 ) | ( (uint32_t) ssl[3] ); ssl += 4; - printf_dbg( "session length %u\n", session_len ); + printf_dbg( "Session length %u\n", session_len ); + CHECK_SSL_END( session_len ); print_deserialized_ssl_session( ssl, session_len, session_cfg_flag ); ssl += session_len; - /* TODO ssl_populate_transform */ - printf( "\nRandom bytes: \n"); - print_hex( ssl, TRANSFORM_RANDBYTE_LEN ); - printf( "TODO: ssl_populate_transform\n"); + printf( "\nRandom bytes:\n\t"); + + CHECK_SSL_END( TRANSFORM_RANDBYTE_LEN ); + print_hex( ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t" ); ssl += TRANSFORM_RANDBYTE_LEN; + printf( "\nContext others:\n" ); + if( CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag ) { uint8_t cid_len; - printf( "\nDTLS connection ID:\n" ); + CHECK_SSL_END( 1 ); cid_len = *ssl++; - printf_dbg( "in_cid_len %u\n", (uint32_t) cid_len ); + printf_dbg( "In CID length %u\n", (uint32_t) cid_len ); - printf( "\tin_cid:" ); - print_hex( ssl, cid_len ); - ssl += cid_len; + printf( "\tin CID : " ); + if( cid_len > 0 ) + { + CHECK_SSL_END( cid_len ); + print_hex( ssl, cid_len, 20, "\t" ); + ssl += cid_len; + } + else + { + printf( "none\n" ); + } + CHECK_SSL_END( 1 ); cid_len = *ssl++; - printf_dbg( "out_cid_len %u\n", (uint32_t) cid_len ); + printf_dbg( "Out CID length %u\n", (uint32_t) cid_len ); - printf( "\tout_cid:" ); - print_hex( ssl, cid_len ); - ssl += cid_len; + printf( "\tout CID : " ); + if( cid_len > 0 ) + { + CHECK_SSL_END( cid_len ); + print_hex( ssl, cid_len, 20, "\t" ); + ssl += cid_len; + } + else + { + printf( "none\n" ); + } } if( CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag ) { - uint32_t badmac_seen = ( (uint32_t) ssl[0] << 24 ) | - ( (uint32_t) ssl[1] << 16 ) | - ( (uint32_t) ssl[2] << 8 ) | - ( (uint32_t) ssl[3] ); + uint32_t badmac_seen; + + CHECK_SSL_END( 4 ); + badmac_seen = ( (uint32_t) ssl[0] << 24 ) | + ( (uint32_t) ssl[1] << 16 ) | + ( (uint32_t) ssl[2] << 8 ) | + ( (uint32_t) ssl[3] ); ssl += 4; - printf( "\tibadmac_seen: %d\n", badmac_seen ); + printf( "\tbad MAC seen number : %u\n", badmac_seen ); - printf( "\tin_window_top: " ); - print_hex( ssl, 8 ); + /* value 'in_window_top' from mbedtls_ssl_context */ + printf( "\tlast validated record sequence no. : " ); + CHECK_SSL_END( 8 ); + print_hex( ssl, 8, 20, "" ); ssl += 8; - printf( "\twindow_top: " ); - print_hex( ssl, 8 ); + /* value 'in_window' from mbedtls_ssl_context */ + printf( "\tbitmask for replay detection : " ); + CHECK_SSL_END( 8 ); + print_hex( ssl, 8, 20, "" ); ssl += 8; } - if( dtls_used ) + if( conf_dtls_proto ) { - printf( "\tDTLS datagram packing: %s\n", - ( ( *ssl++ ) == 0 ) ? - "enabled" : "disabled" ); + CHECK_SSL_END( 1 ); + printf( "\tDTLS datagram packing : %s\n", + get_enabled_str( ! ( *ssl++ ) ) ); } - printf( "\tcur_out_ctr: "); - print_hex( ssl, 8 ); + /* value 'cur_out_ctr' from mbedtls_ssl_context */ + printf( "\toutgoing record sequence no. : "); + CHECK_SSL_END( 8 ); + print_hex( ssl, 8, 20, "" ); ssl += 8; - if( dtls_used ) + if( conf_dtls_proto ) { - uint16_t mtu = ( ssl[0] << 8 ) | ssl[1]; + uint16_t mtu; + CHECK_SSL_END( 2 ); + mtu = ( ssl[0] << 8 ) | ssl[1]; ssl += 2; - printf( "\tMTU: %u\n", mtu ); + printf( "\tMTU : %u\n", mtu ); } if( CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag ) { - uint8_t alpn_len = *ssl++; + uint8_t alpn_len; + + CHECK_SSL_END( 1 ); + alpn_len = *ssl++; + printf_dbg( "ALPN length %u\n", (uint32_t) alpn_len ); + + printf( "\tALPN negotiation : " ); + CHECK_SSL_END( alpn_len ); if( alpn_len > 0 ) { if( strlen( (const char*) ssl ) == alpn_len ) { - printf( "\talpn_chosen: %s\n", ssl ); + printf( "%s\n", ssl ); } else { - printf_err( "\talpn_len is incorrect\n" ); + printf( "\n" ); + printf_err( "\tALPN negotiation is incorrect\n" ); } ssl += alpn_len; } else { - printf( "\talpn_chosen: not selected\n" ); + printf( "not selected\n" ); } } - /* TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); */ - printf( "TODO: check mbedtls_ssl_update_out_pointers( ssl, ssl->transform );\n" ); - if( 0 != ( end - ssl ) ) { printf_err( "%i bytes left to analyze from context\n", (int32_t)( end - ssl ) ); @@ -641,13 +929,10 @@ int main( int argc, char *argv[] ) { int ret; - printf( "%u. Deserializing...\n", ++b64_counter ); + printf( "\nDeserializing number %u:\n", ++b64_counter ); - if( debug ) - { - printf( "\nBase64 code:\n" ); - print_b64( b64, b64_len ); - } + printf( "\nBase64 code:\n" ); + print_b64( b64, b64_len ); ret = mbedtls_base64_decode( ssl, SSLBUF_LEN, &ssl_len, b64, b64_len ); if( ret != 0) @@ -659,8 +944,8 @@ int main( int argc, char *argv[] ) if( debug ) { - printf( "\nDecoded data in hex:\n"); - print_hex( ssl, ssl_len ); + printf( "\nDecoded data in hex:\n\t"); + print_hex( ssl, ssl_len, 25, "\t" ); } print_deserialized_ssl_context( ssl, ssl_len ); From f86192f72aac275da73a00ed605e4734d0d61a26 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Thu, 26 Mar 2020 11:45:42 +0100 Subject: [PATCH 113/138] Add support for Microsoft Visual Studio Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_base64_dump.c | 4 + visualc/VS2010/mbedTLS.sln | 13 ++ visualc/VS2010/ssl_base64_dump.vcxproj | 177 +++++++++++++++++++++++++ 3 files changed, 194 insertions(+) create mode 100644 visualc/VS2010/ssl_base64_dump.vcxproj diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_base64_dump.c index e4bd150b7d46..3a8b44cb5c32 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_base64_dump.c @@ -19,6 +19,10 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #include #include #include diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 73102e1a98f6..2b0c519c611a 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -168,6 +168,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2. {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_base64_dump", "ssl_base64_dump.vcxproj", "{5B8122A8-D506-B642-BAA1-6030EEBA7446}" + ProjectSection(ProjectDependencies) = postProject + {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} + EndProjectSection +EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -538,6 +543,14 @@ Global {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32 {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64 {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|Win32.ActiveCfg = Debug|Win32 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|Win32.Build.0 = Debug|Win32 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|x64.ActiveCfg = Debug|x64 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|x64.Build.0 = Debug|x64 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|Win32.ActiveCfg = Release|Win32 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|Win32.Build.0 = Release|Win32 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|x64.ActiveCfg = Release|x64 + {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|x64.Build.0 = Release|x64 {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32 {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32 {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/ssl_base64_dump.vcxproj b/visualc/VS2010/ssl_base64_dump.vcxproj new file mode 100644 index 000000000000..2b088e178b8a --- /dev/null +++ b/visualc/VS2010/ssl_base64_dump.vcxproj @@ -0,0 +1,177 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + {46cf2d25-6a36-4189-b59c-e4815388e554} + true + + + + {5B8122A8-D506-B642-BAA1-6030EEBA7446} + Win32Proj + ssl_base64_dump + + + + Application + true + Unicode + + + Application + true + Unicode + + + Application + false + true + Unicode + + + Application + false + true + Unicode + + + + + + + + + + + + + + + + + + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + Level3 + + + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib + + + Console + true + true + true + Release + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + + + + + Level3 + + + MaxSpeed + true + true + WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib + + + Console + true + true + true + Release + %(AdditionalDependencies); + + + + + + From bc876d45161d537bd192eb12cf65f06a1af31ad3 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Thu, 26 Mar 2020 12:49:15 +0100 Subject: [PATCH 114/138] Rename program 'ssl_base64_dump' to 'ssl_context_info' Signed-off-by: Piotr Nowicki --- programs/.gitignore | 2 +- programs/Makefile | 8 ++++---- programs/ssl/CMakeLists.txt | 4 ++-- .../{ssl_base64_dump.c => ssl_context_info.c} | 2 +- visualc/VS2010/mbedTLS.sln | 18 +++++++++--------- ...4_dump.vcxproj => ssl_context_info.vcxproj} | 6 +++--- 6 files changed, 20 insertions(+), 20 deletions(-) rename programs/ssl/{ssl_base64_dump.c => ssl_context_info.c} (99%) rename visualc/VS2010/{ssl_base64_dump.vcxproj => ssl_context_info.vcxproj} (96%) diff --git a/programs/.gitignore b/programs/.gitignore index 2fd5b21ebae2..b2685a9e0184 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -40,12 +40,12 @@ ssl/dtls_client ssl/dtls_server ssl/ssl_client1 ssl/ssl_client2 +ssl/ssl_context_info ssl/ssl_fork_server ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 -ssl/ssl_base64_dump ssl/mini_client test/benchmark test/ecp-bench diff --git a/programs/Makefile b/programs/Makefile index 9ae8f459bfad..68bcfc2e1373 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -84,7 +84,7 @@ APPS = \ ssl/ssl_client2$(EXEXT) \ ssl/ssl_server$(EXEXT) \ ssl/ssl_server2$(EXEXT) \ - ssl/ssl_base64_dump$(EXEXT) \ + ssl/ssl_context_info$(EXEXT) \ ssl/ssl_fork_server$(EXEXT) \ ssl/mini_client$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) \ @@ -283,9 +283,9 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -ssl/ssl_base64_dump$(EXEXT): ssl/ssl_base64_dump.c test/query_config.c $(DEP) - echo " CC ssl/ssl_base64_dump.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_base64_dump.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.c $(DEP) + echo " CC ssl/ssl_context_info.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP) echo " CC ssl/ssl_fork_server.c" diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 0e6c6324b18a..481e2b0eeaa7 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -44,8 +44,8 @@ add_executable(ssl_server2 ssl_server2.c) target_sources(ssl_server2 PUBLIC ../test/query_config.c) target_link_libraries(ssl_server2 ${libs}) -add_executable(ssl_base64_dump ssl_base64_dump.c) -target_link_libraries(ssl_base64_dump ${libs}) +add_executable(ssl_context_info ssl_context_info.c) +target_link_libraries(ssl_context_info ${libs}) add_executable(ssl_fork_server ssl_fork_server.c) target_link_libraries(ssl_fork_server ${libs}) diff --git a/programs/ssl/ssl_base64_dump.c b/programs/ssl/ssl_context_info.c similarity index 99% rename from programs/ssl/ssl_base64_dump.c rename to programs/ssl/ssl_context_info.c index 3a8b44cb5c32..f35f735020a4 100644 --- a/programs/ssl/ssl_base64_dump.c +++ b/programs/ssl/ssl_context_info.c @@ -40,7 +40,7 @@ /* * This program version */ -#define PROG_NAME "ssl_base64_dump" +#define PROG_NAME "ssl_context_info" #define VER_MAJOR 0 #define VER_MINOR 1 diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 2b0c519c611a..6969bbb212b1 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -168,7 +168,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2. {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_base64_dump", "ssl_base64_dump.vcxproj", "{5B8122A8-D506-B642-BAA1-6030EEBA7446}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_context_info", "ssl_context_info.vcxproj", "{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -543,14 +543,14 @@ Global {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32 {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64 {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|Win32.ActiveCfg = Debug|Win32 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|Win32.Build.0 = Debug|Win32 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|x64.ActiveCfg = Debug|x64 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Debug|x64.Build.0 = Debug|x64 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|Win32.ActiveCfg = Release|Win32 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|Win32.Build.0 = Release|Win32 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|x64.ActiveCfg = Release|x64 - {5B8122A8-D506-B642-BAA1-6030EEBA7446}.Release|x64.Build.0 = Release|x64 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.ActiveCfg = Debug|Win32 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.Build.0 = Debug|Win32 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.ActiveCfg = Debug|x64 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.Build.0 = Debug|x64 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.ActiveCfg = Release|Win32 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.Build.0 = Release|Win32 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.ActiveCfg = Release|x64 + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.Build.0 = Release|x64 {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32 {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32 {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/ssl_base64_dump.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj similarity index 96% rename from visualc/VS2010/ssl_base64_dump.vcxproj rename to visualc/VS2010/ssl_context_info.vcxproj index 2b088e178b8a..f25229874a7c 100644 --- a/visualc/VS2010/ssl_base64_dump.vcxproj +++ b/visualc/VS2010/ssl_context_info.vcxproj @@ -19,7 +19,7 @@ - + @@ -28,9 +28,9 @@ - {5B8122A8-D506-B642-BAA1-6030EEBA7446} + {017ECC7D-FB6D-46D8-076B-F64172E8E3BC} Win32Proj - ssl_base64_dump + ssl_context_info From 02cc3fb070d316416806f27a92b08fea4fabcd9e Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Mon, 30 Mar 2020 17:09:33 +0200 Subject: [PATCH 115/138] Add dynamic buffer allocation and size checking Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_context_info.c | 179 +++++++++++++++++++++++++++----- 1 file changed, 153 insertions(+), 26 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index f35f735020a4..2c3e0e714257 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -62,6 +62,27 @@ #define TRANSFORM_RANDBYTE_LEN 64 +/* + * Minimum and maximum number of bytes for specific data: context, sessions, + * certificates, tickets and buffers in the program. The context and session + * size values have been calculated based on the 'print_deserialized_ssl_context()' + * and 'print_deserialized_ssl_session()' content. + */ +#define MIN_CONTEXT_LEN 84 +#define MIN_SESSION_LEN 88 + +#define MAX_CONTEXT_LEN 875 /* without session data */ +#define MAX_SESSION_LEN 109 /* without certificate and ticket data */ +#define MAX_CERTIFICATE_LEN ( ( 1 << 24 ) - 1 ) +#define MAX_TICKET_LEN ( ( 1 << 24 ) - 1 ) + +#define MIN_SERIALIZED_DATA ( MIN_CONTEXT_LEN + MIN_SESSION_LEN ) +#define MAX_SERIALIZED_DATA ( MAX_CONTEXT_LEN + MAX_SESSION_LEN + \ + MAX_CERTIFICATE_LEN + MAX_TICKET_LEN ) + +#define MIN_BASE64_LEN ( MIN_SERIALIZED_DATA * 4 / 3 ) +#define MAX_BASE64_LEN ( MAX_SERIALIZED_DATA * 4 / 3 + 3 ) + /* * A macro that prevents from reading out of the ssl buffer range. */ @@ -82,6 +103,7 @@ FILE *b64_file = NULL; /* file with base64 codes to deserialize char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */ char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */ char debug = 0; /* flag for debug messages */ +const char alloc_err[] = "Cannot allocate memory\n"; const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n"; /* @@ -327,16 +349,20 @@ const char * get_mfl_str( int mfl_code ) * previously. After each call to this function, the internal file position * indicator of the global b64_file is advanced. * - * /p b64 buffer for input data - * /p max_len the maximum number of bytes to write + * Note - This function checks the size of the input buffer and if necessary, + * increases it to the maximum MAX_BASE64_LEN + * + * /p b64 pointer to the pointer of the buffer for input data + * /p max_len pointer to the current buffer capacity. It can be changed if + * the buffer needs to be increased * * \retval number of bytes written in to the b64 buffer or 0 in case no more * data was found */ -size_t read_next_b64_code( uint8_t *b64, size_t max_len ) +size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) { + int valid_balance = 0; /* balance between valid and invalid characters */ size_t len = 0; - uint32_t missed = 0; char pad = 0; char c = 0; @@ -346,9 +372,9 @@ size_t read_next_b64_code( uint8_t *b64, size_t max_len ) c = (char) fgetc( b64_file ); - if( pad == 1 ) + if( pad > 0 ) { - if( c == '=' ) + if( c == '=' && pad == 1 ) { c_valid = 1; pad = 2; @@ -379,22 +405,74 @@ size_t read_next_b64_code( uint8_t *b64, size_t max_len ) if( c_valid ) { - if( len < max_len ) + /* A string of characters that could be a base64 code. */ + valid_balance++; + + if( len < *max_len ) + { + ( *b64 )[ len++ ] = c; + } + else if( *max_len < MAX_BASE64_LEN ) { - b64[ len++ ] = c; + /* Current buffer is too small, but can be resized. */ + void *ptr; + size_t new_size = ( MAX_BASE64_LEN - 4096 > *max_len ) ? + *max_len + 4096 : MAX_BASE64_LEN; + + ptr = realloc( *b64, new_size ); + if( NULL == ptr ) + { + printf_err( alloc_err ); + return 0; + } + *b64 = ptr; + *max_len = new_size; + ( *b64 )[ len++ ] = c; } else { - missed++; + /* Too much data so it will be treated as invalid */ + len++; } } else if( len > 0 ) { - if( missed > 0 ) + /* End of a string that could be a base64 code, but need to check + * that the length of the characters is correct. */ + + valid_balance--; + + if( len < MIN_CONTEXT_LEN ) { - printf_err( "Buffer for the base64 code is too small. Missed %u characters\n", missed ); + printf_dbg( "The code found is too small to be a SSL context.\n" ); + len = pad = 0; + } + else if( len > *max_len ) + { + printf_err( "The code found is too large by %u bytes.\n", len - *max_len ); + len = pad = 0; + } + else if( len % 4 != 0 ) + { + printf_err( "The length of the base64 code found should be a multiple of 4.\n" ); + len = pad = 0; + } + else + { + /* Base64 code with valid character length. */ + return len; } - return len; + } + else + { + valid_balance--; + } + + /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */ + if( valid_balance < -100 ) + { + printf_err( "Too many bad symbols detected. File check aborted.\n" ); + return 0; } } @@ -714,11 +792,17 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, * the context when serialization was created. * * The data structure in the buffer: + * // header + * uint8 version[3]; + * uint8 configuration[5]; * // session sub-structure + * uint32_t session_len; * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() * // transform sub-structure * uint8 random[64]; // ServerHello.random+ClientHello.random + * uint8 in_cid_len; * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value + * uint8 out_cid_len; * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use * // fields from ssl_context * uint32 badmac_seen; // DTLS: number of records with failing MAC @@ -727,6 +811,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, * uint8 disable_datagram_packing; // DTLS: only one record per datagram * uint64 cur_out_ctr; // Record layer: outgoing sequence number * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) + * uint8 alpn_chosen_len; * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol * * /p ssl pointer to serialized session @@ -916,43 +1001,75 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) int main( int argc, char *argv[] ) { - enum { B64BUF_LEN = 4 * 1024 }; - enum { SSLBUF_LEN = B64BUF_LEN * 3 / 4 + 1 }; + enum { SSL_INIT_LEN = 4096 }; - uint8_t b64[ B64BUF_LEN ]; - uint8_t ssl[ SSLBUF_LEN ]; uint32_t b64_counter = 0; - + uint8_t *b64_buf = NULL; + uint8_t *ssl_buf = NULL; + size_t b64_max_len = SSL_INIT_LEN; + size_t ssl_max_len = SSL_INIT_LEN; + size_t ssl_len = 0; + + /* The 'b64_file' is opened when parsing arguments to check that the + * file name is correct */ parse_arguments( argc, argv ); + if( NULL != b64_file ) + { + b64_buf = malloc( SSL_INIT_LEN ); + ssl_buf = malloc( SSL_INIT_LEN ); + + if( NULL == b64_buf || NULL == ssl_buf ) + { + printf_err( alloc_err ); + fclose( b64_file ); + b64_file = NULL; + } + } + while( NULL != b64_file ) { - size_t ssl_len; - size_t b64_len = read_next_b64_code( b64, B64BUF_LEN ); + size_t b64_len = read_next_b64_code( &b64_buf, &b64_max_len ); if( b64_len > 0) { int ret; + size_t ssl_required_len = b64_len * 3 / 4 + 1; + + /* Allocate more memory if necessary. */ + if( ssl_required_len > ssl_max_len ) + { + void *ptr = realloc( ssl_buf, ssl_required_len ); + if( NULL == ptr ) + { + printf_err( alloc_err ); + fclose( b64_file ); + b64_file = NULL; + break; + } + ssl_buf = ptr; + ssl_max_len = ssl_required_len; + } printf( "\nDeserializing number %u:\n", ++b64_counter ); printf( "\nBase64 code:\n" ); - print_b64( b64, b64_len ); + print_b64( b64_buf, b64_len ); - ret = mbedtls_base64_decode( ssl, SSLBUF_LEN, &ssl_len, b64, b64_len ); + ret = mbedtls_base64_decode( ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len ); if( ret != 0) { - mbedtls_strerror( ret, (char*) b64, B64BUF_LEN ); - printf_err( "base64 code cannot be decoded - %s\n", b64 ); + mbedtls_strerror( ret, (char*) b64_buf, b64_max_len ); + printf_err( "base64 code cannot be decoded - %s\n", b64_buf ); continue; } if( debug ) { printf( "\nDecoded data in hex:\n\t"); - print_hex( ssl, ssl_len, 25, "\t" ); + print_hex( ssl_buf, ssl_len, 25, "\t" ); } - print_deserialized_ssl_context( ssl, ssl_len ); + print_deserialized_ssl_context( ssl_buf, ssl_len ); } else @@ -962,7 +1079,17 @@ int main( int argc, char *argv[] ) } } - printf_dbg( "Finish. Found %u base64 codes\n", b64_counter ); + free( b64_buf ); + free( ssl_buf ); + + if( b64_counter > 0 ) + { + printf_dbg( "Finished. Found %u base64 codes\n", b64_counter ); + } + else + { + printf( "Finished. No valid base64 code found\n" ); + } return 0; } From 97dcb1c8f2b14dae88055ae5e86083f1bbce6eae Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Thu, 9 Apr 2020 17:00:57 +0200 Subject: [PATCH 116/138] Add required configuration to the ssl_context_info Required: MBEDTLS_X509_CRT_PARSE_C MBEDTLS_ERROR_C Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_context_info.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 2c3e0e714257..9bea31c69024 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -19,12 +19,27 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE #endif #include #include + +#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) +int main( void ) +{ + printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n"); + return( 0 ); +} +#else + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #include #include #include @@ -45,7 +60,7 @@ #define VER_MINOR 1 /* - * Flags copied from the mbedTLS library. + * Flags copied from the Mbed TLS library. */ #define SESSION_CONFIG_TIME_BIT ( 1 << 0 ) #define SESSION_CONFIG_CRT_BIT ( 1 << 1 ) @@ -117,7 +132,7 @@ void print_version( ) void print_usage( ) { print_version(); - printf( "\nThis program is used to deserialize an mbedTLS SSL session from the base64 code provided\n" + printf( "\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" "in the text file. The program can deserialize many codes from one file, but they must be\n" "separated, e.g. by a newline.\n\n" ); printf( @@ -126,11 +141,11 @@ void print_usage( ) "\t-v - Show version\n" "\t-h - Show this usage\n" "\t-d - Print more information\n" - "\t--keep-peer-cert=0 - Use this option if you know that the mbedTLS library\n" + "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n" "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n" "\t flag. You can also use it if there are some problems with reading\n" "\t the information about certificate\n" - "\t--dtls-protocol=0 - Use this option if you know that the mbedTLS library\n" + "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n" "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n" "\n" ); @@ -1093,3 +1108,5 @@ int main( int argc, char *argv[] ) return 0; } + +#endif /* MBEDTLS_X509_CRT_PARSE_C */ From 1605074f9796cb4d0c05b48485c9c7aeb08f4441 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 14 Apr 2020 09:49:52 -0400 Subject: [PATCH 117/138] Guard from undefined behaviour in case of an INT_MAX max_pathlen When parsing a certificate with the basic constraints extension the max_pathlen that was read from it was incremented regardless of its value. However, if the max_pathlen is equal to INT_MAX (which is highly unlikely), an undefined behaviour would occur. This commit adds a check to ensure that such value is not accepted as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced. Certificates added in this commit were generated using the test_suite_x509write, function test_x509_crt_check. Input data taken from the "Certificate write check Server1 SHA1" test case, so the generated files are like the "server1.crt", but with the "is_ca" field set to 1 and max_pathlen as described by the file name. Signed-off-by: Andrzej Kurek --- library/x509_crt.c | 6 ++++++ .../data_files/server1_pathlen_int_max-1.crt | 20 +++++++++++++++++++ tests/data_files/server1_pathlen_int_max.crt | 20 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++++ 4 files changed, 54 insertions(+) create mode 100644 tests/data_files/server1_pathlen_int_max-1.crt create mode 100644 tests/data_files/server1_pathlen_int_max.crt diff --git a/library/x509_crt.c b/library/x509_crt.c index 1e472303b169..1e62ed5b0688 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -524,6 +524,12 @@ static int x509_get_basic_constraints( unsigned char **p, return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer + * overflow, which is an undefined behavior. */ + if( *max_pathlen == INT_MAX ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + (*max_pathlen)++; return( 0 ); diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/server1_pathlen_int_max-1.crt new file mode 100644 index 000000000000..4944844d7db3 --- /dev/null +++ b/tests/data_files/server1_pathlen_int_max-1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o1YwVDASBgNVHRMECzAJAQH/AgR////+MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs +Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG +9w0BAQUFAAOCAQEAfuvq7FomQTSJmGInVwQjQddgoXpnmCZ97TpVq7jHLCFADowQ +jeiAsxmD8mwAQqw/By0U2PSmQcS7Vrn7Le0nFKNRYYrtpx5rsTFJzS/tQsgCe0Pf +zhiBgD1Dhw6PWAPmy+JlvhJF7REmFsM8KHQd0xSvJzB1gLN9FVlnd87C73bdDJZQ +Zdn977+Sn5anAFGHDWeKo8GYaYGnPBQqkX0Q2EKWR7yrwcKMogOevxELogB0jRj3 +L+nBpz7mO2J6XQ85ip+tLWAGCEHo0omAIQorAoCSqtLiaz47HxOdNK0hnM7V5k8P +05AVhxDa3WqZ9FmMaDc8j8XqmOgKYVMC4/WS0g== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/server1_pathlen_int_max.crt new file mode 100644 index 000000000000..517e0d678a79 --- /dev/null +++ b/tests/data_files/server1_pathlen_int_max.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o1YwVDASBgNVHRMECzAJAQH/AgR/////MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs +Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG +9w0BAQUFAAOCAQEAe5jPPMyWrKYGljJH2uh1gEh7KoYhmGIUfYu5A8Z2ou04yFZh +LDyWJnkE/qpNaIw3kPuoyGBTtADYzttPvxretUmaMyteOQe8DK/mmr8vl+gb54ZP +2jUE+R27Jp5GSGfl20LNVTBkKJloSyDaVzPI3ozje2lAsXsil8NTKbVJtfjZ9un+ +mGrpywSV7RpZC2PznGFdqQehwwnOscz0cVeMQqGcMRH3D5Bk2SjVexCaPu47QSyE +fNm6cATiNHjw/2dg5Aue7e4K+R6le+xY3Qy85Fq/lKDeMmbrJRrNyJ9lblCeihUd +qhkAEPelpaq5ZRM6cYJQoo0Ak64j4svjOZeF0g== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3099e632d6bb..7012e8e36acf 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1798,6 +1798,14 @@ X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRT ASN1 (pathlen is INT_MAX-1) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0 + X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH From 9978e6ee143b055d6edfd6ee8d76dfd0af989cf2 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Tue, 7 Apr 2020 16:07:05 +0200 Subject: [PATCH 118/138] Add tests for the ssl_context_info program Signed-off-by: Piotr Nowicki --- tests/context-info.sh | 431 ++++++++++++++++++ tests/data_files/base64/cli_cid.txt | 2 + tests/data_files/base64/cli_ciphersuite.txt | 2 + tests/data_files/base64/cli_def.txt | 2 + tests/data_files/base64/cli_min_cfg.txt | 2 + tests/data_files/base64/cli_no_alpn.txt | 3 + tests/data_files/base64/cli_no_keep_cert.txt | 2 + tests/data_files/base64/cli_no_mfl.txt | 2 + tests/data_files/base64/cli_no_packing.txt | 2 + tests/data_files/base64/def_b64_too_big_1.txt | 2 + tests/data_files/base64/def_b64_too_big_2.txt | 2 + tests/data_files/base64/def_b64_too_big_3.txt | 2 + tests/data_files/base64/def_bad_b64.txt | 2 + tests/data_files/base64/empty.txt | 0 tests/data_files/base64/mfl_1024.txt | 2 + tests/data_files/base64/mtu_10000.txt | 2 + tests/data_files/base64/srv_cid.txt | 2 + tests/data_files/base64/srv_ciphersuite.txt | 2 + tests/data_files/base64/srv_def.txt | 2 + tests/data_files/base64/srv_min_cfg.txt | 2 + tests/data_files/base64/srv_no_alpn.txt | 2 + tests/data_files/base64/srv_no_keep_cert.txt | 2 + tests/data_files/base64/srv_no_mfl.txt | 2 + tests/data_files/base64/srv_no_packing.txt | 2 + tests/data_files/base64/v2.19.1.txt | 2 + tests/scripts/all.sh | 23 + 26 files changed, 501 insertions(+) create mode 100755 tests/context-info.sh create mode 100644 tests/data_files/base64/cli_cid.txt create mode 100644 tests/data_files/base64/cli_ciphersuite.txt create mode 100644 tests/data_files/base64/cli_def.txt create mode 100644 tests/data_files/base64/cli_min_cfg.txt create mode 100644 tests/data_files/base64/cli_no_alpn.txt create mode 100644 tests/data_files/base64/cli_no_keep_cert.txt create mode 100644 tests/data_files/base64/cli_no_mfl.txt create mode 100644 tests/data_files/base64/cli_no_packing.txt create mode 100644 tests/data_files/base64/def_b64_too_big_1.txt create mode 100644 tests/data_files/base64/def_b64_too_big_2.txt create mode 100644 tests/data_files/base64/def_b64_too_big_3.txt create mode 100644 tests/data_files/base64/def_bad_b64.txt create mode 100644 tests/data_files/base64/empty.txt create mode 100644 tests/data_files/base64/mfl_1024.txt create mode 100644 tests/data_files/base64/mtu_10000.txt create mode 100644 tests/data_files/base64/srv_cid.txt create mode 100644 tests/data_files/base64/srv_ciphersuite.txt create mode 100644 tests/data_files/base64/srv_def.txt create mode 100644 tests/data_files/base64/srv_min_cfg.txt create mode 100644 tests/data_files/base64/srv_no_alpn.txt create mode 100644 tests/data_files/base64/srv_no_keep_cert.txt create mode 100644 tests/data_files/base64/srv_no_mfl.txt create mode 100644 tests/data_files/base64/srv_no_packing.txt create mode 100644 tests/data_files/base64/v2.19.1.txt diff --git a/tests/context-info.sh b/tests/context-info.sh new file mode 100755 index 000000000000..78aeb70f7c97 --- /dev/null +++ b/tests/context-info.sh @@ -0,0 +1,431 @@ +#!/bin/sh + +# context-info.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved +# +# This program is intended for testing the ssl_context_info program +# + +set -eu + +if ! cd "$(dirname "$0")"; then + exit 125 +fi + +# Variables + +THIS_SCRIPT_NAME=$(basename "$0") +PROG_PATH="../programs/ssl/ssl_context_info" +OUT_FILE="ssl_context_info.log" +IN_DIR="data_files/base64" + +USE_VALGRIND=0 + +T_COUNT=0 +T_PASSED=0 +T_FAILED=0 + + +# Functions + +print_usage() { + echo "Usage: $0 [options]" + printf " -h|--help\tPrint this help.\n" + printf " -m|--memcheck\tUse valgrind to check the memory.\n" +} + +# Print test name +print_name() { + printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ + "........................................................................" +} + +# Print header to the test output file +print_header() +{ + date="$(date)" + echo "******************************************************************" > $2 + echo "* File created by: $THIS_SCRIPT_NAME" >> $2 + echo "* Test name: $1" >> $2 + echo "* Date: $date" >> $2 + echo "* Command: $3" >> $2 + echo "******************************************************************" >> $2 + echo "" >> $2 +} + +# Print footer at the end of file +print_footer() +{ + echo "" >> $1 + echo "******************************************************************" >> $1 + echo "* End command" >> $1 + echo "******************************************************************" >> $1 + echo "" >> $1 +} + +# Use the arguments of this script +get_options() { + while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + print_usage + exit 0 + ;; + -m|--memcheck) + USE_VALGRIND=1 + ;; + *) + echo "Unknown argument: '$1'" + print_usage + exit 1 + ;; + esac + shift + done +} + +# Current test failed +fail() +{ + T_FAILED=$(( $T_FAILED + 1)) + FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" + + echo "FAIL" + echo " Error: $1" + + cp -f "$OUT_FILE" "$FAIL_OUT" + echo "Error: $1" >> "$FAIL_OUT" +} + +# Current test passed +pass() +{ + T_PASSED=$(( $T_PASSED + 1)) + echo "PASS" +} + +# Usage: run_test [ -arg ] [option [...]] +# Options: -m +# -n +# -u +run_test() +{ + TEST_NAME="$1" + RUN_CMD="$PROG_PATH -f $IN_DIR/$2" + + if [ "-arg" = "$3" ]; then + RUN_CMD="$RUN_CMD $4" + shift 4 + else + shift 2 + fi + + # prepend valgrind to our commands if active + if [ "$USE_VALGRIND" -gt 0 ]; then + RUN_CMD="valgrind --leak-check=full $RUN_CMD" + fi + + T_COUNT=$(( $T_COUNT + 1)) + print_name "$TEST_NAME" + + # run tested program + print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" + eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 + print_footer "$OUT_FILE" + + # check valgrind's results + if [ "$USE_VALGRIND" -gt 0 ]; then + if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && + grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null + then + fail "Memory error detected" + return + fi + fi + + # check other assertions + # lines beginning with == are added by valgrind, ignore them, because we already checked them before + # lines with 'Serious error when reading debug info', are valgrind issues as well + # lines beginning with * are added by this script, ignore too + while [ $# -gt 0 ] + do + case $1 in + "-m") + if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else + fail "pattern '$2' MUST be present in the output" + return + fi + ;; + + "-n") + if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then + fail "pattern '$2' MUST NOT be present in the output" + return + fi + ;; + + "-u") + if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then + fail "lines following pattern '$2' must be once in the output" + return + fi + ;; + + *) + echo "Unknown test: $1" >&2 + exit 1 + esac + shift 2 + done + + rm -f "$OUT_FILE" + + pass +} + +get_options "$@" + +# Tests + +run_test "Default configuration, server" \ + "srv_def.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 21$" \ + -u "path.* 0$" \ + -u "MBEDTLS_HAVE_TIME$" \ + -u "MBEDTLS_X509_CRT_PARSE_C$" \ + -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ + -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ + -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -u "MBEDTLS_SSL_ALPN$" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -n "Certificate" \ + -n "bytes left to analyze from context" + +run_test "Default configuration, client" \ + "cli_def.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 21$" \ + -u "path.* 0$" \ + -u "MBEDTLS_HAVE_TIME$" \ + -u "MBEDTLS_X509_CRT_PARSE_C$" \ + -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ + -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS$" \ + -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ + -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -u "MBEDTLS_SSL_ALPN$" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -u "cert. version .* 3$" \ + -u "serial number.* 02$" \ + -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ + -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ + -u "issued on.* 2019-02-10 14:44:06$" \ + -u "expires on.* 2029-02-10 14:44:06$" \ + -u "signed using.* RSA with SHA-256$" \ + -u "RSA key size.* 2048 bits$" \ + -u "basic constraints.* CA=false$" \ + -n "bytes left to analyze from context" + +run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ + "srv_ciphersuite.txt" \ + -n "ERROR" \ + -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ + +run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ + "cli_ciphersuite.txt" \ + -n "ERROR" \ + -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ + +run_test "No packing, server" \ + "srv_no_packing.txt" \ + -n "ERROR" \ + -u "DTLS datagram packing.* disabled" + +run_test "No packing, client" \ + "cli_no_packing.txt" \ + -n "ERROR" \ + -u "DTLS datagram packing.* disabled" + +run_test "DTLS CID, server" \ + "srv_cid.txt" \ + -n "ERROR" \ + -u "in CID.* DE AD" \ + -u "out CID.* BE EF" + +run_test "DTLS CID, client" \ + "cli_cid.txt" \ + -n "ERROR" \ + -u "in CID.* BE EF" \ + -u "out CID.* DE AD" + +run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ + "srv_no_mfl.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" + +run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ + "cli_no_mfl.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" + +run_test "No MBEDTLS_SSL_ALPN, server" \ + "srv_no_alpn.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_ALPN" + +run_test "No MBEDTLS_SSL_ALPN, client" \ + "cli_no_alpn.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_ALPN" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ + "srv_no_keep_cert.txt" \ + -arg "--keep-peer-cert=0" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00" \ + -u "compression.* disabled" \ + -u "DTLS datagram packing.* enabled" \ + -n "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ + "cli_no_keep_cert.txt" \ + -arg "--keep-peer-cert=0" \ + -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ + -u "cipher flags.* 0x00" \ + -u "compression.* disabled" \ + -u "DTLS datagram packing.* enabled" \ + -n "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ + "srv_no_keep_cert.txt" \ + -m "Deserializing" \ + -m "ERROR" + +run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ + "cli_no_keep_cert.txt" \ + -m "Deserializing" \ + -m "ERROR" + +run_test "Minimal configuration, server" \ + "srv_min_cfg.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ + -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ + -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -n "MBEDTLS_SSL_ALPN$" \ + +run_test "Minimal configuration, client" \ + "cli_min_cfg.txt" \ + -n "ERROR" \ + -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ + -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ + -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS$" \ + -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ + -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \ + -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ + -n "MBEDTLS_SSL_ALPN$" \ + +run_test "MTU=10000" \ + "mtu_10000.txt" \ + -n "ERROR" \ + -u "MTU.* 10000$" + +run_test "MFL=1024" \ + "mfl_1024.txt" \ + -n "ERROR" \ + -u "MFL.* 1024$" + +run_test "Older version (v2.19.1)" \ + "v2.19.1.txt" \ + -n "ERROR" \ + -u "major.* 2$" \ + -u "minor.* 19$" \ + -u "path.* 1$" \ + -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ + -u "Message-Digest.* SHA256$" \ + -u "compression.* disabled$" \ + -u "serial number.* 01:70:AF:40:B4:E6$" \ + -u "issuer name.* CN=ca$" \ + -u "subject name.* L=160001, OU=acc1, CN=device01$" \ + -u "issued on.* 2020-03-06 09:50:18$" \ + -u "expires on.* 2056-02-26 09:50:18$" \ + -u "signed using.* ECDSA with SHA256$" \ + -u "lifetime.* 0 sec.$" \ + -u "MFL.* none$" \ + -u "negotiate truncated HMAC.* disabled$" \ + -u "Encrypt-then-MAC.* enabled$" \ + -u "DTLS datagram packing.* enabled$" \ + -u "verify result.* 0x00000000$" \ + -n "bytes left to analyze from context" + +run_test "Wrong base64 format" \ + "def_bad_b64.txt" \ + -m "ERROR" \ + -u "The length of the base64 code found should be a multiple of 4" \ + -n "bytes left to analyze from context" + +run_test "Too much data at the beginning of base64 code" \ + "def_b64_too_big_1.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + +run_test "Too much data in the middle of base64 code" \ + "def_b64_too_big_2.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + +run_test "Too much data at the end of base64 code" \ + "def_b64_too_big_3.txt" \ + -m "ERROR" \ + -n "The length of the base64 code found should be a multiple of 4" \ + -u "bytes left to analyze from context" + +run_test "Empty file as input" \ + "empty.txt" \ + -u "Finished. No valid base64 code found" + +run_test "Not empty file without base64 code" \ + "../../context-info.sh" \ + -n "Deserializing" + +run_test "Binary file instead of text file" \ + "../../../programs/ssl/ssl_context_info" \ + -m "ERROR" \ + -u "Too many bad symbols detected. File check aborted" \ + -n "Deserializing" + + +# End of tests + +if [ $T_FAILED -eq 0 ]; then + printf "\nPASSED ( $T_COUNT tests )\n" +else + printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n" +fi + +exit $T_FAILED diff --git a/tests/data_files/base64/cli_cid.txt b/tests/data_files/base64/cli_cid.txt new file mode 100644 index 000000000000..8048aecb2db6 --- /dev/null +++ b/tests/data_files/base64/cli_cid.txt @@ -0,0 +1,2 @@ +// Client, CID 0xBEEF +AhUAAH8AAA8AAAQ8AAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRZtK1pHRuu/Uw+Y91KCaqMAHKWeVJvuqjiTaElrahsx+HYoZ1+8i5BMY1NOL/y4TR9qZdxY+7NvNrEdEoFgcI/DqUN0aKs0zAIPmk92pFnjnbro5LxWRm3JbtIFcG6PdN+9aAbISrewt6EERIPhS45aH+Si08NLrvM+CcEBfqBBqOD+4LCZqT8nDBtALJyRqiykibsAAFRgAAAAF6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4Cvu8C3q0AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA== diff --git a/tests/data_files/base64/cli_ciphersuite.txt b/tests/data_files/base64/cli_ciphersuite.txt new file mode 100644 index 000000000000..432978d195a0 --- /dev/null +++ b/tests/data_files/base64/cli_ciphersuite.txt @@ -0,0 +1,2 @@ +// TLS-RSA-WITH-AES-256-CCM-8 +AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file diff --git a/tests/data_files/base64/cli_def.txt b/tests/data_files/base64/cli_def.txt new file mode 100644 index 000000000000..ee47905f14de --- /dev/null +++ b/tests/data_files/base64/cli_def.txt @@ -0,0 +1,2 @@ +// Client context with default MbedTLS configuration +AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file diff --git a/tests/data_files/base64/cli_min_cfg.txt b/tests/data_files/base64/cli_min_cfg.txt new file mode 100644 index 000000000000..8c1ef88d8e89 --- /dev/null +++ b/tests/data_files/base64/cli_min_cfg.txt @@ -0,0 +1,2 @@ +// Minimal configuration +AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA= \ No newline at end of file diff --git a/tests/data_files/base64/cli_no_alpn.txt b/tests/data_files/base64/cli_no_alpn.txt new file mode 100644 index 000000000000..25923f642c22 --- /dev/null +++ b/tests/data_files/base64/cli_no_alpn.txt @@ -0,0 +1,3 @@ +// Without MBEDTLS_SSL_ALPN +AhUAAH8AAAYAAAQ8AAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQVUI/Wwt3q4XiqL74wCmkhAHKj0YgCvjZi3GKw0s7PJqjZzzLt+OuroC8Q2XeDf5nKKk8jkolZ+dXUftsPPizFgb2hGuYa4NhxXjiGlUpFEoXm7r78SwGfWxRgH5vJk6W3TdodkxTZkjMoWjlC2PANOHPeClw0szBmly7+s89LFZqnCXgyxE8xlv+l5IYSEPSj7UsmAAFRgAAAAF6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA + diff --git a/tests/data_files/base64/cli_no_keep_cert.txt b/tests/data_files/base64/cli_no_keep_cert.txt new file mode 100644 index 000000000000..5272a7cca860 --- /dev/null +++ b/tests/data_files/base64/cli_no_keep_cert.txt @@ -0,0 +1,2 @@ +// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA== \ No newline at end of file diff --git a/tests/data_files/base64/cli_no_mfl.txt b/tests/data_files/base64/cli_no_mfl.txt new file mode 100644 index 000000000000..5c1dfd9ff21f --- /dev/null +++ b/tests/data_files/base64/cli_no_mfl.txt @@ -0,0 +1,2 @@ +// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA= \ No newline at end of file diff --git a/tests/data_files/base64/cli_no_packing.txt b/tests/data_files/base64/cli_no_packing.txt new file mode 100644 index 000000000000..068276b47e39 --- /dev/null +++ b/tests/data_files/base64/cli_no_packing.txt @@ -0,0 +1,2 @@ +// Without DTLS packing +AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA== \ No newline at end of file diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt new file mode 100644 index 000000000000..0fe8a18f7f3b --- /dev/null +++ b/tests/data_files/base64/def_b64_too_big_1.txt @@ -0,0 +1,2 @@ +// Context with added '1234' at the begining to simulate too much data in the base64 code +1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/def_b64_too_big_2.txt b/tests/data_files/base64/def_b64_too_big_2.txt new file mode 100644 index 000000000000..7ec1dd04ab8e --- /dev/null +++ b/tests/data_files/base64/def_b64_too_big_2.txt @@ -0,0 +1,2 @@ +// Context with added '1234' in the middle of code to simulate too much data +AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7m1234gM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/def_b64_too_big_3.txt b/tests/data_files/base64/def_b64_too_big_3.txt new file mode 100644 index 000000000000..514754ce3147 --- /dev/null +++ b/tests/data_files/base64/def_b64_too_big_3.txt @@ -0,0 +1,2 @@ +// Context with added '1234' before '==' add the end to simulate too much data in the base64 code +AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA1234== diff --git a/tests/data_files/base64/def_bad_b64.txt b/tests/data_files/base64/def_bad_b64.txt new file mode 100644 index 000000000000..d7776588336d --- /dev/null +++ b/tests/data_files/base64/def_bad_b64.txt @@ -0,0 +1,2 @@ +// Context with added extra 'A' before '==' add the end to simulate bad length of base64 code +AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAAA== diff --git a/tests/data_files/base64/empty.txt b/tests/data_files/base64/empty.txt new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/data_files/base64/mfl_1024.txt b/tests/data_files/base64/mfl_1024.txt new file mode 100644 index 000000000000..58dbe5f284b7 --- /dev/null +++ b/tests/data_files/base64/mfl_1024.txt @@ -0,0 +1,2 @@ +// MFL=1024 +AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA=== \ No newline at end of file diff --git a/tests/data_files/base64/mtu_10000.txt b/tests/data_files/base64/mtu_10000.txt new file mode 100644 index 000000000000..dc7c9753384e --- /dev/null +++ b/tests/data_files/base64/mtu_10000.txt @@ -0,0 +1,2 @@ +// MTU=10000 +AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA== \ No newline at end of file diff --git a/tests/data_files/base64/srv_cid.txt b/tests/data_files/base64/srv_cid.txt new file mode 100644 index 000000000000..69aad5f7a72b --- /dev/null +++ b/tests/data_files/base64/srv_cid.txt @@ -0,0 +1,2 @@ +// Server, CID 0xDEAD +AhUAAH8AAA8AAABtAAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAACAAAAAAAAAAAAAAAAAAV6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4C3q0Cvu8AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA== diff --git a/tests/data_files/base64/srv_ciphersuite.txt b/tests/data_files/base64/srv_ciphersuite.txt new file mode 100644 index 000000000000..5ddca630dee0 --- /dev/null +++ b/tests/data_files/base64/srv_ciphersuite.txt @@ -0,0 +1,2 @@ +// TLS-RSA-WITH-AES-256-CCM-8 +AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file diff --git a/tests/data_files/base64/srv_def.txt b/tests/data_files/base64/srv_def.txt new file mode 100644 index 000000000000..ca8146196232 --- /dev/null +++ b/tests/data_files/base64/srv_def.txt @@ -0,0 +1,2 @@ +// Server context with default MbedTLS configuration +AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/srv_min_cfg.txt b/tests/data_files/base64/srv_min_cfg.txt new file mode 100644 index 000000000000..8be02882a075 --- /dev/null +++ b/tests/data_files/base64/srv_min_cfg.txt @@ -0,0 +1,2 @@ +// Minimal configuration +AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA \ No newline at end of file diff --git a/tests/data_files/base64/srv_no_alpn.txt b/tests/data_files/base64/srv_no_alpn.txt new file mode 100644 index 000000000000..afc51f9fdaef --- /dev/null +++ b/tests/data_files/base64/srv_no_alpn.txt @@ -0,0 +1,2 @@ +// Without MBEDTLS_SSL_ALPN +AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA \ No newline at end of file diff --git a/tests/data_files/base64/srv_no_keep_cert.txt b/tests/data_files/base64/srv_no_keep_cert.txt new file mode 100644 index 000000000000..be834b9ed9b8 --- /dev/null +++ b/tests/data_files/base64/srv_no_keep_cert.txt @@ -0,0 +1,2 @@ +// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +AhUAAAMAAAAAAABiAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAACAAABejCoUbOvW/qbIhlAKPDit31OByjhzXYt+rZNtvknHLV6MKhRMr8xnL27SNFX1iypTpQ7/ksAtPGXQjWvkQWfwAAABAAAAAAACAAA= diff --git a/tests/data_files/base64/srv_no_mfl.txt b/tests/data_files/base64/srv_no_mfl.txt new file mode 100644 index 000000000000..c684ec74be54 --- /dev/null +++ b/tests/data_files/base64/srv_no_mfl.txt @@ -0,0 +1,2 @@ +// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +AhUAAHcAAA4AAABsAAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAACAAAAAAAAAAAAAAAABXosMs1xs+Mj8BIL6v01qtHWV7w+psxGwLctaGSSL0aZeiwyzskPeDCL0isOzh+JoPgzS/mVtMc0GykGpZaFBugAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA \ No newline at end of file diff --git a/tests/data_files/base64/srv_no_packing.txt b/tests/data_files/base64/srv_no_packing.txt new file mode 100644 index 000000000000..bcc4228be074 --- /dev/null +++ b/tests/data_files/base64/srv_no_packing.txt @@ -0,0 +1,2 @@ +// Without DTLS packing +AhUAAH8AAA4AAABtAAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAACAAAAAAAAAAAAAAAAAAV6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/v2.19.1.txt b/tests/data_files/base64/v2.19.1.txt new file mode 100644 index 000000000000..b910e333f5f1 --- /dev/null +++ b/tests/data_files/base64/v2.19.1.txt @@ -0,0 +1,2 @@ +// Context creaded by MbedTLS v.2.19.1 +AhMBAH8AAA8AAAGjAAAAAF5iHYLArgAgkQE4V2NJsjbOuO52ws/u75f6Cg126zWeI7a+kaxTqKLbdWWZmW3PP+SflLxBA7Trpb0qZ5MP8+m0leylnLcDt2TtIWR49MOuiJuvVuMJmtwAAAAAAAE2MIIBMjCB2qADAgECAgYBcK9AtOYwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwCY2EwIBcNMjAwMzA2MDk1MDE4WhgPMjA1NjAyMjYwOTUwMThaMDMxDzANBgNVBAcTBjE2MDAwMTENMAsGA1UECxMEYWNjMTERMA8GA1UEAxMIZGV2aWNlMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARn0TtinN6/runzIuF2f2uTH1f0mQOFXu3uRPtQji2ObccSsw6Cn9z7XWK9fRgeoOKA0WZC+O9L9IEWieS13ajFMAoGCCqGSM49BAMCA0cAMEQCIFoavpekQjIqubJ09jkMR+iiUpkGdFRla1R7onnc5iEOAiBAvYr8j9QqjpM2jColTS1cI0z29PBbuasq4HI6YCj0wgAAAAAAAAAAAAFeYh2Ct3LnESwmdWzU+xs7vV2Q0T5HJ8y4ckhpO7wOoF5iHYJ38gKFI3Qdc3BR48GV7nuBUKZeI1YJExQchj1WCAY6dEyghLpHAAAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA \ No newline at end of file diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9b69aa204a54..c3d0f6f83c28 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -664,6 +664,9 @@ component_test_default_cmake_gcc_asan () { msg "test: compat.sh (ASan build)" # ~ 6 min if_build_succeeded tests/compat.sh + + msg "test: context-info.sh (ASan build)" # ~ 15 sec + if_build_succeeded tests/context-info.sh } component_test_full_cmake_gcc_asan () { @@ -680,6 +683,9 @@ component_test_full_cmake_gcc_asan () { msg "test: compat.sh (full config, ASan build)" if_build_succeeded tests/compat.sh + + msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec + if_build_succeeded tests/context-info.sh } component_test_zlib_make() { @@ -742,6 +748,9 @@ component_test_sslv3 () { msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min if_build_succeeded tests/ssl-opt.sh + + msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec + if_build_succeeded tests/context-info.sh } component_test_no_renegotiation () { @@ -787,6 +796,9 @@ component_test_rsa_no_crt () { msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min if_build_succeeded tests/compat.sh -t RSA + + msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec + if_build_succeeded tests/context-info.sh } component_test_new_ecdh_context () { @@ -1149,6 +1161,9 @@ component_test_asan_remove_peer_certificate () { msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" if_build_succeeded tests/compat.sh + + msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" + if_build_succeeded tests/context-info.sh } component_test_no_max_fragment_length_small_ssl_out_content_len () { @@ -1161,6 +1176,9 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { msg "test: MFL tests (disabled MFL extension case) & large packet tests" if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" + + msg "test: context-info.sh (disabled MFL extension case)" + if_build_succeeded tests/context-info.sh } component_test_variable_ssl_in_out_buffer_len () { @@ -1679,6 +1697,11 @@ component_test_valgrind () { msg "test: compat.sh --memcheck (Release)" if_build_succeeded tests/compat.sh --memcheck fi + + if [ "$MEMORY" -gt 0 ]; then + msg "test: context-info.sh --memcheck (Release)" + if_build_succeeded tests/context-info.sh --memcheck + fi } component_test_cmake_out_of_source () { From 5edd388da06e8e23f29692b0505fc6c8adeaed31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Apr 2020 10:40:03 +0200 Subject: [PATCH 119/138] Get rid of a magic value in benchmark.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also update its value while at it. Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/benchmark.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb2537f44fac..57e8e7eba009 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -150,6 +150,16 @@ do { \ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) +/* How much space to reserve for the title when printing heap usage results. + * Updated manually as the output of the following command: + * + * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | + * awk '{print length+2}' | sort -rn | head -n1 + * + * This computes the maximum length of a title +2 (because we appends "/s"). + * (If the value is too small, the only consequence is poor alignement.) */ +#define TITLE_SPACE 16 + #define MEMORY_MEASURE_INIT \ size_t max_used, max_blocks, max_bytes; \ size_t prv_used, prv_blocks; \ @@ -158,8 +168,8 @@ do { \ #define MEMORY_MEASURE_PRINT( title_len ) \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ - for( ii = 12 > (title_len) ? 12 - (title_len) : 1; ii !=0; ii--) \ - mbedtls_printf( " " ); \ + ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ + while( ii-- ) mbedtls_printf( " " ); \ max_used -= prv_used; \ max_blocks -= prv_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ From 10a5b535f1ba5c47e42c5eeaca6cd6cacd81e745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Apr 2020 11:50:59 +0200 Subject: [PATCH 120/138] Sort lists in Makefiles and have one item per line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A file generated based on the output of `make list` from programs has been re-generated. Signed-off-by: Manuel Pégourié-Gonnard --- library/Makefile | 128 +++++++++++++++------ programs/Makefile | 22 ++-- visualc/VS2010/mbedTLS.sln | 230 ++++++++++++++++++------------------- 3 files changed, 217 insertions(+), 163 deletions(-) diff --git a/library/Makefile b/library/Makefile index f9cd468a5fc4..dbdd3b679abd 100644 --- a/library/Makefile +++ b/library/Makefile @@ -63,48 +63,102 @@ DLEXT = dylib endif endif -OBJS_CRYPTO= aes.o aesni.o arc4.o \ - aria.o asn1parse.o asn1write.o \ - base64.o bignum.o blowfish.o \ - camellia.o ccm.o chacha20.o \ - chachapoly.o cipher.o cipher_wrap.o \ - cmac.o ctr_drbg.o des.o \ - dhm.o ecdh.o ecdsa.o \ - ecjpake.o ecp.o \ - ecp_curves.o entropy.o entropy_poll.o \ - error.o gcm.o havege.o \ - hkdf.o \ - hmac_drbg.o md.o md2.o \ - md4.o md5.o \ - memory_buffer_alloc.o nist_kw.o \ - oid.o padlock.o pem.o \ - pk.o pk_wrap.o pkcs12.o \ - pkcs5.o pkparse.o pkwrite.o \ - platform.o platform_util.o poly1305.o \ - psa_crypto.o psa_crypto_se.o \ - psa_crypto_slot_management.o \ - psa_crypto_storage.o \ - psa_its_file.o \ - ripemd160.o rsa_internal.o rsa.o \ - sha1.o sha256.o sha512.o \ - threading.o timing.o \ - version.o version_features.o \ - xtea.o +OBJS_CRYPTO= \ + aes.o \ + aesni.o \ + arc4.o \ + aria.o \ + asn1parse.o \ + asn1write.o \ + base64.o \ + bignum.o \ + blowfish.o \ + camellia.o \ + ccm.o \ + chacha20.o \ + chachapoly.o \ + cipher.o \ + cipher_wrap.o \ + cmac.o \ + ctr_drbg.o \ + des.o \ + dhm.o \ + ecdh.o \ + ecdsa.o \ + ecjpake.o \ + ecp.o \ + ecp_curves.o \ + entropy.o \ + entropy_poll.o \ + error.o \ + gcm.o \ + havege.o \ + hkdf.o \ + hmac_drbg.o \ + md.o \ + md2.o \ + md4.o \ + md5.o \ + memory_buffer_alloc.o \ + nist_kw.o \ + oid.o \ + padlock.o \ + pem.o \ + pk.o \ + pk_wrap.o \ + pkcs12.o \ + pkcs5.o \ + pkparse.o \ + pkwrite.o \ + platform.o \ + platform_util.o \ + poly1305.o \ + psa_crypto.o \ + psa_crypto_se.o \ + psa_crypto_slot_management.o \ + psa_crypto_storage.o \ + psa_its_file.o \ + ripemd160.o \ + rsa.o \ + rsa_internal.o \ + sha1.o \ + sha256.o \ + sha512.o \ + threading.o \ + timing.o \ + version.o \ + version_features.o \ + xtea.o \ + # This line is intentionally left blank include ../3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) -OBJS_X509= certs.o pkcs11.o x509.o \ - x509_create.o x509_crl.o x509_crt.o \ - x509_csr.o x509write_crt.o x509write_csr.o - -OBJS_TLS= debug.o net_sockets.o \ - ssl_cache.o ssl_ciphersuites.o \ - ssl_cli.o ssl_cookie.o \ - ssl_msg.o \ - ssl_srv.o ssl_ticket.o \ - ssl_tls.o +OBJS_X509= \ + certs.o \ + pkcs11.o \ + x509.o \ + x509_create.o \ + x509_crl.o \ + x509_crt.o \ + x509_csr.o \ + x509write_crt.o \ + x509write_csr.o \ + # This line is intentionally left blank + +OBJS_TLS= \ + debug.o \ + net_sockets.o \ + ssl_cache.o \ + ssl_ciphersuites.o \ + ssl_cli.o \ + ssl_cookie.o \ + ssl_msg.o \ + ssl_srv.o \ + ssl_ticket.o \ + ssl_tls.o \ + # This line is intentionally left blank .SILENT: diff --git a/programs/Makefile b/programs/Makefile index 68bcfc2e1373..31e431b6a58d 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -53,8 +53,8 @@ endif APPS = \ aes/aescrypt2$(EXEXT) \ aes/crypt_and_hash$(EXEXT) \ - hash/hello$(EXEXT) \ hash/generic_sum$(EXEXT) \ + hash/hello$(EXEXT) \ pkey/dh_client$(EXEXT) \ pkey/dh_genprime$(EXEXT) \ pkey/dh_server$(EXEXT) \ @@ -68,40 +68,40 @@ APPS = \ pkey/pk_encrypt$(EXEXT) \ pkey/pk_sign$(EXEXT) \ pkey/pk_verify$(EXEXT) \ - pkey/rsa_genkey$(EXEXT) \ pkey/rsa_decrypt$(EXEXT) \ pkey/rsa_encrypt$(EXEXT) \ + pkey/rsa_genkey$(EXEXT) \ pkey/rsa_sign$(EXEXT) \ - pkey/rsa_verify$(EXEXT) \ pkey/rsa_sign_pss$(EXEXT) \ + pkey/rsa_verify$(EXEXT) \ pkey/rsa_verify_pss$(EXEXT) \ psa/crypto_examples$(EXEXT) \ psa/key_ladder_demo$(EXEXT) \ psa/psa_constant_names$(EXEXT) \ + random/gen_entropy$(EXEXT) \ + random/gen_random_ctr_drbg$(EXEXT) \ + random/gen_random_havege$(EXEXT) \ ssl/dtls_client$(EXEXT) \ ssl/dtls_server$(EXEXT) \ + ssl/mini_client$(EXEXT) \ ssl/ssl_client1$(EXEXT) \ ssl/ssl_client2$(EXEXT) \ - ssl/ssl_server$(EXEXT) \ - ssl/ssl_server2$(EXEXT) \ ssl/ssl_context_info$(EXEXT) \ ssl/ssl_fork_server$(EXEXT) \ - ssl/mini_client$(EXEXT) \ ssl/ssl_mail_client$(EXEXT) \ - random/gen_entropy$(EXEXT) \ - random/gen_random_havege$(EXEXT) \ - random/gen_random_ctr_drbg$(EXEXT) \ + ssl/ssl_server$(EXEXT) \ + ssl/ssl_server2$(EXEXT) \ test/benchmark$(EXEXT) \ + test/query_compile_time_config$(EXEXT) \ test/selftest$(EXEXT) \ test/udp_proxy$(EXEXT) \ test/zeroize$(EXEXT) \ - test/query_compile_time_config$(EXEXT) \ util/pem2der$(EXEXT) \ util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) \ - x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) \ x509/cert_write$(EXEXT) \ + x509/crl_app$(EXEXT) \ x509/req_app$(EXEXT) \ # End of APPS diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 6969bbb212b1..2d8fdc8fea12 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -13,12 +13,12 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -88,17 +88,17 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_verify", "pk_verify.vcxp {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_encrypt", "rsa_encrypt.vcxproj", "{D06CF12E-F222-9273-41BF-B8A052FA5527}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_encrypt", "rsa_encrypt.vcxproj", "{D06CF12E-F222-9273-41BF-B8A052FA5527}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -108,12 +108,12 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign", "rsa_sign.vcxpro {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -138,67 +138,67 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "psa_constant_names", "psa_c {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_client", "dtls_client.vcxproj", "{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_server", "dtls_server.vcxproj", "{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{487A2F80-3CA3-678D-88D5-82194872CF08}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{71257802-BBCA-99F5-E9D2-905738F30893}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client2", "ssl_client2.vcxproj", "{4E590E9D-E28F-87FF-385B-D58736388231}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_client", "dtls_client.vcxproj", "{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{E08E0065-896A-7487-DEA5-D3B80B71F975}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_server", "dtls_server.vcxproj", "{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2.vcxproj", "{A4DA7463-1047-BDF5-E1B3-5632CB573F41}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_context_info", "ssl_context_info.vcxproj", "{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{487A2F80-3CA3-678D-88D5-82194872CF08}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client2", "ssl_client2.vcxproj", "{4E590E9D-E28F-87FF-385B-D58736388231}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_context_info", "ssl_context_info.vcxproj", "{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{71257802-BBCA-99F5-E9D2-905738F30893}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{E08E0065-896A-7487-DEA5-D3B80B71F975}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2.vcxproj", "{A4DA7463-1047-BDF5-E1B3-5632CB573F41}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -208,22 +208,22 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxp {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxproj", "{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxproj", "{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -243,17 +243,17 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_app", "cert_app.vcxpro {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_write", "cert_write.vcxproj", "{35E52E46-3BA9-4361-41D3-53663C2E9B8A}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_write", "cert_write.vcxproj", "{35E52E46-3BA9-4361-41D3-53663C2E9B8A}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection @@ -295,14 +295,6 @@ Global {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.Build.0 = Release|Win32 {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.ActiveCfg = Release|x64 {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.Build.0 = Release|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64 {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.ActiveCfg = Debug|Win32 {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.Build.0 = Debug|Win32 {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.ActiveCfg = Debug|x64 @@ -311,6 +303,14 @@ Global {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32 {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64 {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64 + {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64 {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32 {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32 {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64 @@ -415,14 +415,6 @@ Global {C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.Build.0 = Release|Win32 {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.ActiveCfg = Release|x64 {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.Build.0 = Release|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64 {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.ActiveCfg = Debug|Win32 {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.Build.0 = Debug|Win32 {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.ActiveCfg = Debug|x64 @@ -439,6 +431,14 @@ Global {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.Build.0 = Release|Win32 {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.ActiveCfg = Release|x64 {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.Build.0 = Release|x64 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64 + {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64 {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.ActiveCfg = Debug|Win32 {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.Build.0 = Debug|Win32 {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.ActiveCfg = Debug|x64 @@ -447,14 +447,6 @@ Global {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.Build.0 = Release|Win32 {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.ActiveCfg = Release|x64 {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.Build.0 = Release|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64 {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.ActiveCfg = Debug|Win32 {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.Build.0 = Debug|Win32 {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.ActiveCfg = Debug|x64 @@ -463,6 +455,14 @@ Global {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.Build.0 = Release|Win32 {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.ActiveCfg = Release|x64 {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.Build.0 = Release|x64 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64 + {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64 {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.ActiveCfg = Debug|Win32 {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.Build.0 = Debug|Win32 {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.ActiveCfg = Debug|x64 @@ -495,6 +495,30 @@ Global {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.Build.0 = Release|Win32 {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.ActiveCfg = Release|x64 {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.Build.0 = Release|x64 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64 + {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64 + {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64 + {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.ActiveCfg = Debug|Win32 + {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.Build.0 = Debug|Win32 + {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.ActiveCfg = Debug|x64 + {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.Build.0 = Debug|x64 + {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.ActiveCfg = Release|Win32 + {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.Build.0 = Release|Win32 + {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.ActiveCfg = Release|x64 + {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.Build.0 = Release|x64 {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.ActiveCfg = Debug|Win32 {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.Build.0 = Debug|Win32 {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|x64.ActiveCfg = Debug|x64 @@ -511,6 +535,14 @@ Global {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|Win32.Build.0 = Release|Win32 {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.ActiveCfg = Release|x64 {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.Build.0 = Release|x64 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64 + {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64 {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.ActiveCfg = Debug|Win32 {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.Build.0 = Debug|Win32 {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.ActiveCfg = Debug|x64 @@ -527,22 +559,6 @@ Global {4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.Build.0 = Release|Win32 {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.ActiveCfg = Release|x64 {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.Build.0 = Release|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.ActiveCfg = Debug|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.Build.0 = Debug|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.ActiveCfg = Debug|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.Build.0 = Debug|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.ActiveCfg = Release|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.Build.0 = Release|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.ActiveCfg = Release|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.Build.0 = Release|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.ActiveCfg = Debug|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.Build.0 = Debug|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.ActiveCfg = Debug|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.Build.0 = Debug|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.ActiveCfg = Release|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64 {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.ActiveCfg = Debug|Win32 {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.Build.0 = Debug|Win32 {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.ActiveCfg = Debug|x64 @@ -559,14 +575,6 @@ Global {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.Build.0 = Release|Win32 {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.ActiveCfg = Release|x64 {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.Build.0 = Release|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64 {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.ActiveCfg = Debug|Win32 {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.Build.0 = Debug|Win32 {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.ActiveCfg = Debug|x64 @@ -575,30 +583,22 @@ Global {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.Build.0 = Release|Win32 {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.ActiveCfg = Release|x64 {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.Build.0 = Release|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64 - {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.ActiveCfg = Debug|Win32 - {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.Build.0 = Debug|Win32 - {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.ActiveCfg = Debug|x64 - {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.Build.0 = Debug|x64 - {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.ActiveCfg = Release|Win32 - {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.Build.0 = Release|Win32 - {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.ActiveCfg = Release|x64 - {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.Build.0 = Release|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.ActiveCfg = Debug|Win32 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.Build.0 = Debug|Win32 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.ActiveCfg = Debug|x64 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.Build.0 = Debug|x64 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.ActiveCfg = Release|Win32 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.Build.0 = Release|Win32 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.ActiveCfg = Release|x64 + {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.Build.0 = Release|x64 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.ActiveCfg = Debug|Win32 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.Build.0 = Debug|Win32 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.ActiveCfg = Debug|x64 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.Build.0 = Debug|x64 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.ActiveCfg = Release|Win32 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64 + {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64 @@ -607,6 +607,14 @@ Global {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.Build.0 = Release|Win32 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.ActiveCfg = Release|x64 {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.Build.0 = Release|x64 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64 + {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64 {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.ActiveCfg = Debug|Win32 {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.Build.0 = Debug|Win32 {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.ActiveCfg = Debug|x64 @@ -631,14 +639,6 @@ Global {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32 {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64 {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64 @@ -663,14 +663,6 @@ Global {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.Build.0 = Release|Win32 {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.ActiveCfg = Release|x64 {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.Build.0 = Release|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64 {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.ActiveCfg = Debug|Win32 {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.Build.0 = Debug|Win32 {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.ActiveCfg = Debug|x64 @@ -687,6 +679,14 @@ Global {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|Win32.Build.0 = Release|Win32 {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.ActiveCfg = Release|x64 {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.Build.0 = Release|x64 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64 + {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64 {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.ActiveCfg = Debug|Win32 {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.Build.0 = Debug|Win32 {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|x64.ActiveCfg = Debug|x64 From 6f830251a1962b970c14dde6f23dee1e04adfca4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Apr 2020 11:56:06 +0200 Subject: [PATCH 121/138] Sort lists in CMakeLists.txt files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/CMakeLists.txt | 2 +- programs/ssl/CMakeLists.txt | 4 ++-- tests/CMakeLists.txt | 14 +++++++------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 61f02e86f210..a8492c6199f0 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -8,5 +8,5 @@ add_subdirectory(psa) add_subdirectory(random) add_subdirectory(ssl) add_subdirectory(test) -add_subdirectory(x509) add_subdirectory(util) +add_subdirectory(x509) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 481e2b0eeaa7..32fb3c44f62f 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -8,12 +8,12 @@ set(libs set(targets dtls_client dtls_server + mini_client ssl_client1 ssl_client2 - ssl_server ssl_fork_server ssl_mail_client - mini_client + ssl_server ) if(USE_PKCS11_HELPER_LIBRARY) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index aa33dc5290d7..14a7b7e94b61 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -67,9 +67,9 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) -add_test_suite(aes aes.ecb) add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) +add_test_suite(aes aes.ecb) add_test_suite(aes aes.ofb) add_test_suite(aes aes.rest) add_test_suite(aes aes.xts) @@ -107,12 +107,12 @@ add_test_suite(ecjpake) add_test_suite(ecp) add_test_suite(entropy) add_test_suite(error) -add_test_suite(gcm gcm.aes128_en) -add_test_suite(gcm gcm.aes192_en) -add_test_suite(gcm gcm.aes256_en) add_test_suite(gcm gcm.aes128_de) +add_test_suite(gcm gcm.aes128_en) add_test_suite(gcm gcm.aes192_de) +add_test_suite(gcm gcm.aes192_en) add_test_suite(gcm gcm.aes256_de) +add_test_suite(gcm gcm.aes256_en) add_test_suite(gcm gcm.camellia) add_test_suite(gcm gcm.misc) add_test_suite(hkdf) @@ -127,10 +127,10 @@ add_test_suite(mpi) add_test_suite(nist_kw) add_test_suite(oid) add_test_suite(pem) +add_test_suite(pk) add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) -add_test_suite(pk) add_test_suite(pkparse) add_test_suite(pkwrite) add_test_suite(poly1305) @@ -144,14 +144,14 @@ add_test_suite(psa_crypto_se_driver_hal) add_test_suite(psa_crypto_se_driver_hal_mocks) add_test_suite(psa_crypto_slot_management) add_test_suite(psa_its) +add_test_suite(rsa) add_test_suite(shax) add_test_suite(ssl) add_test_suite(timing) -add_test_suite(rsa) add_test_suite(version) -add_test_suite(xtea) add_test_suite(x509parse) add_test_suite(x509write) +add_test_suite(xtea) # Make scripts and data files needed for testing available in an # out-of-source build. From 6ff11895f49e9eb0e56f2ca3598b5196aad320a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Apr 2020 11:59:07 +0200 Subject: [PATCH 122/138] Sort lists in .gitignore files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/.gitignore | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/programs/.gitignore b/programs/.gitignore index b2685a9e0184..53c1ed72255e 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -12,8 +12,8 @@ hash/sha2sum pkey/dh_client pkey/dh_genprime pkey/dh_server -pkey/ecdsa pkey/ecdh_curve25519 +pkey/ecdsa pkey/gen_key pkey/key_app pkey/key_app_writer @@ -30,14 +30,15 @@ pkey/rsa_sign_pss pkey/rsa_verify pkey/rsa_verify_pss psa/crypto_examples +psa/key_ladder_demo psa/psa_constant_names psa/psa_constant_names_generated.c -psa/key_ladder_demo random/gen_entropy random/gen_random_ctr_drbg random/gen_random_havege ssl/dtls_client ssl/dtls_server +ssl/mini_client ssl/ssl_client1 ssl/ssl_client2 ssl/ssl_context_info @@ -46,21 +47,20 @@ ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 -ssl/mini_client test/benchmark +test/cpp_dummy_build test/ecp-bench +test/query_compile_time_config test/selftest -test/cpp_dummy_build test/ssl_cert_test test/udp_proxy test/zeroize -test/query_compile_time_config util/pem2der util/strerror x509/cert_app x509/cert_req -x509/crl_app x509/cert_write +x509/crl_app x509/req_app # generated files From 136bebf934a21af5b93264daa56b46f6c062e0c8 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Fri, 17 Apr 2020 14:37:00 +0200 Subject: [PATCH 123/138] Add missing newline character Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f6284feeb9be..cbd41b65be28 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3105,7 +3105,7 @@ int main( int argc, char *argv[] ) if( opt.serialize == 1 ) { /* nothing to do here, done by context_save() already */ - mbedtls_printf( " . Context has been reset... ok" ); + mbedtls_printf( " . Context has been reset... ok\n" ); } if( opt.serialize == 2 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 845881f93290..1cee32e6235b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4112,7 +4112,7 @@ int main( int argc, char *argv[] ) if( opt.serialize == 1 ) { /* nothing to do here, done by context_save() already */ - mbedtls_printf( " . Context has been reset... ok" ); + mbedtls_printf( " . Context has been reset... ok\n" ); } /* From 3de298f18f156d7ea1c4f866f0324ea1b0e87d16 Mon Sep 17 00:00:00 2001 From: Piotr Nowicki Date: Thu, 16 Apr 2020 14:35:19 +0200 Subject: [PATCH 124/138] Saving the serialized context to a file Signed-off-by: Piotr Nowicki --- programs/ssl/ssl_client2.c | 71 ++++++++++++++++++++++++++++++++++++-- programs/ssl/ssl_server2.c | 71 ++++++++++++++++++++++++++++++++++++-- tests/ssl-opt.sh | 12 +++++++ 3 files changed, 148 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cbd41b65be28..73a993326e96 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -67,6 +67,7 @@ int main( void ) #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/base64.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -139,6 +140,7 @@ int main( void ) #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 #define DFL_SERIALIZE 0 +#define DFL_CONTEXT_FILE "" #define DFL_EXTENDED_MS_ENFORCE -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 @@ -363,9 +365,14 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" \ + " context_file=%%s The file path to write a serialized connection\n"\ + " in the form of base64 code (serialize option\n" \ + " must be set)\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_SERIALIZATION "" #endif @@ -516,6 +523,9 @@ struct options * during renegotiation */ const char *cid_val; /* the CID to use for incoming messages */ int serialize; /* serialize/deserialize connection */ + const char *context_file; /* the file to write a serialized connection + * in the form of base64 code (serialize + * option must be set) */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ @@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] ) opt.etm = DFL_ETM; opt.dgram_packing = DFL_DGRAM_PACKING; opt.serialize = DFL_SERIALIZE; + opt.context_file = DFL_CONTEXT_FILE; opt.eap_tls = DFL_EAP_TLS; opt.reproducible = DFL_REPRODUCIBLE; opt.nss_keylog = DFL_NSS_KEYLOG; @@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] ) if( opt.serialize < 0 || opt.serialize > 2) goto usage; } + else if( strcmp( p, "context_file") == 0 ) + { + opt.context_file = q; + } else if( strcmp( p, "eap_tls" ) == 0 ) { opt.eap_tls = atoi( q ); @@ -3102,6 +3117,56 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); + /* Save serialized context to the 'opt.context_file' as a base64 code */ + if( 0 < strlen( opt.context_file ) ) + { + FILE *b64_file; + uint8_t *b64_buf; + size_t b64_len; + + mbedtls_printf( " . Save serialized context to a file... " ); + + mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len ); + + if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL ) + { + mbedtls_printf( "failed\n ! Couldn't allocate buffer for " + "the base64 code\n" ); + goto exit; + } + + if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len, + context_buf, buf_len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_base64_encode returned " + "-0x%x\n", -ret ); + mbedtls_free( b64_buf ); + goto exit; + } + + if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL ) + { + mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n", + opt.context_file ); + mbedtls_free( b64_buf ); + goto exit; + } + + if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) ) + { + mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n", + (long) b64_len ); + mbedtls_free( b64_buf ); + fclose( b64_file ); + goto exit; + } + + mbedtls_free( b64_buf ); + fclose( b64_file ); + + mbedtls_printf( "ok\n" ); + } + if( opt.serialize == 1 ) { /* nothing to do here, done by context_save() already */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1cee32e6235b..1d03fe283b06 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -63,6 +63,7 @@ int main( void ) #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/base64.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -172,6 +173,7 @@ int main( void ) #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 #define DFL_SERIALIZE 0 +#define DFL_CONTEXT_FILE "" #define DFL_EXTENDED_MS_ENFORCE -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 @@ -449,9 +451,14 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" \ + " context_file=%%s The file path to write a serialized connection\n"\ + " in the form of base64 code (serialize option\n" \ + " must be set)\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_SERIALIZATION "" #endif @@ -617,6 +624,9 @@ struct options * during renegotiation */ const char *cid_val; /* the CID to use for incoming messages */ int serialize; /* serialize/deserialize connection */ + const char *context_file; /* the file to write a serialized connection + * in the form of base64 code (serialize + * option must be set) */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ @@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] ) opt.extended_ms = DFL_EXTENDED_MS; opt.etm = DFL_ETM; opt.serialize = DFL_SERIALIZE; + opt.context_file = DFL_CONTEXT_FILE; opt.eap_tls = DFL_EAP_TLS; opt.reproducible = DFL_REPRODUCIBLE; opt.nss_keylog = DFL_NSS_KEYLOG; @@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] ) if( opt.serialize < 0 || opt.serialize > 2) goto usage; } + else if( strcmp( p, "context_file") == 0 ) + { + opt.context_file = q; + } else if( strcmp( p, "eap_tls" ) == 0 ) { opt.eap_tls = atoi( q ); @@ -4102,6 +4117,56 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); + /* Save serialized context to the 'opt.context_file' as a base64 code */ + if( 0 < strlen( opt.context_file ) ) + { + FILE *b64_file; + uint8_t *b64_buf; + size_t b64_len; + + mbedtls_printf( " . Save serialized context to a file... " ); + + mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len ); + + if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL ) + { + mbedtls_printf( "failed\n ! Couldn't allocate buffer for " + "the base64 code\n" ); + goto exit; + } + + if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len, + context_buf, buf_len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_base64_encode returned " + "-0x%x\n", -ret ); + mbedtls_free( b64_buf ); + goto exit; + } + + if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL ) + { + mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n", + opt.context_file ); + mbedtls_free( b64_buf ); + goto exit; + } + + if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) ) + { + mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n", + (long) b64_len ); + mbedtls_free( b64_buf ); + fclose( b64_file ); + goto exit; + } + + mbedtls_free( b64_buf ); + fclose( b64_file ); + + mbedtls_printf( "ok\n" ); + } + /* * This simulates a workflow where you have a long-lived server * instance, potentially with a pool of ssl_context objects, and you diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 924384faa502..df3f53b3bba7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -958,6 +958,8 @@ run_tests_memory_after_hanshake() cleanup() { rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION + rm -f context_srv.txt + rm -f context_cli.txt test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 @@ -1628,6 +1630,16 @@ run_test "Context serialization, re-init, both serialize, with CID" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Saving the serialized context to a file" \ + "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ + "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ + 0 \ + -s "Save serialized context to a file... ok" \ + -c "Save serialized context to a file... ok" +rm -f context_srv.txt +rm -f context_cli.txt + # Tests for DTLS Connection ID extension # So far, the CID API isn't implemented, so we can't From 49d46a74736f30a7b857a78afa02494f8d18f2c4 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 21 Sep 2019 16:16:34 +0300 Subject: [PATCH 125/138] Finalize fixing the issue #1430. The previous PRs had correct template project, but somehow it was not merged. Signed-off-by: irwir --- scripts/data_files/vs2010-main-template.vcxproj | 1 - visualc/VS2010/mbedTLS.vcxproj | 1 - 2 files changed, 2 deletions(-) diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index bfc2400f6e01..daa42bc6c9b1 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -45,7 +45,6 @@ false true Unicode - Windows7.1SDK diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 45ae103b933e..fd6de42794e6 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -45,7 +45,6 @@ false true Unicode - Windows7.1SDK From af81957abd7eef517b28acf91fae97548333fed7 Mon Sep 17 00:00:00 2001 From: irwir Date: Mon, 20 Apr 2020 13:22:40 +0300 Subject: [PATCH 126/138] Add changelog Signed-off-by: irwir --- ChangeLog.d/bugfix.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/bugfix.txt diff --git a/ChangeLog.d/bugfix.txt b/ChangeLog.d/bugfix.txt new file mode 100644 index 000000000000..499fd40f2557 --- /dev/null +++ b/ChangeLog.d/bugfix.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix the Visual Studio Release x64 build configuration for mbedtls itself. + Completes a previous fix in Mbed TLS 2.19 that only fixed the build for + the example programs. Reported in #1430 and fix contributed by irwir. \ No newline at end of file From f0fec77e3e33235adcb1d6d09d62def877b86c12 Mon Sep 17 00:00:00 2001 From: irwir Date: Mon, 20 Apr 2020 13:50:28 +0300 Subject: [PATCH 127/138] Fix "same actions in two cases of a switch statement" warning Resolves #3202 Signed-off-by: irwir --- library/md.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/md.c b/library/md.c index b56c2ddfe1ab..30a580b02147 100644 --- a/library/md.c +++ b/library/md.c @@ -553,14 +553,12 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); case MBEDTLS_MD_SHA256: return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); #endif case MBEDTLS_MD_SHA512: return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); @@ -599,14 +597,12 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); case MBEDTLS_MD_SHA256: return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); #endif case MBEDTLS_MD_SHA512: return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); @@ -856,14 +852,12 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); case MBEDTLS_MD_SHA256: return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); #endif case MBEDTLS_MD_SHA512: return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); From 3669208c8ef9689a864f31df4740d0a195514216 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 20 Apr 2020 21:44:57 +0200 Subject: [PATCH 128/138] Re-run generate_visualc_files.pl Signed-off-by: Gilles Peskine --- visualc/VS2010/ssl_context_info.vcxproj | 40 ++++++++++++------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj index f25229874a7c..1ab9e862cbf7 100644 --- a/visualc/VS2010/ssl_context_info.vcxproj +++ b/visualc/VS2010/ssl_context_info.vcxproj @@ -22,7 +22,7 @@ - + {46cf2d25-6a36-4189-b59c-e4815388e554} true @@ -71,22 +71,22 @@ - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + @@ -101,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -122,7 +122,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -147,7 +147,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) From 6ea4fc7b53d8d89788559bc662c05ea0fda3c3e1 Mon Sep 17 00:00:00 2001 From: Gaurav Aggarwal Date: Mon, 20 Apr 2020 16:03:46 -0700 Subject: [PATCH 129/138] Address review comments 1. The functions mbedtls_high_level_strerr and mbedtls_low_level_strerr accept any error code and extract the high-level and low-level parts respectively. 2. Documentation updates. Signed-off-by: Gaurav Aggarwal --- include/mbedtls/error.h | 16 ++++++++++------ library/error.c | 22 ++++++++++++++++++---- scripts/data_files/error.fmt | 22 ++++++++++++++++++---- 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index cff22eaa84ff..2fb86c7eb87c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -128,28 +128,32 @@ extern "C" { void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); /** - * \brief Translate high level part of a mbed TLS error code into a string + * \brief Translate the high-level part of an Mbed TLS error code into a string * representation. * * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string and use it only for logging purposes. + * must not try to modify the string. It is intended to be used mostly for + * logging purposes. * * \param error_code error code * - * \return The string representation of the error code. + * \return The string representation of the error code, or \c NULL if the error + * code is unknown. */ const char * mbedtls_high_level_strerr( int error_code ); /** - * \brief Translate low level part of a mbed TLS error code into a string + * \brief Translate the low-level part of an Mbed TLS error code into a string * representation. * * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string and use it only for logging purposes. + * must not try to modify the string. It is intended to be used mostly for + * logging purposes. * * \param error_code error code * - * \return The string representation of the error code. + * \return The string representation of the error code, or \c NULL if the error + * code is unknown. */ const char * mbedtls_low_level_strerr( int error_code ); diff --git a/library/error.c b/library/error.c index ee1f8b704beb..38b658006d08 100644 --- a/library/error.c +++ b/library/error.c @@ -215,9 +215,16 @@ const char * mbedtls_high_level_strerr( int error_code ) { + int high_level_error_code; const char *error_description = NULL; - switch( error_code ) + if( error_code < 0 ) + error_code = -error_code; + + /* Extract the high-level part from the error code. */ + high_level_error_code = error_code & 0xFF80; + + switch( high_level_error_code ) { /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_CIPHER_C) @@ -725,9 +732,16 @@ const char * mbedtls_high_level_strerr( int error_code ) const char * mbedtls_low_level_strerr( int error_code ) { + int low_level_error_code; const char *error_description = NULL; - switch( error_code ) + if( error_code < 0 ) + error_code = -error_code; + + /* Extract the low-level part from the error code. */ + low_level_error_code = error_code & ~0xFF80; + + switch( low_level_error_code ) { /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_AES_C) @@ -1154,7 +1168,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) use_ret = ret & 0xFF80; // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr(use_ret); + high_level_error_description = mbedtls_high_level_strerr( ret ); if( high_level_error_description == NULL ) mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); @@ -1191,7 +1205,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) } // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr( use_ret ); + low_level_error_description = mbedtls_low_level_strerr( ret ); if( low_level_error_description == NULL ) mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 5699d9ea22f9..0e128e84f8b2 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -44,9 +44,16 @@ HEADER_INCLUDED const char * mbedtls_high_level_strerr( int error_code ) { + int high_level_error_code; const char *error_description = NULL; - switch( error_code ) + if( error_code < 0 ) + error_code = -error_code; + + /* Extract the high-level part from the error code. */ + high_level_error_code = error_code & 0xFF80; + + switch( high_level_error_code ) { /* Begin Auto-Generated Code. */ HIGH_LEVEL_CODE_CHECKS @@ -61,9 +68,16 @@ HIGH_LEVEL_CODE_CHECKS const char * mbedtls_low_level_strerr( int error_code ) { + int low_level_error_code; const char *error_description = NULL; - switch( error_code ) + if( error_code < 0 ) + error_code = -error_code; + + /* Extract the low-level part from the error code. */ + low_level_error_code = error_code & ~0xFF80; + + switch( low_level_error_code ) { /* Begin Auto-Generated Code. */ LOW_LEVEL_CODE_CHECKS @@ -96,7 +110,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) use_ret = ret & 0xFF80; // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr(use_ret); + high_level_error_description = mbedtls_high_level_strerr( ret ); if( high_level_error_description == NULL ) mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); @@ -133,7 +147,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) } // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr( use_ret ); + low_level_error_description = mbedtls_low_level_strerr( ret ); if( low_level_error_description == NULL ) mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); From c9bc30072499e989f5f7efaef8bf87032b5c4df4 Mon Sep 17 00:00:00 2001 From: irwir Date: Wed, 1 Apr 2020 13:46:36 +0300 Subject: [PATCH 130/138] Simplify bounds check in ssl_write_certificate_request It is sufficient to check for the strongest limit only. Using a smaller type ensures there is no overflow (assuming size_t is at least 32 bits). Fixes #2916 Signed-off-by: irwir --- library/ssl_srv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 469c67eec932..07fb2fa4edb3 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2841,7 +2841,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - size_t dn_size, total_dn_size; /* excluding length bytes */ + uint16_t dn_size, total_dn_size; /* excluding length bytes */ size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -2969,11 +2969,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) while( crt != NULL && crt->version != 0 ) { - dn_size = crt->subject_raw.len; + /* It follows from RFC 5280 A.1 that this length + * can be represented in at most 11 bits. */ + dn_size = (uint16_t) crt->subject_raw.len; - if( end < p || - (size_t)( end - p ) < dn_size || - (size_t)( end - p ) < 2 + dn_size ) + if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); break; From e7a5386eb9c1431a7b0e18398f48a5300fc7367a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 19:37:06 +0200 Subject: [PATCH 131/138] Add changelog entry for #3192: x509_crt max_pathlen int overflow fix Signed-off-by: Gilles Peskine --- ChangeLog.d/max_pathlen.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/max_pathlen.txt diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt new file mode 100644 index 000000000000..08f9c65a8017 --- /dev/null +++ b/ChangeLog.d/max_pathlen.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3192 From 14884f9822e67a13bbd7733046b5a3aa7d4a637f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 19:56:21 +0200 Subject: [PATCH 132/138] Add changelog entry for #3127: ssl_context_info Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_context_info.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ssl_context_info.txt diff --git a/ChangeLog.d/ssl_context_info.txt b/ChangeLog.d/ssl_context_info.txt new file mode 100644 index 000000000000..6a15061faa70 --- /dev/null +++ b/ChangeLog.d/ssl_context_info.txt @@ -0,0 +1,3 @@ +Features + * The new utility programs/ssl/ssl_context_info prints a human-readable + dump of an SSL context saved with mbedtls_ssl_context_save(). From fd0627521b4173579187f611ae7848848405c2e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 20:18:26 +0200 Subject: [PATCH 133/138] Add changelog entry for #3176: new error functions Signed-off-by: Gilles Peskine --- ChangeLog.d/error_const.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/error_const.txt diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt new file mode 100644 index 000000000000..a3ee45740cb7 --- /dev/null +++ b/ChangeLog.d/error_const.txt @@ -0,0 +1,6 @@ +Features + * New functions in the error module return constant strings for + high- and low-level error codes, complementing mbedtls_strerror + which constructs a string for any error code, including compound + ones, but requires a writable buffer. Contributed by Gaurav Aggarwal + in #3176. From bdc639b86f9694ad7186731c9b17efcddb589de5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 20:19:29 +0200 Subject: [PATCH 134/138] Add changelog entry for #3208: md.c switch case unification Signed-off-by: Gilles Peskine --- ChangeLog.d/md_switch.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/md_switch.txt diff --git a/ChangeLog.d/md_switch.txt b/ChangeLog.d/md_switch.txt new file mode 100644 index 000000000000..a4d369b51f18 --- /dev/null +++ b/ChangeLog.d/md_switch.txt @@ -0,0 +1,3 @@ +Changes + * Combine identical cases in switch statements in md.c. Contributed + by irwir in #3208. From 19028a8bb15eeba47456783762c3f451d7dc2f5f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Apr 2020 09:51:51 +0200 Subject: [PATCH 135/138] Add changelog entry for #3150: simplify ssl_write_certificate_request Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_write_certificate_request.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ssl_write_certificate_request.txt diff --git a/ChangeLog.d/ssl_write_certificate_request.txt b/ChangeLog.d/ssl_write_certificate_request.txt new file mode 100644 index 000000000000..2d3067aba8ec --- /dev/null +++ b/ChangeLog.d/ssl_write_certificate_request.txt @@ -0,0 +1,3 @@ +Changes + * Simplify a bounds check in ssl_write_certificate_request(). Contributed + by irwir in #3150. From 518d435e7b12a635dc63f3d05a65a2178e7a5ee1 Mon Sep 17 00:00:00 2001 From: Kenneth Soerensen Date: Wed, 1 Apr 2020 17:22:45 +0200 Subject: [PATCH 136/138] Fix GCC format-signedness warnings Signed-off-by: Kenneth Soerensen --- CMakeLists.txt | 2 +- .../fix-gcc-format-signedness-warnings.txt | 3 + library/aes.c | 8 +-- library/bignum.c | 2 +- library/cmac.c | 6 +- library/debug.c | 2 +- library/ecp.c | 2 +- library/error.c | 4 +- library/oid.c | 2 +- library/x509.c | 2 +- programs/aes/aescrypt2.c | 6 +- programs/aes/crypt_and_hash.c | 6 +- programs/pkey/gen_key.c | 10 +-- programs/pkey/key_app.c | 4 +- programs/pkey/key_app_writer.c | 4 +- programs/pkey/pk_decrypt.c | 8 +-- programs/pkey/pk_encrypt.c | 6 +- programs/pkey/pk_sign.c | 4 +- programs/pkey/pk_verify.c | 4 +- programs/pkey/rsa_decrypt.c | 2 +- programs/pkey/rsa_sign.c | 4 +- programs/pkey/rsa_verify.c | 4 +- programs/psa/key_ladder_demo.c | 2 +- programs/random/gen_entropy.c | 2 +- programs/ssl/dtls_client.c | 6 +- programs/ssl/dtls_server.c | 6 +- programs/ssl/ssl_client1.c | 4 +- programs/ssl/ssl_client2.c | 72 +++++++++---------- programs/ssl/ssl_server.c | 2 +- programs/ssl/ssl_server2.c | 70 +++++++++--------- programs/test/benchmark.c | 2 +- programs/test/udp_proxy.c | 6 +- programs/util/strerror.c | 2 +- programs/x509/cert_app.c | 6 +- programs/x509/cert_write.c | 34 ++++----- scripts/data_files/error.fmt | 4 +- tests/suites/test_suite_version.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 38 files changed, 160 insertions(+), 157 deletions(-) create mode 100644 ChangeLog.d/fix-gcc-format-signedness-warnings.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 1e3098cd9161..4d17af826d13 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -135,7 +135,7 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt new file mode 100644 index 000000000000..023d15c8e8e2 --- /dev/null +++ b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt @@ -0,0 +1,3 @@ +Changes + * Fix warnings about signedness issues in format strings. The build is now + clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen in #3153. diff --git a/library/aes.c b/library/aes.c index 604d0f3d7f7c..962b0b92a0c6 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1847,7 +1847,7 @@ int mbedtls_aes_self_test( int verbose ) mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, + mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( buf, 0, 16 ); @@ -1909,7 +1909,7 @@ int mbedtls_aes_self_test( int verbose ) mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, + mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( iv , 0, 16 ); @@ -1984,7 +1984,7 @@ int mbedtls_aes_self_test( int verbose ) mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, + mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( iv, aes_test_cfb128_iv, 16 ); @@ -2047,7 +2047,7 @@ int mbedtls_aes_self_test( int verbose ) mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-OFB-%3d (%s): ", keybits, + mbedtls_printf( " AES-OFB-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( iv, aes_test_ofb_iv, 16 ); diff --git a/library/bignum.c b/library/bignum.c index d53aefd5b076..d56a16e76a31 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2938,7 +2938,7 @@ int mbedtls_mpi_self_test( int verbose ) cleanup: if( ret != 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", ret ); + mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V ); diff --git a/library/cmac.c b/library/cmac.c index 642680d5569d..2d23be5ffe26 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -784,7 +784,7 @@ static int cmac_test_subkeys( int verbose, for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); + mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 ); mbedtls_cipher_init( &ctx ); @@ -865,7 +865,7 @@ static int cmac_test_wth_cipher( int verbose, for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) - mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 ); + mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 ); if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, message_lengths[i], output ) ) != 0 ) @@ -900,7 +900,7 @@ static int test_aes128_cmac_prf( int verbose ) for( i = 0; i < NB_PRF_TESTS; i++ ) { - mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); + mbedtls_printf( " AES CMAC 128 PRF #%d: ", i ); ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); if( ret != 0 || memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) diff --git a/library/debug.c b/library/debug.c index ae78a697a4bf..2b25e997c55a 100644 --- a/library/debug.c +++ b/library/debug.c @@ -132,7 +132,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, return; mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n", - text, ret, -ret ); + text, ret, (unsigned int) -ret ); debug_send_line( ssl, level, file, line, str ); } diff --git a/library/ecp.c b/library/ecp.c index d3e42a94db9e..fa91b3ec2256 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3156,7 +3156,7 @@ int mbedtls_ecp_self_test( int verbose ) cleanup: if( ret < 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", ret ); + mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &R ); diff --git a/library/error.c b/library/error.c index 38b658006d08..d2f1b18a36bc 100644 --- a/library/error.c +++ b/library/error.c @@ -1171,7 +1171,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) high_level_error_description = mbedtls_high_level_strerr( ret ); if( high_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); else mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); @@ -1208,7 +1208,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) low_level_error_description = mbedtls_low_level_strerr( ret ); if( low_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); else mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); } diff --git a/library/oid.c b/library/oid.c index 891d3cdea905..e0c07436960b 100644 --- a/library/oid.c +++ b/library/oid.c @@ -761,7 +761,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, if( !( oid->p[i] & 0x80 ) ) { /* Last byte */ - ret = mbedtls_snprintf( p, n, ".%d", value ); + ret = mbedtls_snprintf( p, n, ".%u", value ); OID_SAFE_SNPRINTF; value = 0; } diff --git a/library/x509.c b/library/x509.c index c451332c2873..4c2f72105aba 100644 --- a/library/x509.c +++ b/library/x509.c @@ -870,7 +870,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", md_info ? mbedtls_md_get_name( md_info ) : "???", mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???", - pss_opts->expected_salt_len ); + (unsigned int) pss_opts->expected_salt_len ); MBEDTLS_X509_SAFE_SNPRINTF; } #else diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 048028df09ec..8edf85f33cfc 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -118,7 +118,7 @@ int main( int argc, char *argv[] ) ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 ); if( ret != 0 ) { - mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret ); + mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -298,7 +298,7 @@ int main( int argc, char *argv[] ) if( fread( buffer, 1, n, fin ) != (size_t) n ) { - mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n ); + mbedtls_fprintf( stderr, "fread(%u bytes) failed\n", n ); goto exit; } @@ -413,7 +413,7 @@ int main( int argc, char *argv[] ) if( fwrite( buffer, 1, n, fout ) != (size_t) n ) { - mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n ); + mbedtls_fprintf( stderr, "fwrite(%u bytes) failed\n", n ); goto exit; } } diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a5acf5b8bfd0..e2949f25be76 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -219,7 +219,7 @@ int main( int argc, char *argv[] ) p = &argv[6][4]; keylen = 0; - while( sscanf( p, "%02X", &n ) > 0 && + while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 && keylen < (int) sizeof( key ) ) { key[keylen++] = (unsigned char) n; @@ -417,7 +417,7 @@ int main( int argc, char *argv[] ) ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { - mbedtls_fprintf( stderr, "File content not a multiple of the block size (%d).\n", + mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n", mbedtls_cipher_get_block_size( &cipher_ctx )); goto exit; } @@ -484,7 +484,7 @@ int main( int argc, char *argv[] ) if( fread( buffer, 1, ilen, fin ) != ilen ) { - mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", + mbedtls_fprintf( stderr, "fread(%u bytes) failed\n", mbedtls_cipher_get_block_size( &cipher_ctx ) ); goto exit; } diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 23e4e145c618..9c1a91c00950 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -302,7 +302,7 @@ int main( int argc, char *argv[] ) NULL, DEV_RANDOM_THRESHOLD, MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -315,7 +315,7 @@ int main( int argc, char *argv[] ) (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -328,7 +328,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret ); goto exit; } @@ -339,7 +339,7 @@ int main( int argc, char *argv[] ) opt.rsa_keysize, 65537 ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); + mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret ); goto exit; } } @@ -353,7 +353,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret ); goto exit; } } diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 19dcdfe49475..345b7b884daf 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -187,7 +187,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto cleanup; } @@ -248,7 +248,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto cleanup; } diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 60964292b938..937fe9033c15 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -299,7 +299,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -360,7 +360,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index bf425079e2e1..bccfde072761 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -100,7 +100,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -109,7 +109,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -124,7 +124,7 @@ int main( int argc, char *argv[] ) } i = 0; - while( fscanf( f, "%02X", &c ) > 0 && + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && i < (int) sizeof( buf ) ) { buf[i++] = (unsigned char) c; @@ -142,7 +142,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", - -ret ); + (unsigned int) -ret ); goto exit; } diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a32b1476154d..16cd3f0d06eb 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -98,7 +98,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -107,7 +107,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -130,7 +130,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", - -ret ); + (unsigned int) -ret ); goto exit; } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index a354e5b1773f..4e755c089780 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -96,7 +96,7 @@ int main( int argc, char *argv[] ) (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -127,7 +127,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret ); goto exit; } diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 72caf7139900..2e0876304527 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -86,7 +86,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto exit; } @@ -123,7 +123,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, i ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret ); goto exit; } diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index ff71bd0553b6..3327909b1084 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -160,7 +160,7 @@ int main( int argc, char *argv[] ) i = 0; - while( fscanf( f, "%02X", &c ) > 0 && + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && i < (int) sizeof( buf ) ) buf[i++] = (unsigned char) c; diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9bcd7a6270a6..78ab176f8e20 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -129,7 +129,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret ); goto exit; } @@ -151,7 +151,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; } diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 94f0ef9ce9c2..b53177594616 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -114,7 +114,7 @@ int main( int argc, char *argv[] ) } i = 0; - while( fscanf( f, "%02X", &c ) > 0 && + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && i < (int) sizeof( buf ) ) buf[i++] = (unsigned char) c; @@ -144,7 +144,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; } diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index f492e0e5d546..1dbbc8145eed 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -101,7 +101,7 @@ int main( void ) status = ( expr ); \ if( status != PSA_SUCCESS ) \ { \ - printf( "Error %d at line %u: %s\n", \ + printf( "Error %d at line %d: %s\n", \ (int) status, \ __LINE__, \ #expr ); \ diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 6ae63b725da2..c60aec966e40 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -80,7 +80,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n", - ret ); + (unsigned int) ret ); goto cleanup; } diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 3ea2a680b618..ce1056fa269a 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -149,7 +149,7 @@ int main( int argc, char *argv[] ) mbedtls_test_cas_pem_len ); if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -225,7 +225,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -303,7 +303,7 @@ int main( int argc, char *argv[] ) goto close_notify; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } } diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index bb32724780d0..f63741f25e80 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -291,7 +291,7 @@ int main( void ) client_ip, cliip_len ) ) != 0 ) { printf( " failed\n ! " - "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret ); + "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -318,7 +318,7 @@ int main( void ) } else if( ret != 0 ) { - printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); goto reset; } @@ -351,7 +351,7 @@ int main( void ) goto close_notify; default: - printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret ); + printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret ); goto reset; } } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index b723243c9cb0..3724c641115b 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -134,7 +134,7 @@ int main( void ) mbedtls_test_cas_pem_len ); if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -203,7 +203,7 @@ int main( void ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 73a993326e96..6b09a895a29a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -833,7 +833,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl, break; default: - mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret ); + mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret ); return( -1 ); } @@ -1077,7 +1077,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); return( ret ); } @@ -1101,7 +1101,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); return( ret ); } @@ -1111,7 +1111,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); return( ret ); } mbedtls_printf( "(%s) Peer CID (length %u Bytes): ", @@ -2013,7 +2013,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2024,7 +2024,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2082,7 +2082,7 @@ int main( int argc, char *argv[] ) if( ret < 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2117,7 +2117,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2142,7 +2142,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2179,7 +2179,7 @@ int main( int argc, char *argv[] ) MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2190,7 +2190,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2208,7 +2208,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2249,7 +2249,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2447,7 +2447,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2527,7 +2527,7 @@ int main( int argc, char *argv[] ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", - -ret ); + (unsigned int) -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) mbedtls_printf( " Unable to verify the server's certificate. " @@ -2599,7 +2599,7 @@ int main( int argc, char *argv[] ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2620,7 +2620,7 @@ int main( int argc, char *argv[] ) sizeof( eap_tls_iv ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2667,7 +2667,7 @@ int main( int argc, char *argv[] ) &session_data_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2676,7 +2676,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2827,7 +2827,7 @@ int main( int argc, char *argv[] ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2955,7 +2955,7 @@ int main( int argc, char *argv[] ) default: mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -3019,7 +3019,7 @@ int main( int argc, char *argv[] ) goto close_notify; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); goto exit; } } @@ -3047,7 +3047,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3058,7 +3058,7 @@ int main( int argc, char *argv[] ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3092,7 +3092,7 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3110,7 +3110,7 @@ int main( int argc, char *argv[] ) buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3139,7 +3139,7 @@ int main( int argc, char *argv[] ) context_buf, buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", -ret ); + "-0x%x\n", (unsigned int) -ret ); mbedtls_free( b64_buf ); goto exit; } @@ -3184,7 +3184,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3211,7 +3211,7 @@ int main( int argc, char *argv[] ) buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3283,7 +3283,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3294,7 +3294,7 @@ int main( int argc, char *argv[] ) session_data_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -3302,7 +3302,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3312,7 +3312,7 @@ int main( int argc, char *argv[] ) MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3323,7 +3323,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3334,7 +3334,7 @@ int main( int argc, char *argv[] ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -3353,7 +3353,7 @@ int main( int argc, char *argv[] ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); + mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); } #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 3e1d9a4e6135..9668cf93ea8c 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -309,7 +309,7 @@ int main( void ) break; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); break; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1d03fe283b06..ca557caaf15f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -932,7 +932,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl, break; default: - mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret ); + mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret ); return( -1 ); } @@ -1720,7 +1720,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); return( ret ); } @@ -2755,7 +2755,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2766,7 +2766,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2823,7 +2823,7 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_CERTS_C */ if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -2842,7 +2842,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2851,7 +2851,7 @@ int main( int argc, char *argv[] ) key_cert_init++; if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } } @@ -2867,7 +2867,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2877,7 +2877,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -2904,7 +2904,7 @@ int main( int argc, char *argv[] ) mbedtls_test_srv_crt_rsa_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey, @@ -2912,7 +2912,7 @@ int main( int argc, char *argv[] ) mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } key_cert_init = 2; @@ -2923,7 +2923,7 @@ int main( int argc, char *argv[] ) mbedtls_test_srv_crt_ec_len ) ) != 0 ) { mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey2, @@ -2931,7 +2931,7 @@ int main( int argc, char *argv[] ) mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) { mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } key_cert_init2 = 2; @@ -2951,7 +2951,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -2988,7 +2988,7 @@ int main( int argc, char *argv[] ) opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3005,7 +3005,7 @@ int main( int argc, char *argv[] ) opt.transport, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3064,7 +3064,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -3390,7 +3390,7 @@ int main( int argc, char *argv[] ) strlen( opt.psk_identity ) ); if( ret != 0 ) { - mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret ); + mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", (unsigned int) -ret ); goto exit; } } @@ -3431,7 +3431,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret ); + mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", (unsigned int) -ret ); goto exit; } #endif @@ -3444,7 +3444,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3529,7 +3529,7 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3539,7 +3539,7 @@ int main( int argc, char *argv[] ) ret = mbedtls_net_set_block( &client_fd ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -3552,7 +3552,7 @@ int main( int argc, char *argv[] ) client_ip, cliip_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } } @@ -3615,7 +3615,7 @@ int main( int argc, char *argv[] ) } else if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) @@ -3709,7 +3709,7 @@ int main( int argc, char *argv[] ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3730,7 +3730,7 @@ int main( int argc, char *argv[] ) sizeof( eap_tls_iv ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } @@ -3821,7 +3821,7 @@ int main( int argc, char *argv[] ) goto reset; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); goto reset; } } @@ -3867,7 +3867,7 @@ int main( int argc, char *argv[] ) } larger_buf[ori_len + extra_len] = '\0'; - mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n", + mbedtls_printf( " %d bytes read (%d + %d)\n\n%s\n", ori_len + extra_len, ori_len, extra_len, (char *) larger_buf ); @@ -3935,7 +3935,7 @@ int main( int argc, char *argv[] ) goto close_notify; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); goto reset; } } @@ -4092,7 +4092,7 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -4110,7 +4110,7 @@ int main( int argc, char *argv[] ) buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -4139,7 +4139,7 @@ int main( int argc, char *argv[] ) context_buf, buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", -ret ); + "-0x%x\n", (unsigned int) -ret ); mbedtls_free( b64_buf ); goto exit; } @@ -4199,7 +4199,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -4232,7 +4232,7 @@ int main( int argc, char *argv[] ) buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", -ret ); + "-0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -4275,7 +4275,7 @@ int main( int argc, char *argv[] ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); + mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); } #endif diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 57e8e7eba009..157593066aa1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -112,7 +112,7 @@ int main( void ) mbedtls_printf( "FAILED: %s\n", tmp ); #else #define PRINT_ERROR \ - mbedtls_printf( "FAILED: -0x%04x\n", -ret ); + mbedtls_printf( "FAILED: -0x%04x\n", (unsigned int) -ret ); #endif #define TIME_AND_TSC( TITLE, CODE ) \ diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 7447571f4fb3..d601dcc6930b 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -456,7 +456,7 @@ static int ctx_buffer_append( ctx_buffer *buf, { if( ( ret = ctx_buffer_flush( buf ) ) <= 0 ) { - mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret ); + mbedtls_printf( "ctx_buffer_flush failed with -%#04x", (unsigned int) -ret ); return( ret ); } } @@ -495,7 +495,7 @@ static int dispatch_data( mbedtls_net_context *ctx, ret = mbedtls_net_send( ctx, data, len ); if( ret < 0 ) { - mbedtls_printf( "net_send returned -%#04x\n", -ret ); + mbedtls_printf( "net_send returned -%#04x\n", (unsigned int) -ret ); } return( ret ); } @@ -999,7 +999,7 @@ int main( int argc, char *argv[] ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf( "Last error was: -0x%04X - %s\n\n", - ret, error_buf ); + mbedtls_printf( "Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf ); fflush( stdout ); } #endif diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 458280c989b1..b0487c08e22a 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -79,7 +79,7 @@ int main( int argc, char *argv[] ) { char error_buf[200]; mbedtls_strerror( val, error_buf, 200 ); - mbedtls_printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf ); + mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf ); } #if defined(_WIN32) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 432eefbf7d5b..7723a372e5ac 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -258,7 +258,7 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -268,7 +268,7 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } @@ -282,7 +282,7 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index d36d73c0d43d..9a7dc591dcd9 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -507,7 +507,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -527,7 +527,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -537,7 +537,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -561,7 +561,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -571,7 +571,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -596,7 +596,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -612,7 +612,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " - "returned -x%02x - %s\n\n", -ret, buf ); + "returned -x%02x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -646,7 +646,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -654,7 +654,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -669,7 +669,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -678,7 +678,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -696,7 +696,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -716,7 +716,7 @@ int main( int argc, char *argv[] ) mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" "_key_identifier returned -0x%04x - %s\n\n", - -ret, buf ); + (unsigned int) -ret, buf ); goto exit; } @@ -735,7 +735,7 @@ int main( int argc, char *argv[] ) mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" "key_identifier returned -0x%04x - %s\n\n", - -ret, buf ); + (unsigned int) -ret, buf ); goto exit; } @@ -754,7 +754,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -772,7 +772,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " - "returned -0x%04x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; } @@ -790,7 +790,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n", - -ret, buf ); + (unsigned int) -ret, buf ); goto exit; } diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 0e128e84f8b2..97b74bcd9d2f 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -113,7 +113,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) high_level_error_description = mbedtls_high_level_strerr( ret ); if( high_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); else mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); @@ -150,7 +150,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) low_level_error_description = mbedtls_low_level_strerr( ret ); if( low_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); + mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); else mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); } diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index 10f9e1154e02..7d59794bd385 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -52,7 +52,7 @@ void check_runtime_version( char * version_str ) mbedtls_version_get_string( get_str ); mbedtls_version_get_string_full( get_str_full ); - mbedtls_snprintf( build_str, 100, "%d.%d.%d", + mbedtls_snprintf( build_str, 100, "%u.%u.%u", (get_int >> 24) & 0xFF, (get_int >> 16) & 0xFF, (get_int >> 8) & 0xFF ); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 85ff41df27aa..f3e83d69e6fd 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -237,7 +237,7 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, char *p = *buf; size_t n = *size; - ret = mbedtls_snprintf( p, n, "type : %u", san->type ); + ret = mbedtls_snprintf( p, n, "type : %d", san->type ); MBEDTLS_X509_SAFE_SNPRINTF; switch( san->type ) From 66deb38d6463ee8c5b87a708bf3d414295243f20 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Mon, 20 Apr 2020 21:36:48 +0200 Subject: [PATCH 137/138] Fix wrong modulo call in ecp_double_add_mxz ecp_double_add_mxz wrongly does an MPI addition followed by a call to MOD_MUL instead of MOD_ADD. This is more visible since the mbedtls_mpi_xxx_mod functions have been added in commit 3b3b34f60800 ("Replace some macros by functions"). Fix that by using mbedtls_mpi_add_mod instead. The testsuite still passes after that change. Signed-off-by: Aurelien Jarno --- ChangeLog.d/fix-ecp_double_add_mxz.txt | 4 ++++ library/ecp.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-ecp_double_add_mxz.txt diff --git a/ChangeLog.d/fix-ecp_double_add_mxz.txt b/ChangeLog.d/fix-ecp_double_add_mxz.txt new file mode 100644 index 000000000000..91531b2bbd41 --- /dev/null +++ b/ChangeLog.d/fix-ecp_double_add_mxz.txt @@ -0,0 +1,4 @@ +Changes + * Fix minor performance issue in operations on Curve25519 caused by using a + suboptimal modular reduction in one place. Found and fix contributed by + Aurelien Jarno in #3209. diff --git a/library/ecp.c b/library/ecp.c index d3e42a94db9e..1456d5815d59 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2332,7 +2332,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) ); From 4830d2134b630091057e58b6ff4f8e8c5470d2ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Apr 2020 12:10:02 +0200 Subject: [PATCH 138/138] Use () after function name Signed-off-by: Gilles Peskine --- ChangeLog.d/error_const.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt index a3ee45740cb7..e0086b74cf79 100644 --- a/ChangeLog.d/error_const.txt +++ b/ChangeLog.d/error_const.txt @@ -1,6 +1,6 @@ Features * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror + high- and low-level error codes, complementing mbedtls_strerror() which constructs a string for any error code, including compound ones, but requires a writable buffer. Contributed by Gaurav Aggarwal in #3176.