Merge pull request #3863 from gabor-mezei-arm/3818_bp216_MBEDTLS_AES_SETKEY_DEC_ALT_excludes_MBEDTLS_CIPHER_MODE_XTS
[Backport 2.16] Make the aes xts methods independent from MBEDTLS_AES_SETKEY_DEC_ALT
diff --git a/.travis.yml b/.travis.yml
index c45d408..8789c44 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,48 +1,64 @@
language: c
-compiler:
-- clang
-- gcc
+compiler: gcc
sudo: false
cache: ccache
-# blocklist
-branches:
- except:
- - development-psa
- - coverity_scan
+jobs:
+ include:
+ - name: basic checks and reference configurations
+ addons:
+ apt:
+ packages:
+ - gnutls-bin
+ - doxygen
+ - graphviz
+ - gcc-arm-none-eabi
+ - libnewlib-arm-none-eabi
+ language: python # Needed to get pip for Python 3
+ python: 3.5 # version from Ubuntu 16.04
+ install:
+ - pip install pylint==2.4.4
+ script:
+ - tests/scripts/all.sh -k 'check_*'
+ - tests/scripts/all.sh -k test_default_out_of_box
+ - tests/scripts/test-ref-configs.pl
+ - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
-script:
-- tests/scripts/recursion.pl library/*.c
-- tests/scripts/check-generated-files.sh
-- tests/scripts/check-doxy-blocks.pl
-- tests/scripts/check-names.sh
-- tests/scripts/check-files.py
-- tests/scripts/doxygen.sh
-- cmake -D CMAKE_BUILD_TYPE:String="Check" .
-- make
-- make test
-- programs/test/selftest
-- OSSL_NO_DTLS=1 tests/compat.sh
-- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
-- tests/scripts/test-ref-configs.pl
-- tests/scripts/curves.pl
-- tests/scripts/key-exchanges.pl
+ - name: full configuration
+ script:
+ - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+
+ - name: check compilation guards
+ script:
+ - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
+
+ - name: macOS
+ os: osx
+ compiler: clang
+ script:
+ - tests/scripts/all.sh -k test_default_out_of_box
+
+ - name: Windows
+ os: windows
+ script:
+ - scripts/windows_msbuild.bat v141 # Visual Studio 2017
+
after_failure:
- tests/scripts/travis-log-failure.sh
+
env:
global:
- SEED=1
- - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
+ - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
addons:
apt:
packages:
- - doxygen
- - graphviz
+ - gnutls-bin
coverity_scan:
project:
name: "ARMmbed/mbedtls"
- notification_email: simon.butcher@arm.com
+ notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
branch_pattern: coverity_scan
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c1ae452..9b02ba5 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,7 +14,7 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
@@ -79,4 +79,4 @@
1. Complex parts in the code should include comments.
1. If needed, a Readme file is advised.
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
-1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
+1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
diff --git a/ChangeLog b/ChangeLog
index 96fa9f3..c68bd1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,122 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.16.8 branch released 2020-09-01
+
+Features
+ * Support building on e2k (Elbrus) architecture: correctly enable
+ -Wformat-signedness, and fix the code that causes signed-one-bit-field
+ and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
+ <akemi_homura@kurisa.ch>.
+
+Security
+ * When checking X.509 CRLs, a certificate was only considered as revoked if
+ its revocationDate was in the past according to the local clock if
+ available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
+ certificates were never considered as revoked. On builds with
+ MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
+ example, an untrusted OS attacking a secure enclave) could prevent
+ revocation of certificates via CRLs. Fixed by no longer checking the
+ revocationDate field, in accordance with RFC 5280. Reported by
+ yuemonangong in #3340. Reported independently and fixed by
+ Raoul Strackx and Jethro Beekman in #3433.
+ * In (D)TLS record decryption, when using a CBC ciphersuites without the
+ Encrypt-then-Mac extension, use constant code flow memory access patterns
+ to extract and check the MAC. This is an improvement to the existing
+ countermeasure against Lucky 13 attacks. The previous countermeasure was
+ effective against network-based attackers, but less so against local
+ attackers. The new countermeasure defends against local attackers, even
+ if they have access to fine-grained measurements. In particular, this
+ fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
+ Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+ (University of Florida) and Dave Tian (Purdue University).
+ * Fix side channel in RSA private key operations and static (finite-field)
+ Diffie-Hellman. An adversary with precise enough timing and memory access
+ information (typically an untrusted operating system attacking a secure
+ enclave) could bypass an existing counter-measure (base blinding) and
+ potentially fully recover the private key.
+ * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
+ Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
+ for pinpointing the problematic code.
+ * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
+ application data from memory. Reported in #689 by
+ Johan Uppman Bruce of Sectra.
+
+Bugfix
+ * Avoid use of statically sized stack buffers for certificate writing.
+ This previously limited the maximum size of DER encoded certificates
+ in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
+ * Reduce the stack consumption of mbedtls_x509write_csr_der() which
+ previously could lead to stack overflow on constrained devices.
+ Contributed by Doru Gucea and Simon Leet in #3464.
+ * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
+ lower bits. Fix contributed in #3540.
+ * Fix building library/net_sockets.c and the ssl_mail_client program on
+ NetBSD. NetBSD conditionals were added for the backport to avoid the risk
+ of breaking a platform. Original fix contributed by Nia Alarie in #3422.
+ Adapted for long-term support branch 2.16 in #3558.
+ * Fix bug in redirection of unit test outputs on platforms where stdout is
+ defined as a macro. First reported in #2311 and fix contributed in #3528.
+ Adopted for LTS branch 2.16 in #3601.
+
+Changes
+ * Update copyright notices to use Linux Foundation guidance. As a result,
+ the copyright of contributors other than Arm is now acknowledged, and the
+ years of publishing are no longer tracked in the source files. This also
+ eliminates the need for the lines declaring the files to be part of
+ MbedTLS. Fixes #3457.
+
+= mbed TLS 2.16.7 branch released 2020-07-01
+
+Security
+ * Fix a side channel vulnerability in modular exponentiation that could
+ reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
+ Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
+ of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
+ Strackx (Fortanix) in #3394.
+ * Fix side channel in mbedtls_ecp_check_pub_priv() and
+ mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
+ private key that didn't include the uncompressed public key), as well as
+ mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
+ f_rng argument. An attacker with access to precise enough timing and
+ memory access information (typically an untrusted operating system
+ attacking a secure enclave) could fully recover the ECC private key.
+ Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
+ * Fix issue in Lucky 13 counter-measure that could make it ineffective when
+ hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
+ macros). This would cause the original Lucky 13 attack to be possible in
+ those configurations, allowing an active network attacker to recover
+ plaintext after repeated timing measurements under some conditions.
+ Reported and fix suggested by Luc Perneel in #3246.
+
+Bugfix
+ * Fix the Visual Studio Release x64 build configuration for mbedtls itself.
+ Completes a previous fix in Mbed TLS 2.16.3 that only fixed the build for
+ the example programs. Reported in #1430 and fix contributed by irwir.
+ * Fix undefined behavior in X.509 certificate parsing if the
+ pathLenConstraint basic constraint value is equal to INT_MAX.
+ The actual effect with almost every compiler is the intended
+ behavior, so this is unlikely to be exploitable anywhere. #3197
+ * Include asn1.h in error.c. Fixes #3328 reported by David Hu.
+ * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz()
+ when PRNG function fails. Contributed by Jonas Lejeune in #3318.
+ * Add additional bounds checks in ssl_write_client_hello() preventing
+ output buffer overflow if the configuration declared a buffer that was
+ too small.
+
+Changes
+ * Unify the example programs termination to call mbedtls_exit() instead of
+ using a return command. This has been done to enable customization of the
+ behavior in bare metal environments.
+ * Abort the ClientHello writing function as soon as some extension doesn't
+ fit into the record buffer. Previously, such extensions were silently
+ dropped. As a consequence, the TLS handshake now fails when the output
+ buffer is not large enough to hold the ClientHello.
+ * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
+ `MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
+ `MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
+ are not a concern, this dependency can be avoided by enabling the new
+ option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
+
= mbed TLS 2.16.6 branch released 2020-04-14
Security
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
new file mode 100644
index 0000000..a2e096f
--- /dev/null
+++ b/ChangeLog.d/00README.md
@@ -0,0 +1,88 @@
+# Pending changelog entry directory
+
+This directory contains changelog entries that have not yet been merged
+to the changelog file ([`../ChangeLog`](../ChangeLog)).
+
+## What requires a changelog entry?
+
+Write a changelog entry if there is a user-visible change. This includes:
+
+* Bug fixes in the library or in sample programs: fixing a security hole,
+ fixing broken behavior, fixing the build in some configuration or on some
+ platform, etc.
+* New features in the library, new sample programs, or new platform support.
+* Changes in existing behavior. These should be rare. Changes in features
+ that are documented as experimental may or may not be announced, depending
+ on the extent of the change and how widely we expect the feature to be used.
+
+We generally don't include changelog entries for:
+
+* Documentation improvements.
+* Performance improvements, unless they are particularly significant.
+* Changes to parts of the code base that users don't interact with directly,
+ such as test code and test data.
+
+Until Mbed TLS 2.16.8, we required changelog entries in more cases.
+Looking at older changelog entries is good practice for how to write a
+changelog entry, but not for deciding whether to write one.
+
+## Changelog entry file format
+
+A changelog entry file must have the extension `*.txt` and must have the
+following format:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Security
+ * Change description.
+ * Another change description.
+
+Features
+ * Yet another change description. This is a long change description that
+ spans multiple lines.
+ * Yet again another change description.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The permitted changelog entry categories are as follows:
+<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
+
+ API changes
+ Default behavior changes
+ Requirement changes
+ New deprecations
+ Removals
+ Features
+ Security
+ Bugfix
+ Changes
+
+Use “Changes” for anything that doesn't fit in the other categories.
+
+## How to write a changelog entry
+
+Each entry starts with three spaces, an asterisk and a space. Continuation
+lines start with 5 spaces. Lines wrap at 79 characters.
+
+Write full English sentences with proper capitalization and punctuation. Use
+the present tense. Use the imperative where applicable. For example: “Fix a
+bug in mbedtls_xxx() ….”
+
+Include GitHub issue numbers where relevant. Use the format “#1234” for an
+Mbed TLS issue. Add other external references such as CVE numbers where
+applicable.
+
+Credit bug reporters where applicable.
+
+**Explain why, not how**. Remember that the audience is the users of the
+library, not its developers. In particular, for a bug fix, explain the
+consequences of the bug, not how the bug was fixed. For a new feature, explain
+why one might be interested in the feature. For an API change or a deprecation,
+explain how to update existing applications.
+
+See [existing entries](../ChangeLog) for examples.
+
+## How `ChangeLog` is updated
+
+Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
+from a Git working copy
+to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
diff --git a/ChangeLog.d/_GNU_SOURCE-redefined.txt b/ChangeLog.d/_GNU_SOURCE-redefined.txt
new file mode 100644
index 0000000..59c8a15
--- /dev/null
+++ b/ChangeLog.d/_GNU_SOURCE-redefined.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
+ Fix #3432.
diff --git a/ChangeLog.d/adjusting sliding_window_size_PR3592.txt b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt
new file mode 100644
index 0000000..6089565
--- /dev/null
+++ b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt
@@ -0,0 +1,3 @@
+Changes
+ * Reduce stack usage significantly during sliding window exponentiation.
+ Reported in #3591 and fix contributed in #3592 by Daniel Otte.
diff --git a/ChangeLog.d/aes-zeroize-pointer.txt b/ChangeLog.d/aes-zeroize-pointer.txt
new file mode 100644
index 0000000..ccc6dc1
--- /dev/null
+++ b/ChangeLog.d/aes-zeroize-pointer.txt
@@ -0,0 +1,5 @@
+Changes
+ * Remove the zeroization of a pointer variable in AES rounds. It was valid
+ but spurious and misleading since it looked like a mistaken attempt to
+ zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
+ Leti, France.
diff --git a/ChangeLog.d/ecb_iv_fix.txt b/ChangeLog.d/ecb_iv_fix.txt
new file mode 100644
index 0000000..ae2ae25
--- /dev/null
+++ b/ChangeLog.d/ecb_iv_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Correct the default IV size for mbedtls_cipher_info_t structures using
+ MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
diff --git a/ChangeLog.d/fix-rsa-blinding.txt b/ChangeLog.d/fix-rsa-blinding.txt
new file mode 100644
index 0000000..a13572c
--- /dev/null
+++ b/ChangeLog.d/fix-rsa-blinding.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * Fix rsa_prepare_blinding() to retry when the blinding value is not
+ invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
+ addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
+ Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
+ Fixes #3647.
diff --git a/LICENSE b/LICENSE
index 546a8e6..e15ea82 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,2 +1,5 @@
-Unless specifically indicated otherwise in a file, files are licensed
-under the Apache 2.0 license, as can be found in: apache-2.0.txt
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided
+under the Apache License 2.0, or the GNU General Public License v2.0 or later
+(SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later).
+
+A copy of these licenses can be found in apache-2.0.txt and gpl-2.0.txt
diff --git a/Makefile b/Makefile
index 0a9640f..24d529a 100644
--- a/Makefile
+++ b/Makefile
@@ -106,11 +106,11 @@
lcov:
rm -rf Coverage
lcov --capture --initial --directory library -o files.info
- lcov --capture --directory library -o tests.info
- lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
- lcov --remove all.info -o final.info '*.h'
+ lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info
+ lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info
+ lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions
- genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
+ genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info
rm -f files.info tests.info all.info final.info descriptions
apidoc:
diff --git a/README.md b/README.md
index a44b635..11f9ba4 100644
--- a/README.md
+++ b/README.md
@@ -172,7 +172,7 @@
License
-------
-Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See [here](./apache-2.0.txt) for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. A copy of these licenses can be found in [apache-2.0.txt](./apache-2.0.txt) and [gpl-2.0.txt](./gpl-2.0.txt). Contributors must accept that their contributions are made under both the Apache-2.0 AND GPL-2.0-or-later licenses.
Contributing
------------
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index c9b58dd..f3929ae 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -4,8 +4,14 @@
* \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 013bc03..c235e3c 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -4,8 +4,14 @@
* \brief Minimal configuration for TLS 1.1 (RFC 4346)
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 7d34ad5..54e2f6c 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -4,8 +4,14 @@
* \brief Minimal configuration of features that do not require an entropy source
*/
/*
- * Copyright (C) 2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Minimal configuration of features that do not require an entropy source
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 18e2c40..897c4d6 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -4,8 +4,14 @@
* \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 25db16b..4c18f6a 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -4,8 +4,14 @@
* \brief Minimal configuration for using TLS as part of Thread
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
index b1281cb..81b1b91 100644
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h
index e54b28e..7de2957 100644
--- a/doxygen/input/doc_hashing.h
+++ b/doxygen/input/doc_hashing.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index db5bb49..acd8be1 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,11 +26,30 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
- * @mainpage mbed TLS v2.16.6 source code documentation
+ * @mainpage mbed TLS v2.16.8 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h
index 0f212e0..44c4204 100644
--- a/doxygen/input/doc_rng.h
+++ b/doxygen/input/doc_rng.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h
index 4addfb3..1db44c2 100644
--- a/doxygen/input/doc_ssltls.h
+++ b/doxygen/input/doc_ssltls.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h
index 95f4586..a089601 100644
--- a/doxygen/input/doc_tcpip.h
+++ b/doxygen/input/doc_tcpip.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h
index 9b52569..1f9f8e0 100644
--- a/doxygen/input/doc_x509.h
+++ b/doxygen/input/doc_x509.h
@@ -5,8 +5,14 @@
*/
/*
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/**
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 1edc9ce..45398b7 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.16.6"
+PROJECT_NAME = "mbed TLS v2.16.8"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/gpl-2.0.txt b/gpl-2.0.txt
new file mode 100644
index 0000000..d159169
--- /dev/null
+++ b/gpl-2.0.txt
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 94e7282..4468b66 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -20,8 +20,15 @@
* <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -35,7 +42,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_AES_H
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index a4ca012..9b63a00 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -7,8 +7,14 @@
* functions; you must not call them directly.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index fb044d5..6334a9c 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -7,8 +7,14 @@
* security risk. We recommend considering stronger ciphers instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
#ifndef MBEDTLS_ARC4_H
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 1e8956e..13763d4 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -9,8 +9,15 @@
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
* and also described by the IETF in <em>RFC 5794</em>.
*/
-/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -24,7 +31,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ARIA_H
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 96c1c9a..0e596bc 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -4,8 +4,14 @@
* \brief Generic ASN.1 parsing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index a194243..3c7cdd6 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -4,8 +4,14 @@
* \brief ASN.1 buffer writing functionality
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 0d02416..cbed688 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -4,8 +4,14 @@
* \brief RFC 1521 base64 encoding/decoding
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 22b3731..4d04b33 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -4,8 +4,14 @@
* \brief Multi-precision integer library
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
@@ -63,12 +88,12 @@
* Maximum window size used for modular exponentiation. Default: 6
* Minimum value: 1. Maximum value: 6.
*
- * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
* for the sliding window calculation. (So 64 by default)
*
* Reduction in size, reduces speed.
*/
-#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(MBEDTLS_MPI_MAX_SIZE)
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index f01573d..945bd42 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -4,8 +4,14 @@
* \brief Blowfish block cipher
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 748975e..9615090 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -4,8 +4,14 @@
* \brief Multi-precision integer library
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Multiply source vector [s] with b, add result
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 3eeb663..3887128 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -4,8 +4,14 @@
* \brief Camellia block cipher
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index f03e3b5..d50c6ec 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -28,8 +28,14 @@
* consistent with RFC 3610.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -43,7 +49,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CCM_H
@@ -150,7 +175,7 @@
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
- * readable buffer of at least \p tag_len Bytes.
+ * writable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
@@ -195,7 +220,7 @@
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
- * readable buffer of at least \p tag_len Bytes.
+ * writable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index 179ebbb..8472a6f 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -4,8 +4,14 @@
* \brief Sample certificates and DHM parameters for testing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 2ae5e6e..8c9c2af 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -12,8 +12,15 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -27,7 +34,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CHACHA20_H
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 49e615d..5f6cb6e 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -12,8 +12,15 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -27,7 +34,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CHACHAPOLY_H
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 93de091..2bbd7a8 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -4,8 +4,14 @@
* \brief Consistency checks for configuration options
*/
/*
- * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
@@ -140,6 +165,16 @@
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_ECP_C) && !( \
+ defined(MBEDTLS_ECP_ALT) || \
+ defined(MBEDTLS_CTR_DRBG_C) || \
+ defined(MBEDTLS_HMAC_DRBG_C) || \
+ defined(MBEDTLS_SHA512_C) || \
+ defined(MBEDTLS_SHA256_C) || \
+ defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
+#error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
+#endif
+
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
#endif
@@ -162,6 +197,16 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#define MBEDTLS_HAS_MEMSAN
+#endif
+#endif
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
+#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
+#endif
+#undef MBEDTLS_HAS_MEMSAN
+
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 082a691..1f41b52 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -8,8 +8,14 @@
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CIPHER_H
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index c6def0b..88282ec 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -6,8 +6,14 @@
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 9d42b3f..5a7c9b2 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -7,8 +7,14 @@
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
*/
/*
- * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CMAC_H
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index a58b4724..45e5a1c 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -7,8 +7,14 @@
* \deprecated Use the new names directly instead
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 834cced..6b45021 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -8,8 +8,14 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CONFIG_H
@@ -525,6 +550,42 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * clang's MemorySanitizer. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires compiling with clang -fsanitize=memory. The test
+ * suites can then be run normally.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * valgrind's memcheck tool. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires valgrind headers for building, and is only useful for
+ * testing if the tests suites are run with valgrind's memcheck. This can be
+ * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
+ * using CMake, this can be done for all test suites with 'make memcheck'.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+
+/**
* \def MBEDTLS_TEST_NULL_ENTROPY
*
* Enables testing and use of mbed TLS without any configured entropy sources.
@@ -781,6 +842,28 @@
#define MBEDTLS_ECP_NIST_OPTIM
/**
+ * \def MBEDTLS_ECP_NO_INTERNAL_RNG
+ *
+ * When this option is disabled, mbedtls_ecp_mul() will make use of an
+ * internal RNG when called with a NULL \c f_rng argument, in order to protect
+ * against some side-channel attacks.
+ *
+ * This protection introduces a dependency of the ECP module on one of the
+ * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very
+ * constrained applications that don't require this protection (for example,
+ * because you're only doing signature verification, so not manipulating any
+ * secret, or because local/physical side-channel attacks are outside your
+ * threat model), it might be desirable to get rid of that dependency.
+ *
+ * \warning Enabling this option makes some uses of ECP vulnerable to some
+ * side-channel attacks. Only enable it if you know that's not a problem for
+ * your use case.
+ *
+ * Uncomment this macro to disable some counter-measures in ECP.
+ */
+//#define MBEDTLS_ECP_NO_INTERNAL_RNG
+
+/**
* \def MBEDTLS_ECP_RESTARTABLE
*
* Enable "non-blocking" ECC operations that can return early and be resumed.
@@ -3043,7 +3126,7 @@
*/
/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
/* CTR_DRBG options */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index e0b5ed9..7e5f2e5 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -38,8 +38,14 @@
* - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
*/
/*
- * Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -53,7 +59,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CTR_DRBG_H
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 736444b..abc2d4f 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -4,8 +4,14 @@
* \brief Functions for controlling and providing debug output from the library.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_DEBUG_H
#define MBEDTLS_DEBUG_H
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 54e6b78..ee24f65 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -8,8 +8,14 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
#ifndef MBEDTLS_DES_H
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 2909f5f..11042ef 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -44,8 +44,14 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -59,7 +65,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_DHM_H
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 4479a1d..b9324bc 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -13,8 +13,14 @@
* Cryptography</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -28,7 +34,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ECDH_H
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 932acc6..da02b27 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -11,8 +11,14 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -26,7 +32,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ECDSA_H
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 3d8d02a..a9b68d0 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -4,8 +4,14 @@
* \brief Elliptic curve J-PAKE
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 065a4cc..bdc750e 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -15,8 +15,14 @@
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -30,7 +36,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ECP_H
@@ -813,6 +838,9 @@
* intermediate results to prevent potential timing attacks
* targeting these results. We recommend always providing
* a non-NULL \p f_rng. The overhead is negligible.
+ * Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when
+ * \p f_rng is NULL, an internal RNG (seeded from the value
+ * of \p m) will be used instead.
*
* \param grp The ECP group to use.
* This must be initialized and have group parameters
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 7625ed4..0047bd4 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -5,8 +5,14 @@
* point arithmetic.
*/
/*
- * Copyright (C) 2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index ca06dc3..1e1d3f5 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -4,8 +4,14 @@
* \brief Entropy accumulator implementation
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index 94dd657..c348fe5 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -4,8 +4,14 @@
* \brief Platform-specific and custom entropy polling functions
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index bee0fe4..fa8582a 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -4,8 +4,14 @@
* \brief Error to string translation
*/
/*
- * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_ERROR_H
#define MBEDTLS_ERROR_H
@@ -100,6 +125,7 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
+ * SSL 5 1 (Started from 0x5E80)
* CIPHER 6 8
* SSL 6 23 (Started from top)
* SSL 7 32
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index fd130ab..1201fbd 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -12,8 +12,14 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -27,7 +33,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_GCM_H
@@ -157,7 +182,7 @@
* than zero, this must be a writable buffer of at least that
* size in Bytes.
* \param tag_len The length of the tag to generate.
- * \param tag The buffer for holding the tag. This must be a readable
+ * \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
*
* \return \c 0 if the encryption or decryption was performed
@@ -285,7 +310,7 @@
* tag. The tag can have a maximum length of 16 Bytes.
*
* \param ctx The GCM context. This must be initialized.
- * \param tag The buffer for holding the tag. This must be a readable
+ * \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to generate. This must be at least
* four.
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 4c1c860..e90839d 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -4,8 +4,14 @@
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_HAVEGE_H
#define MBEDTLS_HAVEGE_H
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index bcafe42..07ffe83 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -7,8 +7,14 @@
* specified by RFC 5869.
*/
/*
- * Copyright (C) 2016-2019, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 7931c22..6883678 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -8,8 +8,14 @@
* Deterministic Random Bit Generators</em>.
*/
/*
- * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 8bcf766..2ba8d9e 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -6,8 +6,14 @@
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_MD_H
@@ -98,6 +123,8 @@
* \brief This function returns the list of digests supported by the
* generic digest module.
*
+ * \note The list starts with the strongest available hashes.
+ *
* \return A statically allocated array of digests. Each element
* in the returned list is an integer belonging to the
* message-digest enumeration #mbedtls_md_type_t.
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index fe97cf0..9607df6 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -8,8 +8,14 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
#ifndef MBEDTLS_MD2_H
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index ce703c0..6ceaf7a 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -8,8 +8,14 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
#ifndef MBEDTLS_MD4_H
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 6eed6cc..b9d0ca9 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -8,8 +8,14 @@
* digests instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h
index 04de482..847f50a 100644
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@@ -8,8 +8,14 @@
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 705f9a6..89c0617 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -4,8 +4,14 @@
* \brief Buffer-based memory allocator
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 8cead58..6c7a49d 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -6,8 +6,14 @@
* \deprecated Superseded by mbedtls/net_sockets.h
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 4c7ef00..00fea7d 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -20,8 +20,14 @@
*
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -35,7 +41,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 3b67b59..9435656 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -16,8 +16,14 @@
*
*/
/*
- * Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -31,7 +37,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_NIST_KW_H
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 6fbd018..4a7e3b4 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -4,8 +4,14 @@
* \brief Object Identifier (OID) database
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 721a5d4..d8246e2 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -8,8 +8,14 @@
* functions; you must not call them directly.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -23,7 +29,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index a29e9ce..c9df7ca 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -4,8 +4,14 @@
* \brief Privacy Enhanced Mail (PEM) decoding
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
@@ -112,17 +137,27 @@
* \brief Write a buffer of PEM information from a DER encoded
* buffer.
*
- * \param header header string to write
- * \param footer footer string to write
- * \param der_data DER data to write
- * \param der_len length of the DER data
- * \param buf buffer to write to
- * \param buf_len length of output buffer
- * \param olen total length written / required (if buf_len is not enough)
+ * \param header The header string to write.
+ * \param footer The footer string to write.
+ * \param der_data The DER data to encode.
+ * \param der_len The length of the DER data \p der_data in Bytes.
+ * \param buf The buffer to write to.
+ * \param buf_len The length of the output buffer \p buf in Bytes.
+ * \param olen The address at which to store the total length written
+ * or required (if \p buf_len is not enough).
*
- * \return 0 on success, or a specific PEM or BASE64 error code. On
- * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
- * size.
+ * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
+ * to request the length of the resulting PEM buffer in
+ * `*olen`.
+ *
+ * \note This function may be called with overlapping \p der_data
+ * and \p buf buffers.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
+ * enough to hold the PEM buffer. In this case, `*olen` holds
+ * the required minimum size of \p buf.
+ * \return Another PEM or BASE64 error code on other kinds of failure.
*/
int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 1364275..20d51d4 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -4,8 +4,14 @@
* \brief Public Key abstraction layer
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PK_H
diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index 48b7a5f..3f84cdf 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -4,8 +4,14 @@
* \brief Public Key abstraction layer: wrapper functions
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PK_WRAP_H
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index 02427dd..3874d4a 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -6,8 +6,14 @@
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PKCS11_H
#define MBEDTLS_PKCS11_H
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index d441357..9cbcb17 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -4,8 +4,14 @@
* \brief PKCS#12 Personal Information Exchange Syntax
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index c92185f..328633c 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -6,8 +6,14 @@
* \author Mathias Olsson <mathias@kompetensum.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 89fe8a7..689cfc6 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -13,8 +13,14 @@
* dynamically configured at runtime.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -28,7 +34,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 2ed36f5..e132f6a 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -4,8 +4,14 @@
* \brief mbed TLS Platform time abstraction
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 09d0965..426afaf 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -5,8 +5,14 @@
* library.
*/
/*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index f0ec44c..b337aa8 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -12,8 +12,15 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -27,7 +34,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_POLY1305_H
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index b42f6d2..31c6637 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -4,8 +4,14 @@
* \brief RIPE MD-160 message digest
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 35bacd8..188c37c 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -10,8 +10,14 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -25,7 +31,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h
index 53abd3c..953cb7b 100644
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@@ -35,8 +35,14 @@
*
*/
/*
- * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -50,7 +56,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index bb6ecf0..60c514a 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -11,8 +11,14 @@
* digests instead.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -26,7 +32,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index d647398..b1881e1 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -7,8 +7,14 @@
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -22,7 +28,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index c06ceed..9ff78ec 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -6,8 +6,14 @@
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -21,7 +27,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1adf960..fe33ac8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4,8 +4,14 @@
* \brief SSL/TLS functions.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
@@ -123,6 +148,7 @@
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
+#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */
/*
* Various constants
@@ -137,6 +163,9 @@
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
@@ -1380,7 +1409,7 @@
* \note For DTLS, you need to provide either a non-NULL
* f_recv_timeout callback, or a f_recv that doesn't block.
*
- * \note See the documentations of \c mbedtls_ssl_sent_t,
+ * \note See the documentations of \c mbedtls_ssl_send_t,
* \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
* the conventions those callbacks must follow.
*
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 52ba094..612d817 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -4,8 +4,14 @@
* \brief SSL session cache implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 71053e5..ab8e601 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -4,8 +4,14 @@
* \brief SSL Ciphersuites for mbed TLS
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index e34760a..9c2d5b6 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -4,8 +4,14 @@
* \brief DTLS cookie callbacks implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index bd5ad94..6ba6c2a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -4,8 +4,14 @@
* \brief Internal functions shared by the SSL modules
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_INTERNAL_H
#define MBEDTLS_SSL_INTERNAL_H
@@ -125,6 +150,24 @@
#define MBEDTLS_SSL_RETRANS_WAITING 2
#define MBEDTLS_SSL_RETRANS_FINISHED 3
+/* This macro determines whether CBC is supported. */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_DES_C) )
+#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
+#endif
+
+/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
+ * opposed to the very different CBC construct used in SSLv3) is supported. */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
+#endif
+
/*
* Allow extra bytes for record, authentication and encryption overhead:
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
@@ -182,6 +225,12 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
)
+/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
+#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
+
+/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
+#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
+
/*
* Check that we obey the standard's message size bounds
*/
@@ -236,6 +285,41 @@
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
+/**
+ * \brief This function checks if the remaining size in a buffer is
+ * greater or equal than a needed space.
+ *
+ * \param cur Pointer to the current position in the buffer.
+ * \param end Pointer to one past the end of the buffer.
+ * \param need Needed space in bytes.
+ *
+ * \return Zero if the needed space is available in the buffer, non-zero
+ * otherwise.
+ */
+static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
+ const uint8_t *end, size_t need )
+{
+ return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+}
+
+/**
+ * \brief This macro checks if the remaining size in a buffer is
+ * greater or equal than a needed space. If it is not the case,
+ * it returns an SSL_BUFFER_TOO_SMALL error.
+ *
+ * \param cur Pointer to the current position in the buffer.
+ * \param end Pointer to one past the end of the buffer.
+ * \param need Needed space in bytes.
+ *
+ */
+#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
+ do { \
+ if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+ { \
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
+ } \
+ } while( 0 )
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -775,6 +859,73 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+/** \brief Compute the HMAC of variable-length data with constant flow.
+ *
+ * This function computes the HMAC of the concatenation of \p add_data and \p
+ * data, and does with a code flow and memory access pattern that does not
+ * depend on \p data_len_secret, but only on \p min_data_len and \p
+ * max_data_len. In particular, this function always reads exactly \p
+ * max_data_len bytes from \p data.
+ *
+ * \param ctx The HMAC context. It must have keys configured
+ * with mbedtls_md_hmac_starts() and use one of the
+ * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
+ * It is reset using mbedtls_md_hmac_reset() after
+ * the computation is complete to prepare for the
+ * next computation.
+ * \param add_data The additional data prepended to \p data. This
+ * must point to a readable buffer of \p add_data_len
+ * bytes.
+ * \param add_data_len The length of \p add_data in bytes.
+ * \param data The data appended to \p add_data. This must point
+ * to a readable buffer of \p max_data_len bytes.
+ * \param data_len_secret The length of the data to process in \p data.
+ * This must be no less than \p min_data_len and no
+ * greater than \p max_data_len.
+ * \param min_data_len The minimal length of \p data in bytes.
+ * \param max_data_len The maximal length of \p data in bytes.
+ * \param output The HMAC will be written here. This must point to
+ * a writable buffer of sufficient size to hold the
+ * HMAC value.
+ *
+ * \retval 0
+ * Success.
+ * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
+ * The hardware accelerator failed.
+ */
+int mbedtls_ssl_cf_hmac(
+ mbedtls_md_context_t *ctx,
+ const unsigned char *add_data, size_t add_data_len,
+ const unsigned char *data, size_t data_len_secret,
+ size_t min_data_len, size_t max_data_len,
+ unsigned char *output );
+
+/** \brief Copy data from a secret position with constant flow.
+ *
+ * This function copies \p len bytes from \p src_base + \p offset_secret to \p
+ * dst, with a code flow and memory access pattern that does not depend on \p
+ * offset_secret, but only on \p offset_min, \p offset_max and \p len.
+ *
+ * \param dst The destination buffer. This must point to a writable
+ * buffer of at least \p len bytes.
+ * \param src_base The base of the source buffer. This must point to a
+ * readable buffer of at least \p offset_max + \p len
+ * bytes.
+ * \param offset_secret The offset in the source buffer from which to copy.
+ * This must be no less than \p offset_min and no greater
+ * than \p offset_max.
+ * \param offset_min The minimal value of \p offset_secret.
+ * \param offset_max The maximal value of \p offset_secret.
+ * \param len The number of bytes to copy.
+ */
+void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
+ const unsigned char *src_base,
+ size_t offset_secret,
+ size_t offset_min, size_t offset_max,
+ size_t len );
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 774a007..a10a434 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -4,8 +4,14 @@
* \brief TLS server ticket callbacks implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 92e6e6b..a8183a6 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -4,8 +4,14 @@
* \brief Threading abstraction layer
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index a965fe0..8611ba9 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -4,8 +4,14 @@
* \brief Portable interface to timeouts and to the CPU cycle counter
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index e0a2e7f..d09b450 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -4,8 +4,14 @@
* \brief Run-time version information
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* This set of compile-time defines and run-time variables can be used to
@@ -40,16 +65,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16
-#define MBEDTLS_VERSION_PATCH 6
+#define MBEDTLS_VERSION_PATCH 8
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02100600
-#define MBEDTLS_VERSION_STRING "2.16.6"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.6"
+#define MBEDTLS_VERSION_NUMBER 0x02100800
+#define MBEDTLS_VERSION_STRING "2.16.8"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.8"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 63aae32..5bb9b00 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -4,8 +4,14 @@
* \brief X.509 generic defines and structures
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index fa838d6..2ade47c 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -4,8 +4,14 @@
* \brief X.509 certificate revocation list parsing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 670bd10..c38e0c0 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -4,8 +4,14 @@
* \brief X.509 certificate parsing and writing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index a3c2804..5dfb421 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -4,8 +4,14 @@
* \brief X.509 certificate signing request parsing and writing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index b47f553..cd6d375 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -4,8 +4,14 @@
* \brief XTEA block cipher (32-bit)
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -19,7 +25,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 93ce7b8..beec785 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -165,15 +165,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.6 SOVERSION 3)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.8 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.16.6 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.16.8 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.16.6 SOVERSION 12)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.16.8 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/aes.c b/library/aes.c
index 2e5c302..da0e5b6 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1,8 +1,14 @@
/*
* FIPS-197 compliant AES implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -871,63 +896,56 @@
unsigned char output[16] )
{
int i;
- uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+ uint32_t *RK = ctx->rk;
+ struct
+ {
+ uint32_t X[4];
+ uint32_t Y[4];
+ } t;
- RK = ctx->rk;
-
- GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
- GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
- GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
- GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
+ GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
+ GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
+ GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
+ GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
- AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
- AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+ AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+ AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
}
- AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+ AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
- X0 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+ t.X[0] = *RK++ ^ \
+ ( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
- X1 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+ t.X[1] = *RK++ ^ \
+ ( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
- X2 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+ t.X[2] = *RK++ ^ \
+ ( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
- X3 = *RK++ ^ \
- ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
- ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+ t.X[3] = *RK++ ^ \
+ ( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^
+ ( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
- PUT_UINT32_LE( X0, output, 0 );
- PUT_UINT32_LE( X1, output, 4 );
- PUT_UINT32_LE( X2, output, 8 );
- PUT_UINT32_LE( X3, output, 12 );
+ PUT_UINT32_LE( t.X[0], output, 0 );
+ PUT_UINT32_LE( t.X[1], output, 4 );
+ PUT_UINT32_LE( t.X[2], output, 8 );
+ PUT_UINT32_LE( t.X[3], output, 12 );
- mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
- mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
- mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
- mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
-
- mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) );
- mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) );
- mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) );
- mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) );
-
- mbedtls_platform_zeroize( &RK, sizeof( RK ) );
+ mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 );
}
@@ -951,63 +969,56 @@
unsigned char output[16] )
{
int i;
- uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+ uint32_t *RK = ctx->rk;
+ struct
+ {
+ uint32_t X[4];
+ uint32_t Y[4];
+ } t;
- RK = ctx->rk;
-
- GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
- GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
- GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
- GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
+ GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
+ GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
+ GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
+ GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
- AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
- AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+ AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+ AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
}
- AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+ AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
- X0 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+ t.X[0] = *RK++ ^ \
+ ( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
- X1 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+ t.X[1] = *RK++ ^ \
+ ( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
- X2 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+ t.X[2] = *RK++ ^ \
+ ( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
- X3 = *RK++ ^ \
- ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
- ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
- ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
- ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+ t.X[3] = *RK++ ^ \
+ ( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^
+ ( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
+ ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
+ ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
- PUT_UINT32_LE( X0, output, 0 );
- PUT_UINT32_LE( X1, output, 4 );
- PUT_UINT32_LE( X2, output, 8 );
- PUT_UINT32_LE( X3, output, 12 );
+ PUT_UINT32_LE( t.X[0], output, 0 );
+ PUT_UINT32_LE( t.X[1], output, 4 );
+ PUT_UINT32_LE( t.X[2], output, 8 );
+ PUT_UINT32_LE( t.X[3], output, 12 );
- mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
- mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
- mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
- mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
-
- mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) );
- mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) );
- mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) );
- mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) );
-
- mbedtls_platform_zeroize( &RK, sizeof( RK ) );
+ mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 );
}
diff --git a/library/aesni.c b/library/aesni.c
index 062708b..358d4ad 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -1,8 +1,14 @@
/*
* AES-NI support functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/arc4.c b/library/arc4.c
index b8998ac..6729bab 100644
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -1,8 +1,14 @@
/*
* An implementation of the ARCFOUR algorithm
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The ARCFOUR algorithm was publicly disclosed on 94/09.
diff --git a/library/aria.c b/library/aria.c
index aff66d6..ef0392f 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -1,8 +1,14 @@
/*
* ARIA implementation
*
- * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/asn1parse.c b/library/asn1parse.c
index 171c340..10239fd 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -1,8 +1,14 @@
/*
* Generic ASN.1 parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/asn1write.c b/library/asn1write.c
index c0b4622..d94d0a7 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -1,8 +1,14 @@
/*
* ASN.1 buffer writing functionality
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/base64.c b/library/base64.c
index f06b57b..bfafb05 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -1,8 +1,14 @@
/*
* RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/bignum.c b/library/bignum.c
index 87ccf42..6d0a67c 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1,8 +1,14 @@
/*
* Multi-precision integer library
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
@@ -243,6 +268,22 @@
}
/*
+ * Conditionally assign dest = src, without leaking information
+ * about whether the assignment was made or not.
+ * dest and src must be arrays of limbs of size n.
+ * assign must be 0 or 1.
+ */
+static void mpi_safe_cond_assign( size_t n,
+ mbedtls_mpi_uint *dest,
+ const mbedtls_mpi_uint *src,
+ unsigned char assign )
+{
+ size_t i;
+ for( i = 0; i < n; i++ )
+ dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign;
+}
+
+/*
* Conditionally assign X = Y, without leaking information
* about whether the assignment was made or not.
* (Leaking information about the respective sizes of X and Y is ok however.)
@@ -261,10 +302,9 @@
X->s = X->s * ( 1 - assign ) + Y->s * assign;
- for( i = 0; i < Y->n; i++ )
- X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
+ mpi_safe_cond_assign( Y->n, X->p, Y->p, assign );
- for( ; i < X->n; i++ )
+ for( i = Y->n; i < X->n; i++ )
X->p[i] *= ( 1 - assign );
cleanup:
@@ -1249,10 +1289,24 @@
return( ret );
}
-/*
- * Helper for mbedtls_mpi subtraction
+/**
+ * Helper for mbedtls_mpi subtraction.
+ *
+ * Calculate d - s where d and s have the same size.
+ * This function operates modulo (2^ciL)^n and returns the carry
+ * (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise).
+ *
+ * \param n Number of limbs of \p d and \p s.
+ * \param[in,out] d On input, the left operand.
+ * On output, the result of the subtraction:
+ * \param[in] s The right operand.
+ *
+ * \return 1 if `d < s`.
+ * 0 if `d >= s`.
*/
-static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
+static mbedtls_mpi_uint mpi_sub_hlp( size_t n,
+ mbedtls_mpi_uint *d,
+ const mbedtls_mpi_uint *s )
{
size_t i;
mbedtls_mpi_uint c, z;
@@ -1263,28 +1317,22 @@
c = ( *d < *s ) + z; *d -= *s;
}
- while( c != 0 )
- {
- z = ( *d < c ); *d -= c;
- c = z; d++;
- }
+ return( c );
}
/*
- * Unsigned subtraction: X = |A| - |B| (HAC 14.9)
+ * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10)
*/
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
mbedtls_mpi TB;
int ret;
size_t n;
+ mbedtls_mpi_uint carry;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
- if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
- return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
mbedtls_mpi_init( &TB );
if( X == B )
@@ -1307,7 +1355,18 @@
if( B->p[n - 1] != 0 )
break;
- mpi_sub_hlp( n, B->p, X->p );
+ carry = mpi_sub_hlp( n, X->p, B->p );
+ if( carry != 0 )
+ {
+ /* Propagate the carry to the first nonzero limb of X. */
+ for( ; n < X->n && X->p[n] == 0; n++ )
+ --X->p[n];
+ /* If we ran out of space for the carry, it means that the result
+ * is negative. */
+ if( n == X->n )
+ return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+ --X->p[n];
+ }
cleanup:
@@ -1887,18 +1946,34 @@
*mm = ~x + 1;
}
-/*
- * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
+/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
+ *
+ * \param[in,out] A One of the numbers to multiply.
+ * It must have at least as many limbs as N
+ * (A->n >= N->n), and any limbs beyond n are ignored.
+ * On successful completion, A contains the result of
+ * the multiplication A * B * R^-1 mod N where
+ * R = (2^ciL)^n.
+ * \param[in] B One of the numbers to multiply.
+ * It must be nonzero and must not have more limbs than N
+ * (B->n <= N->n).
+ * \param[in] N The modulo. N must be odd.
+ * \param mm The value calculated by `mpi_montg_init(&mm, N)`.
+ * This is -N^-1 mod 2^ciL.
+ * \param[in,out] T A bignum for temporary storage.
+ * It must be at least twice the limb size of N plus 2
+ * (T->n >= 2 * (N->n + 1)).
+ * Its initial content is unused and
+ * its final content is indeterminate.
+ * Note that unlike the usual convention in the library
+ * for `const mbedtls_mpi*`, the content of T can change.
*/
-static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T )
{
size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d;
- if( T->n < N->n + 1 || T->p == NULL )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
memset( T->p, 0, T->n * ciL );
d = T->p;
@@ -1919,22 +1994,34 @@
*d++ = u0; d[n + 1] = 0;
}
- memcpy( A->p, d, ( n + 1 ) * ciL );
+ /* At this point, d is either the desired result or the desired result
+ * plus N. We now potentially subtract N, avoiding leaking whether the
+ * subtraction is performed through side channels. */
- if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
- mpi_sub_hlp( n, N->p, A->p );
- else
- /* prevent timing attacks */
- mpi_sub_hlp( n, A->p, T->p );
-
- return( 0 );
+ /* Copy the n least significant limbs of d to A, so that
+ * A = d if d < N (recall that N has n limbs). */
+ memcpy( A->p, d, n * ciL );
+ /* If d >= N then we want to set A to d - N. To prevent timing attacks,
+ * do the calculation without using conditional tests. */
+ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */
+ d[n] += 1;
+ d[n] -= mpi_sub_hlp( n, d, N->p );
+ /* If d0 < N then d < (2^biL)^n
+ * so d[n] == 0 and we want to keep A as it is.
+ * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n
+ * so d[n] == 1 and we want to set A to the result of the subtraction
+ * which is d - (2^biL)^n, i.e. the n least significant limbs of d.
+ * This exactly corresponds to a conditional assignment. */
+ mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] );
}
/*
* Montgomery reduction: A = A * R^-1 mod N
+ *
+ * See mpi_montmul() regarding constraints and guarantees on the parameters.
*/
-static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
- mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{
mbedtls_mpi_uint z = 1;
mbedtls_mpi U;
@@ -1942,7 +2029,7 @@
U.n = U.s = (int) z;
U.p = &z;
- return( mpi_montmul( A, &U, N, mm, T ) );
+ mpi_montmul( A, &U, N, mm, T );
}
/*
@@ -1957,7 +2044,7 @@
size_t i, j, nblimbs;
size_t bufsize, nbits;
mbedtls_mpi_uint ei, mm, state;
- mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
+ mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
int neg;
MPI_VALIDATE_RET( X != NULL );
@@ -2028,13 +2115,13 @@
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
- MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
+ mpi_montmul( &W[1], &RR, N, mm, &T );
/*
* X = R^2 * R^-1 mod N = R mod N
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
- MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
+ mpi_montred( X, N, mm, &T );
if( wsize > 1 )
{
@@ -2047,7 +2134,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ )
- MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
+ mpi_montmul( &W[j], &W[j], N, mm, &T );
/*
* W[i] = W[i - 1] * W[1]
@@ -2057,7 +2144,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
- MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
+ mpi_montmul( &W[i], &W[1], N, mm, &T );
}
}
@@ -2094,7 +2181,7 @@
/*
* out of window, square X
*/
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
+ mpi_montmul( X, X, N, mm, &T );
continue;
}
@@ -2112,12 +2199,12 @@
* X = X^wsize R^-1 mod N
*/
for( i = 0; i < wsize; i++ )
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
+ mpi_montmul( X, X, N, mm, &T );
/*
* X = X * W[wbits] R^-1 mod N
*/
- MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
+ mpi_montmul( X, &W[wbits], N, mm, &T );
state--;
nbits = 0;
@@ -2130,18 +2217,18 @@
*/
for( i = 0; i < nbits; i++ )
{
- MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
+ mpi_montmul( X, X, N, mm, &T );
wbits <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 )
- MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
+ mpi_montmul( X, &W[1], N, mm, &T );
}
/*
* X = A^E * R * R^-1 mod N = A^E mod N
*/
- MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
+ mpi_montred( X, N, mm, &T );
if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
{
diff --git a/library/blowfish.c b/library/blowfish.c
index cbf9238..a3f9be9 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -1,8 +1,14 @@
/*
* Blowfish implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The Blowfish block cipher was designed by Bruce Schneier in 1993.
diff --git a/library/camellia.c b/library/camellia.c
index 22262b8..40d6212 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -1,8 +1,14 @@
/*
* Camellia implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The Camellia block cipher was designed by NTT and Mitsubishi Electric
diff --git a/library/ccm.c b/library/ccm.c
index c6211ee..b2e5a47 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -1,8 +1,14 @@
/*
* NIST SP800-38C compliant CCM implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/certs.c b/library/certs.c
index 80ab0b9..cb43f53 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -1,8 +1,14 @@
/*
* X.509 test certificates
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/chacha20.c b/library/chacha20.c
index 8a3610f..80fe50c 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -5,8 +5,14 @@
*
* \author Daniel King <damaki.gh@gmail.com>
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/chachapoly.c b/library/chachapoly.c
index dc643dd..c8b5bba 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -3,8 +3,14 @@
*
* \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -18,7 +24,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/cipher.c b/library/cipher.c
index 8d010b5..57da0b9 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -5,8 +5,14 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 6dd8c5d..5973ca6 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -5,8 +5,14 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -754,7 +779,7 @@
MBEDTLS_MODE_ECB,
128,
"CAMELLIA-128-ECB",
- 16,
+ 0,
0,
16,
&camellia_info
@@ -765,7 +790,7 @@
MBEDTLS_MODE_ECB,
192,
"CAMELLIA-192-ECB",
- 16,
+ 0,
0,
16,
&camellia_info
@@ -776,7 +801,7 @@
MBEDTLS_MODE_ECB,
256,
"CAMELLIA-256-ECB",
- 16,
+ 0,
0,
16,
&camellia_info
@@ -1130,7 +1155,7 @@
MBEDTLS_MODE_ECB,
128,
"ARIA-128-ECB",
- 16,
+ 0,
0,
16,
&aria_info
@@ -1141,7 +1166,7 @@
MBEDTLS_MODE_ECB,
192,
"ARIA-192-ECB",
- 16,
+ 0,
0,
16,
&aria_info
@@ -1152,7 +1177,7 @@
MBEDTLS_MODE_ECB,
256,
"ARIA-256-ECB",
- 16,
+ 0,
0,
16,
&aria_info
@@ -1554,7 +1579,7 @@
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES,
"DES-ECB",
- 8,
+ 0,
0,
8,
&des_info
@@ -1605,7 +1630,7 @@
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES_EDE,
"DES-EDE-ECB",
- 8,
+ 0,
0,
8,
&des_ede_info
@@ -1656,7 +1681,7 @@
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES_EDE3,
"DES-EDE3-ECB",
- 8,
+ 0,
0,
8,
&des_ede3_info
@@ -1771,7 +1796,7 @@
MBEDTLS_MODE_ECB,
128,
"BLOWFISH-ECB",
- 8,
+ 0,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
diff --git a/library/cmac.c b/library/cmac.c
index 5d101e1..1a1200b 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -3,8 +3,14 @@
*
* \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -18,7 +24,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index ad0a193..b98df29 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -1,8 +1,14 @@
/*
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The NIST SP 800-90 DRBGs are described in the following publication.
diff --git a/library/debug.c b/library/debug.c
index 36510cd..5f06d0d 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -1,8 +1,14 @@
/*
* Debugging routines
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/des.c b/library/des.c
index 8a33d82..623165d 100644
--- a/library/des.c
+++ b/library/des.c
@@ -1,8 +1,14 @@
/*
* FIPS-46-3 compliant Triple-DES implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* DES, on which TDES is based, was originally designed by Horst Feistel
diff --git a/library/dhm.c b/library/dhm.c
index 8255632..d652cf0 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -1,8 +1,14 @@
/*
* Diffie-Hellman-Merkle key exchange
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The following sources were referenced in the design of this implementation
@@ -324,6 +349,32 @@
}
/*
+ * Pick a random R in the range [2, M) for blinding purposes
+ */
+static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret, count;
+
+ count = 0;
+ do
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
+
+ while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
+
+ if( count++ > 10 )
+ return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ }
+ while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
+
+cleanup:
+ return( ret );
+}
+
+
+/*
* Use the blinding method and optimisation suggested in section 10 of:
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
* DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
@@ -332,7 +383,10 @@
static int dhm_update_blinding( mbedtls_dhm_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret, count;
+ int ret;
+ mbedtls_mpi R;
+
+ mbedtls_mpi_init( &R );
/*
* Don't use any blinding the first time a particular X is used,
@@ -367,24 +421,23 @@
*/
/* Vi = random( 2, P-1 ) */
- count = 0;
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
- while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
+ /* Vf = Vi^-X mod P
+ * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod),
+ * then elevate to the Xth power. */
+ MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
- if( count++ > 10 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
- }
- while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
-
- /* Vf = Vi^-X mod P */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
cleanup:
+ mbedtls_mpi_free( &R );
+
return( ret );
}
diff --git a/library/ecdh.c b/library/ecdh.c
index c572687..8c27e4e 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -1,8 +1,14 @@
/*
* Elliptic curve Diffie-Hellman
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 6b72e0d..da8df9c 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -1,8 +1,14 @@
/*
* Elliptic curve DSA
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 1845c93..f6e2458 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -1,8 +1,14 @@
/*
* Elliptic curve J-PAKE
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/ecp.c b/library/ecp.c
index 725e176..fe41b41 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1,8 +1,14 @@
/*
* Elliptic curves over GF(p): generic functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
@@ -104,6 +129,20 @@
#include "mbedtls/ecp_internal.h"
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+#if defined(MBEDTLS_HMAC_DRBG_C)
+#include "mbedtls/hmac_drbg.h"
+#elif defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/ctr_drbg.h"
+#elif defined(MBEDTLS_SHA512_C)
+#include "mbedtls/sha512.h"
+#elif defined(MBEDTLS_SHA256_C)
+#include "mbedtls/sha256.h"
+#else
+#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
+#endif
+#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -117,6 +156,233 @@
static unsigned long add_count, dbl_count, mul_count;
#endif
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+/*
+ * Currently ecp_mul() takes a RNG function as an argument, used for
+ * side-channel protection, but it can be NULL. The initial reasoning was
+ * that people will pass non-NULL RNG when they care about side-channels, but
+ * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with
+ * no opportunity for the user to do anything about it.
+ *
+ * The obvious strategies for addressing that include:
+ * - change those APIs so that they take RNG arguments;
+ * - require a global RNG to be available to all crypto modules.
+ *
+ * Unfortunately those would break compatibility. So what we do instead is
+ * have our own internal DRBG instance, seeded from the secret scalar.
+ *
+ * The following is a light-weight abstraction layer for doing that with
+ * HMAC_DRBG (first choice) or CTR_DRBG.
+ */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+
+/* DRBG context type */
+typedef mbedtls_hmac_drbg_context ecp_drbg_context;
+
+/* DRBG context init */
+static inline void ecp_drbg_init( ecp_drbg_context *ctx )
+{
+ mbedtls_hmac_drbg_init( ctx );
+}
+
+/* DRBG context free */
+static inline void ecp_drbg_free( ecp_drbg_context *ctx )
+{
+ mbedtls_hmac_drbg_free( ctx );
+}
+
+/* DRBG function */
+static inline int ecp_drbg_random( void *p_rng,
+ unsigned char *output, size_t output_len )
+{
+ return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
+}
+
+/* DRBG context seeding */
+static int ecp_drbg_seed( ecp_drbg_context *ctx,
+ const mbedtls_mpi *secret, size_t secret_len )
+{
+ int ret;
+ unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
+ /* The list starts with strong hashes */
+ const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
+ secret_bytes, secret_len ) );
+
+ ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
+
+cleanup:
+ mbedtls_platform_zeroize( secret_bytes, secret_len );
+
+ return( ret );
+}
+
+#elif defined(MBEDTLS_CTR_DRBG_C)
+
+/* DRBG context type */
+typedef mbedtls_ctr_drbg_context ecp_drbg_context;
+
+/* DRBG context init */
+static inline void ecp_drbg_init( ecp_drbg_context *ctx )
+{
+ mbedtls_ctr_drbg_init( ctx );
+}
+
+/* DRBG context free */
+static inline void ecp_drbg_free( ecp_drbg_context *ctx )
+{
+ mbedtls_ctr_drbg_free( ctx );
+}
+
+/* DRBG function */
+static inline int ecp_drbg_random( void *p_rng,
+ unsigned char *output, size_t output_len )
+{
+ return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
+}
+
+/*
+ * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does,
+ * we need to pass an entropy function when seeding. So we use a dummy
+ * function for that, and pass the actual entropy as customisation string.
+ * (During seeding of CTR_DRBG the entropy input and customisation string are
+ * concatenated before being used to update the secret state.)
+ */
+static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len)
+{
+ (void) ctx;
+ memset( out, 0, len );
+ return( 0 );
+}
+
+/* DRBG context seeding */
+static int ecp_drbg_seed( ecp_drbg_context *ctx,
+ const mbedtls_mpi *secret, size_t secret_len )
+{
+ int ret;
+ unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
+ secret_bytes, secret_len ) );
+
+ ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
+ secret_bytes, secret_len );
+
+cleanup:
+ mbedtls_platform_zeroize( secret_bytes, secret_len );
+
+ return( ret );
+}
+
+#elif defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA256_C)
+
+/* This will be used in the self-test function */
+#define ECP_ONE_STEP_KDF
+
+/*
+ * We need to expand secret data (the scalar) into a longer stream of bytes.
+ *
+ * We'll use the One-Step KDF from NIST SP 800-56C, with option 1 (H is a hash
+ * function) and empty FixedInfo. (Though we'll make it fit the DRBG API for
+ * convenience, this is not a full-fledged DRBG, but we don't need one here.)
+ *
+ * We need a basic hash abstraction layer to use whatever SHA-2 is available.
+ */
+#if defined(MBEDTLS_SHA512_C)
+
+#define HASH_FUNC( in, ilen, out ) mbedtls_sha512_ret( in, ilen, out, 0 );
+#define HASH_BLOCK_BYTES ( 512 / 8 )
+
+#elif defined(MBEDTLS_SHA256_C)
+
+#define HASH_FUNC( in, ilen, out ) mbedtls_sha256_ret( in, ilen, out, 0 );
+#define HASH_BLOCK_BYTES ( 256 / 8 )
+
+#endif /* SHA512/SHA256 abstraction */
+
+/*
+ * State consists of a 32-bit counter plus the secret value.
+ *
+ * We stored them concatenated in a single buffer as that's what will get
+ * passed to the hash function.
+ */
+typedef struct {
+ size_t total_len;
+ uint8_t buf[4 + MBEDTLS_ECP_MAX_BYTES];
+} ecp_drbg_context;
+
+static void ecp_drbg_init( ecp_drbg_context *ctx )
+{
+ memset( ctx, 0, sizeof( ecp_drbg_context ) );
+}
+
+static void ecp_drbg_free( ecp_drbg_context *ctx )
+{
+ mbedtls_platform_zeroize( ctx, sizeof( ecp_drbg_context ) );
+}
+
+static int ecp_drbg_seed( ecp_drbg_context *ctx,
+ const mbedtls_mpi *secret, size_t secret_len )
+{
+ ctx->total_len = 4 + secret_len;
+ memset( ctx->buf, 0, 4);
+ return( mbedtls_mpi_write_binary( secret, ctx->buf + 4, secret_len ) );
+}
+
+static int ecp_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ ecp_drbg_context *ctx = p_rng;
+ int ret;
+ size_t len_done = 0;
+ uint8_t tmp[HASH_BLOCK_BYTES];
+
+ while( len_done < output_len )
+ {
+ uint8_t use_len;
+
+ /* This function is only called for coordinate randomisation, which
+ * happens only twice in a scalar multiplication. Each time needs a
+ * random value in the range [2, p-1], and gets it by drawing len(p)
+ * bytes from this function, and retrying up to 10 times if unlucky.
+ *
+ * So for the largest curve, each scalar multiplication draws at most
+ * 20 * 66 bytes. The minimum block size is 32 (SHA-256), so with
+ * rounding that means a most 20 * 3 blocks.
+ *
+ * Since we don't need to draw more that 255 blocks, don't bother
+ * with carry propagation and just return an error instead. We can
+ * change that it we even need to draw more blinding values.
+ */
+ ctx->buf[3] += 1;
+ if( ctx->buf[3] == 0 )
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+
+ ret = HASH_FUNC( ctx->buf, ctx->total_len, tmp );
+ if( ret != 0 )
+ return( ret );
+
+ if( output_len - len_done > HASH_BLOCK_BYTES )
+ use_len = HASH_BLOCK_BYTES;
+ else
+ use_len = output_len - len_done;
+
+ memcpy( output + len_done, tmp, use_len );
+ len_done += use_len;
+ }
+
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+
+ return( 0 );
+}
+
+#else /* DRBG/SHA modules */
+#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
+#endif /* DRBG/SHA modules */
+#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Maximum number of "basic operations" to be done in a row.
@@ -164,6 +430,10 @@
ecp_rsm_comb_core, /* ecp_mul_comb_core() */
ecp_rsm_final_norm, /* do the final normalization */
} state;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_context drbg_ctx;
+ unsigned char drbg_seeded;
+#endif
};
/*
@@ -176,6 +446,10 @@
ctx->T = NULL;
ctx->T_size = 0;
ctx->state = ecp_rsm_init;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_init( &ctx->drbg_ctx );
+ ctx->drbg_seeded = 0;
+#endif
}
/*
@@ -197,6 +471,10 @@
mbedtls_free( ctx->T );
}
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_free( &ctx->drbg_ctx );
+#endif
+
ecp_restart_rsm_init( ctx );
}
@@ -1466,7 +1744,10 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ {
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+ goto cleanup;
+ }
}
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
@@ -1816,7 +2097,9 @@
i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
+#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
}
@@ -1937,6 +2220,7 @@
rs_ctx->rsm->state = ecp_rsm_final_norm;
final_norm:
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
#endif
/*
* Knowledge of the jacobian coordinates may leak the last few bits of the
@@ -1949,10 +2233,11 @@
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
+#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -2021,11 +2306,44 @@
int ret;
unsigned char w, p_eq_g, i;
size_t d;
- unsigned char T_size, T_ok;
- mbedtls_ecp_point *T;
+ unsigned char T_size = 0, T_ok = 0;
+ mbedtls_ecp_point *T = NULL;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_context drbg_ctx;
+
+ ecp_drbg_init( &drbg_ctx );
+#endif
ECP_RS_ENTER( rsm );
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ if( f_rng == NULL )
+ {
+ /* Adjust pointers */
+ f_rng = &ecp_drbg_random;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ p_rng = &rs_ctx->rsm->drbg_ctx;
+ else
+#endif
+ p_rng = &drbg_ctx;
+
+ /* Initialize internal DRBG if necessary */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
+ rs_ctx->rsm->drbg_seeded == 0 )
+#endif
+ {
+ const size_t m_len = ( grp->nbits + 7 ) / 8;
+ MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) );
+ }
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ rs_ctx->rsm->drbg_seeded = 1;
+#endif
+ }
+#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
+
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
@@ -2097,6 +2415,10 @@
cleanup:
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_free( &drbg_ctx );
+#endif
+
/* does T belong to the group? */
if( T == grp->T )
T = NULL;
@@ -2198,7 +2520,10 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ {
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+ goto cleanup;
+ }
}
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
@@ -2284,9 +2609,23 @@
unsigned char b;
mbedtls_ecp_point RP;
mbedtls_mpi PX;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_context drbg_ctx;
+ ecp_drbg_init( &drbg_ctx );
+#endif
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ if( f_rng == NULL )
+ {
+ const size_t m_len = ( grp->nbits + 7 ) / 8;
+ MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) );
+ f_rng = &ecp_drbg_random;
+ p_rng = &drbg_ctx;
+ }
+#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
+
/* Save PX and read from P before writing to R, in case P == R */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
@@ -2300,7 +2639,9 @@
MOD_ADD( RP.X );
/* Randomize coordinates of the starting point */
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
+#endif
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */
@@ -2333,12 +2674,18 @@
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
+#endif
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup:
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_free( &drbg_ctx );
+#endif
+
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
return( ret );
@@ -2893,6 +3240,76 @@
#if defined(MBEDTLS_SELF_TEST)
+#if defined(ECP_ONE_STEP_KDF)
+/*
+ * There are no test vectors from NIST for the One-Step KDF in SP 800-56C,
+ * but unofficial ones can be found at:
+ * https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors
+ *
+ * We only use the ones with empty fixedInfo, and for brevity's sake, only
+ * 40-bytes output (with SHA-256 that's more than one block, and with SHA-512
+ * less than one block).
+ */
+#if defined(MBEDTLS_SHA512_C)
+
+static const uint8_t test_kdf_z[16] = {
+ 0x3b, 0xa9, 0x79, 0xe9, 0xbc, 0x5e, 0x3e, 0xc7,
+ 0x61, 0x30, 0x36, 0xb6, 0xf5, 0x1c, 0xd5, 0xaa,
+};
+static const uint8_t test_kdf_out[40] = {
+ 0x3e, 0xf6, 0xda, 0xf9, 0x51, 0x60, 0x70, 0x5f,
+ 0xdf, 0x21, 0xcd, 0xab, 0xac, 0x25, 0x7b, 0x05,
+ 0xfe, 0xc1, 0xab, 0x7c, 0xc9, 0x68, 0x43, 0x25,
+ 0x8a, 0xfc, 0x40, 0x6e, 0x5b, 0xf7, 0x98, 0x27,
+ 0x10, 0xfa, 0x7b, 0x93, 0x52, 0xd4, 0x16, 0xaa,
+};
+
+#elif defined(MBEDTLS_SHA256_C)
+
+static const uint8_t test_kdf_z[16] = {
+ 0xc8, 0x3e, 0x35, 0x8e, 0x99, 0xa6, 0x89, 0xc6,
+ 0x7d, 0xb4, 0xfe, 0x39, 0xcf, 0x8f, 0x26, 0xe1,
+};
+static const uint8_t test_kdf_out[40] = {
+ 0x7d, 0xf6, 0x41, 0xf8, 0x3c, 0x47, 0xdc, 0x28,
+ 0x5f, 0x7f, 0xaa, 0xde, 0x05, 0x64, 0xd6, 0x25,
+ 0x00, 0x6a, 0x47, 0xd9, 0x1e, 0xa4, 0xa0, 0x8c,
+ 0xd7, 0xf7, 0x0c, 0x99, 0xaa, 0xa0, 0x72, 0x66,
+ 0x69, 0x0e, 0x25, 0xaa, 0xa1, 0x63, 0x14, 0x79,
+};
+
+#endif
+
+static int ecp_kdf_self_test( void )
+{
+ int ret;
+ ecp_drbg_context kdf_ctx;
+ mbedtls_mpi scalar;
+ uint8_t out[sizeof( test_kdf_out )];
+
+ ecp_drbg_init( &kdf_ctx );
+ mbedtls_mpi_init( &scalar );
+ memset( out, 0, sizeof( out ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &scalar,
+ test_kdf_z, sizeof( test_kdf_z ) ) );
+
+ MBEDTLS_MPI_CHK( ecp_drbg_seed( &kdf_ctx,
+ &scalar, sizeof( test_kdf_z ) ) );
+
+ MBEDTLS_MPI_CHK( ecp_drbg_random( &kdf_ctx, out, sizeof( out ) ) );
+
+ if( memcmp( out, test_kdf_out, sizeof( out ) ) != 0 )
+ ret = -1;
+
+cleanup:
+ ecp_drbg_free( &kdf_ctx );
+ mbedtls_mpi_free( &scalar );
+
+ return( ret );
+}
+#endif /* ECP_ONE_STEP_KDF */
+
/*
* Checkup routine
*/
@@ -3004,6 +3421,24 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+#if defined(ECP_ONE_STEP_KDF)
+ if( verbose != 0 )
+ mbedtls_printf( " ECP test #3 (internal KDF): " );
+
+ ret = ecp_kdf_self_test();
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ mbedtls_printf( "failed\n" );
+
+ ret = 1;
+ goto cleanup;
+ }
+
+ if( verbose != 0 )
+ mbedtls_printf( "passed\n" );
+#endif /* ECP_ONE_STEP_KDF */
+
cleanup:
if( ret < 0 && verbose != 0 )
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 282481d..cc4c5b7 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1,8 +1,14 @@
/*
* Elliptic curves over GF(p): curve-specific data and functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/entropy.c b/library/entropy.c
index f8db1a5..666c556 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -1,8 +1,14 @@
/*
* Entropy accumulator implementation
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 4556f88..d7062ea 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -1,8 +1,14 @@
/*
* Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,10 +22,29 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
-#if defined(__linux__)
+#if defined(__linux__) && !defined(_GNU_SOURCE)
/* Ensure that syscall() is available even when compiling with -std=c99 */
#define _GNU_SOURCE
#endif
diff --git a/library/error.c b/library/error.c
index c596f0b..eb52052 100644
--- a/library/error.c
+++ b/library/error.c
@@ -1,8 +1,14 @@
/*
* Error message information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -53,6 +78,10 @@
#include "mbedtls/aria.h"
#endif
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
#endif
@@ -525,6 +554,8 @@
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_BAD_CONFIG) )
+ mbedtls_snprintf( buf, buflen, "SSL - Invalid value in SSL config" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
diff --git a/library/gcm.c b/library/gcm.c
index 675926a..2afe502 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -1,8 +1,14 @@
/*
* NIST SP800-38D compliant GCM implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/havege.c b/library/havege.c
index c139e1d..5e91f40 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -1,8 +1,14 @@
/**
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The HAVEGE RNG was designed by Andre Seznec in 2002.
diff --git a/library/hkdf.c b/library/hkdf.c
index 82d8a42..4a8bdfb 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -1,8 +1,14 @@
/*
* HKDF implementation -- RFC 5869
*
- * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 284c9b4..9fbfc30 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -1,8 +1,14 @@
/*
* HMAC_DRBG implementation (NIST SP 800-90)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/md.c b/library/md.c
index 303cdcb..867b914 100644
--- a/library/md.c
+++ b/library/md.c
@@ -5,8 +5,14 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/md2.c b/library/md2.c
index 1c0b3df..cbdaaab 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -1,8 +1,14 @@
/*
* RFC 1115/1319 compliant MD2 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The MD2 algorithm was designed by Ron Rivest in 1989.
diff --git a/library/md4.c b/library/md4.c
index 828fd42..cb16dce 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -1,8 +1,14 @@
/*
* RFC 1186/1320 compliant MD4 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The MD4 algorithm was designed by Ron Rivest in 1990.
diff --git a/library/md5.c b/library/md5.c
index a93da8a..fe25925 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -1,8 +1,14 @@
/*
* RFC 1321 compliant MD5 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The MD5 algorithm was designed by Ron Rivest in 1991.
diff --git a/library/md_wrap.c b/library/md_wrap.c
index 32f0871..7459db2 100644
--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -5,8 +5,14 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 51ea7c4..915ec3a 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -1,8 +1,14 @@
/*
* Buffer-based memory allocator
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 5d538bf..1130408 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -1,8 +1,14 @@
/*
* TCP/IP or UDP/IP networking functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
@@ -24,6 +49,10 @@
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
+#if defined(__NetBSD__)
+#define _XOPEN_SOURCE 600 /* sockaddr_storage */
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -318,8 +347,9 @@
struct sockaddr_storage client_addr;
-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
- defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
+#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
+ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
+ ( defined(__NetBSD__) && defined(socklen_t) )
socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type );
#else
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 317a242..8341ff1 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -2,8 +2,14 @@
* Implementation of NIST SP 800-38F key wrapping, supporting KW and KWP modes
* only
*
- * Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* Definition of Key Wrapping:
diff --git a/library/oid.c b/library/oid.c
index 33f437c..2414083 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -3,8 +3,14 @@
*
* \brief Object Identifier (OID) database
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -18,7 +24,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/padlock.c b/library/padlock.c
index b85ff9c..afb7e0a 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -1,8 +1,14 @@
/*
* VIA PadLock support functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* This implementation is based on the VIA PadLock Programming Guide:
diff --git a/library/pem.c b/library/pem.c
index 897c8a0..a7a2f7f 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -1,8 +1,14 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/pk.c b/library/pk.c
index bac685d..81cfdbf 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -1,8 +1,14 @@
/*
* Public Key abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 87806be..2c27552 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1,8 +1,14 @@
/*
* Public Key abstraction layer: wrapper functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/pkcs11.c b/library/pkcs11.c
index 0ea6425..cf484b8 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -5,8 +5,14 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#include "mbedtls/pkcs11.h"
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 7edf064..3d23d5e 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -1,8 +1,14 @@
/*
* PKCS#12 Personal Information Exchange Syntax
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The PKCS #12 Personal Information Exchange Syntax Standard v1.1
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 5013343..8a80aa5 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -5,8 +5,14 @@
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -20,7 +26,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* PKCS#5 includes PBKDF2 and more
diff --git a/library/pkparse.c b/library/pkparse.c
index d500457..e410f3a 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1,8 +1,14 @@
/*
* Public Key layer for parsing key files and structures
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -667,7 +692,7 @@
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if( ret == 0 && *p != end )
- ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
+ ret = MBEDTLS_ERR_PK_INVALID_PUBKEY +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
if( ret != 0 )
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 03d14f2..150626c 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -1,8 +1,14 @@
/*
* Public Key layer for writing key files and structures
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/platform.c b/library/platform.c
index 73a6db9..c4c3fd3 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -1,8 +1,14 @@
/*
* Platform abstraction layer
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/platform_util.c b/library/platform_util.c
index b1f7450..3ba2aea 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -2,8 +2,14 @@
* Common and shared functions used by multiple modules in the Mbed TLS
* library.
*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/poly1305.c b/library/poly1305.c
index 2b56c5f..5b023f0 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -3,8 +3,14 @@
*
* \brief Poly1305 authentication algorithm.
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -18,7 +24,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 0791ae4..0b6efcb 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -1,8 +1,14 @@
/*
* RIPE MD-160 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/rsa.c b/library/rsa.c
index 09fd379..a25c633 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1,8 +1,14 @@
/*
* The RSA public-key cryptosystem
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
@@ -56,7 +81,7 @@
#include "mbedtls/md.h"
#endif
-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
+#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
#include <stdlib.h>
#endif
@@ -781,6 +806,9 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, count = 0;
+ mbedtls_mpi R;
+
+ mbedtls_mpi_init( &R );
if( ctx->Vf.p != NULL )
{
@@ -796,18 +824,40 @@
/* Unblinding value: Vf = random number, invertible mod N */
do {
if( count++ > 10 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED );
+ {
+ ret = MBEDTLS_ERR_RSA_RNG_FAILED;
+ goto cleanup;
+ }
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
- } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
- /* Blinding value: Vi = Vf^(-e) mod N */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+ /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+
+ /* At this point, Vi is invertible mod N if and only if both Vf and R
+ * are invertible mod N. If one of them isn't, we don't need to know
+ * which one, we just loop and choose new values for both of them.
+ * (Each iteration succeeds with overwhelming probability.) */
+ ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
+ if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ goto cleanup;
+
+ } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+ /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+
+ /* Blinding value: Vi = Vf^(-e) mod N
+ * (Vi already contains Vf^-1 at this point) */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
cleanup:
+ mbedtls_mpi_free( &R );
+
return( ret );
}
@@ -2563,7 +2613,7 @@
#if defined(MBEDTLS_PKCS1_V15)
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
-#if !defined(__OpenBSD__)
+#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
if( rng_state != NULL )
@@ -2576,7 +2626,7 @@
rng_state = NULL;
arc4random_buf( output, len );
-#endif /* !OpenBSD */
+#endif /* !OpenBSD && !NetBSD */
return( 0 );
}
diff --git a/library/rsa_internal.c b/library/rsa_internal.c
index 9a42d47..4d94ca6 100644
--- a/library/rsa_internal.c
+++ b/library/rsa_internal.c
@@ -1,8 +1,14 @@
/*
* Helper functions for the RSA module
*
- * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*
*/
diff --git a/library/sha1.c b/library/sha1.c
index 355c83d..8682abd 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -1,8 +1,14 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The SHA-1 standard was published by NIST in 1993.
diff --git a/library/sha256.c b/library/sha256.c
index 2dc0e1a..5169584 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -1,8 +1,14 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
diff --git a/library/sha512.c b/library/sha512.c
index bdd20b2..36d5d96 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -1,8 +1,14 @@
/*
* FIPS-180-2 compliant SHA-384/512 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 47867f1..1d2558a 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -1,8 +1,14 @@
/*
* SSL session cache implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* These session callbacks use a simple chained list
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 518f7dd..090040e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -3,8 +3,14 @@
*
* \brief SSL ciphersuites for mbed TLS
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -18,7 +24,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c5c3af6..bd7f281 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1,8 +1,14 @@
/*
* SSLv3/TLSv1 client-side functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -52,29 +77,26 @@
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t hostname_len;
*olen = 0;
if( ssl->hostname == NULL )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
- ssl->hostname ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding server name extension: %s",
+ ssl->hostname ) );
hostname_len = strlen( ssl->hostname );
- if( end < p || (size_t)( end - p ) < hostname_len + 9 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
/*
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
@@ -118,16 +140,18 @@
memcpy( p, ssl->hostname, hostname_len );
*olen = hostname_len + 9;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
@@ -135,21 +159,20 @@
* initial ClientHello, in which case also adding the renegotiation
* info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding renegotiation extension" ) );
- if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len );
/*
* Secure renegotiation
*/
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO )
+ & 0xFF );
*p++ = 0x00;
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
@@ -158,6 +181,8 @@
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
*olen = 5 + ssl->verify_data_len;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -166,14 +191,15 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t sig_alg_len = 0;
const int *md;
+
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
@@ -181,9 +207,13 @@
*olen = 0;
if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding signature_algorithms extension" ) );
+
+ if( ssl->conf->sig_hashes == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
@@ -193,13 +223,19 @@
#if defined(MBEDTLS_RSA_C)
sig_alg_len += 2;
#endif
+ if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "length in bytes of sig-hash-alg extension too big" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
}
- if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* Empty signature algorithms list, this is a configuration error. */
+ if( sig_alg_len == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
/*
* Prepare signature_algorithms extension (TLS 1.2)
@@ -245,75 +281,75 @@
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
*olen = 6 + sig_alg_len;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
-#else
- ((void) ssl);
-#endif
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding supported_elliptic_curves extension" ) );
-#if defined(MBEDTLS_ECP_C)
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
- for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
+ if( ssl->conf->curve_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( grp_id = ssl->conf->curve_list;
+ *grp_id != MBEDTLS_ECP_DP_NONE;
+ grp_id++ )
{
-#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
if( info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
- return;
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "invalid curve in ssl configuration" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
-
elliptic_curve_len += 2;
+
+ if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "malformed supported_elliptic_curves extension in config" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
}
- if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* Empty elliptic curve list, this is a configuration error. */
+ if( elliptic_curve_len == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
elliptic_curve_len = 0;
-#if defined(MBEDTLS_ECP_C)
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
- for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
+ for( grp_id = ssl->conf->curve_list;
+ *grp_id != MBEDTLS_ECP_DP_NONE;
+ grp_id++ )
{
-#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
- if( elliptic_curve_len == 0 )
- return;
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES )
+ & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
@@ -322,27 +358,28 @@
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
*olen = 6 + elliptic_curve_len;
+
+ return( 0 );
}
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+ (void) ssl; /* ssl used for debugging only */
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding supported_point_formats extension" ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- if( end < p || (size_t)( end - p ) < 6 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS )
+ & 0xFF );
*p++ = 0x00;
*p++ = 2;
@@ -351,33 +388,32 @@
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
*olen = 6;
+
+ return( 0 );
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
int ret;
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t kkpp_len;
*olen = 0;
/* Skip costly extension if we can't use EC J-PAKE anyway */
if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding ecjpake_kkpp extension" ) );
- if( end - p < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
@@ -393,19 +429,20 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
+ p + 2, end - p - 2, &kkpp_len,
+ ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
- return;
+ MBEDTLS_SSL_DEBUG_RET( 1 ,
+ "mbedtls_ecjpake_write_round_one", ret );
+ return( ret );
}
ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
if( ssl->handshake->ecjpake_cache == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
- return;
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
@@ -416,12 +453,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
kkpp_len = ssl->handshake->ecjpake_cache_len;
-
- if( (size_t)( end - p - 2 ) < kkpp_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len );
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
}
@@ -430,33 +462,33 @@
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
*olen = kkpp_len + 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
- if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
- return;
- }
+ if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding max_fragment_length extension" ) );
- if( end < p || (size_t)( end - p ) < 5 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH )
+ & 0xFF );
*p++ = 0x00;
*p++ = 1;
@@ -464,30 +496,28 @@
*p++ = ssl->conf->mfl_code;
*olen = 5;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding truncated_hmac extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
@@ -496,32 +526,29 @@
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
- "extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding encrypt_then_mac extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
@@ -530,65 +557,63 @@
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
- "extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding extended_master_secret extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET )
+ & 0xFF );
*p++ = 0x00;
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t tlen = ssl->session_negotiate->ticket_len;
*olen = 0;
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding session ticket extension" ) );
- if( end < p || (size_t)( end - p ) < 4 + tlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* The addition is safe here since the ticket length is 16 bit. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
@@ -599,44 +624,40 @@
*olen = 4;
if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "sending session ticket of length %d", tlen ) );
memcpy( p, ssl->session_negotiate->ticket, tlen );
*olen += tlen;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t alpnlen = 0;
const char **cur;
*olen = 0;
if( ssl->conf->alpn_list == NULL )
- {
- return;
- }
+ return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
+ alpnlen += strlen( *cur ) + 1;
- if( end < p || (size_t)( end - p ) < 6 + alpnlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
@@ -654,7 +675,11 @@
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{
- *p = (unsigned char)( strlen( *cur ) & 0xFF );
+ /*
+ * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
+ * protocol names is less than 255.
+ */
+ *p = (unsigned char)strlen( *cur );
memcpy( p + 1, *cur, *p );
p += 1 + *p;
}
@@ -668,6 +693,8 @@
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_ALPN */
@@ -724,9 +751,10 @@
*
* \return 0 if valid, else 1
*/
-static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info,
- const mbedtls_ssl_context * ssl,
- int min_minor_ver, int max_minor_ver )
+static int ssl_validate_ciphersuite(
+ const mbedtls_ssl_ciphersuite_t * suite_info,
+ const mbedtls_ssl_context * ssl,
+ int min_minor_ver, int max_minor_ver )
{
(void) ssl;
if( suite_info == NULL )
@@ -761,8 +789,11 @@
{
int ret;
size_t i, n, olen, ext_len = 0;
+
unsigned char *buf;
unsigned char *p, *q;
+ const unsigned char *end;
+
unsigned char offer_compress;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -789,23 +820,41 @@
if( ssl->conf->max_major_ver == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
- "consider using mbedtls_ssl_config_defaults()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+ buf = ssl->out_msg;
+ end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
/*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
+ * Check if there's enough space for the first part of the ClientHello
+ * consisting of the 38 bytes described below, the session identifier (at
+ * most 32 bytes) and its length (1 byte).
+ *
+ * Use static upper bounds instead of the actual values
+ * to allow the compiler to optimize this away.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );
+
+ /*
+ * The 38 first bytes of the ClientHello:
+ * 0 . 0 handshake type (written later)
+ * 1 . 3 handshake length (written later)
* 4 . 5 highest version supported
* 6 . 9 current UNIX time
* 10 . 37 random bytes
+ *
+ * The current UNIX time (4 bytes) and following 28 random bytes are written
+ * by ssl_generate_random() into ssl->handshake->randbytes buffer and then
+ * copied from there into the output buffer.
*/
- buf = ssl->out_msg;
- p = buf + 4;
- mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ p = buf + 4;
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
@@ -825,7 +874,7 @@
* 38 . 38 session id length
* 39 . 39+n session id
* 39+n . 39+n DTLS only: cookie length (1 byte)
- * 40+n . .. DTSL only: cookie
+ * 40+n . .. DTLS only: cookie
* .. . .. ciphersuitelist length (2 bytes)
* .. . .. ciphersuitelist
* .. . .. compression methods length (1 byte)
@@ -856,7 +905,8 @@
if( ssl->session_negotiate->ticket != NULL &&
ssl->session_negotiate->ticket_len != 0 )
{
- ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
+ ret = ssl->conf->f_rng( ssl->conf->p_rng,
+ ssl->session_negotiate->id, 32 );
if( ret != 0 )
return( ret );
@@ -866,6 +916,12 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ /*
+ * The first check of the output buffer size above (
+ * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );)
+ * has checked that there is enough space in the output buffer for the
+ * session identifier length byte and the session identifier (n <= 32).
+ */
*p++ = (unsigned char) n;
for( i = 0; i < n; i++ )
@@ -875,11 +931,26 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
/*
+ * With 'n' being the length of the session identifier
+ *
+ * 39+n . 39+n DTLS only: cookie length (1 byte)
+ * 40+n . .. DTLS only: cookie
+ * .. . .. ciphersuitelist length (2 bytes)
+ * .. . .. ciphersuitelist
+ * .. . .. compression methods length (1 byte)
+ * .. . .. compression methods
+ * .. . .. extensions length (2 bytes)
+ * .. . .. extensions
+ */
+
+ /*
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+
if( ssl->handshake->verify_cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
@@ -892,6 +963,9 @@
ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end,
+ ssl->handshake->verify_cookie_len );
memcpy( p, ssl->handshake->verify_cookie,
ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len;
@@ -907,6 +981,8 @@
/* Skip writing ciphersuite length for now */
n = 0;
q = p;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
p += 2;
for( i = 0; ciphersuites[i] != 0; i++ )
@@ -926,12 +1002,15 @@
uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
#endif
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+
n++;
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
*p++ = (unsigned char)( ciphersuites[i] );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -941,6 +1020,7 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
n++;
@@ -951,6 +1031,8 @@
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
n++;
@@ -981,8 +1063,10 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
- MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_COMPRESS_DEFLATE,
+ MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
*p++ = 2;
*p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
@@ -993,27 +1077,45 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = 1;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
}
- // First write extensions, then the total length
- //
+ /* First write extensions, then the total length */
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
- ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
@@ -1021,46 +1123,91 @@
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
- ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
+ return( ret );
+ }
ext_len += olen;
- ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
+ return( ret );
+ }
ext_len += olen;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ALPN)
- ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
@@ -1068,10 +1215,12 @@
((void) olen);
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
- ext_len ) );
+ ext_len ) );
if( ext_len > 0 )
{
+ /* No need to check for space here, because the extension
+ * writing functions already took care of that. */
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
@@ -1124,8 +1273,10 @@
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
}
@@ -1134,9 +1285,12 @@
{
if( len != 1 || buf[0] != 0x00 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-zero length renegotiation info" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1159,9 +1313,12 @@
len != 1 ||
buf[0] != ssl->conf->mfl_code )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching max fragment length extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1177,9 +1334,12 @@
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching truncated HMAC extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1200,9 +1360,12 @@
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching encrypt-then-MAC extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1223,9 +1386,12 @@
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching extended master secret extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1245,9 +1411,12 @@
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching session ticket extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1328,8 +1497,10 @@
buf, len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( ret );
}
@@ -1348,8 +1519,10 @@
if( ssl->conf->alpn_list == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1529,12 +1702,13 @@
if( ssl->conf->renego_max_records >= 0 &&
ssl->renego_records_seen > ssl->conf->renego_max_records )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
- "but not honored by server" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation requested, but not honored by server" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-handshake message during renegotiation" ) );
ssl->keep_current_message = 1;
return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
@@ -1542,8 +1716,10 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -1597,11 +1773,13 @@
ssl->major_ver > ssl->conf->max_major_ver ||
ssl->minor_ver > ssl->conf->max_minor_ver )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
- " min: [%d:%d], server: [%d:%d], max: [%d:%d]",
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
+ ssl->conf->min_major_ver,
+ ssl->conf->min_minor_ver,
+ ssl->major_ver, ssl->minor_ver,
+ ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1638,8 +1816,10 @@
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
}
@@ -1678,26 +1858,32 @@
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
#endif/* MBEDTLS_ZLIB_SUPPORT */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server hello, bad compression: %d", comp ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
/*
* Initialize update checksum functions
*/
- ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
+ ssl->transform_negotiate->ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id( i );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "ciphersuite info for %04x not found", i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+ mbedtls_ssl_optimize_checksum( ssl,
+ ssl->transform_negotiate->ciphersuite_info );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
@@ -1731,8 +1917,10 @@
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( ret );
}
}
@@ -1741,7 +1929,8 @@
ssl->handshake->resume ? "a" : "no" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
+ buf[37 + n] ) );
/*
* Perform cipher suite validation in same way as in ssl_write_client_hello.
@@ -1752,8 +1941,10 @@
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1764,16 +1955,21 @@
}
}
- suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
- if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 )
+ suite_info = mbedtls_ssl_ciphersuite_from_id(
+ ssl->session_negotiate->ciphersuite );
+ if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver,
+ ssl->minor_ver ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
@@ -1790,15 +1986,18 @@
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
ssl->session_negotiate->compression = comp;
ext = buf + 40 + n;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "server hello, total extension length: %d", ext_len ) );
while( ext_len )
{
@@ -1810,8 +2009,9 @@
if( ext_size + 4 > ext_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1831,7 +2031,8 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found max_fragment_length extension" ) );
if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -1870,7 +2071,8 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found extended_master_secret extension" ) );
if( ( ret = ssl_parse_extended_ms_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -1897,7 +2099,8 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found supported_point_formats extension" ) );
if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -1933,8 +2136,8 @@
#endif /* MBEDTLS_SSL_ALPN */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
- ext_id ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown extension found: %d (ignoring)", ext_id ) );
}
ext_len -= 4 + ext_size;
@@ -1951,9 +2154,11 @@
* Renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -1961,12 +2166,14 @@
ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
@@ -1975,15 +2182,18 @@
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation_info extension present (legacy)" ) );
handshake_failure = 1;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
if( handshake_failure == 1 )
{
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1994,7 +2204,8 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p,
+static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
+ unsigned char **p,
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2008,7 +2219,8 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
+ if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx,
+ p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
return( ret );
@@ -2104,7 +2316,8 @@
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (ECDHE curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2130,8 +2343,8 @@
*/
if( end - (*p) < 2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
- "(psk_identity_hint length)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
len = (*p)[0] << 8 | (*p)[1];
@@ -2139,8 +2352,8 @@
if( end - (*p) < (int) len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
- "(psk_identity_hint length)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2182,8 +2395,9 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
{
@@ -2260,20 +2474,22 @@
/*
* Get hash algorithm
*/
- if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
+ if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) )
+ == MBEDTLS_MD_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
- "HashAlgorithm %d", *(p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/*
* Get signature algorithm
*/
- if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
+ if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) )
+ == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
- "SignatureAlgorithm %d", (*p)[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2282,13 +2498,15 @@
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
- *(p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d",
+ (*p)[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d",
+ (*p)[0] ) );
*p += 2;
return( 0 );
@@ -2366,8 +2584,10 @@
if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( ret );
}
@@ -2397,8 +2617,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -2417,10 +2639,12 @@
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must "
- "not be skipped" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server key exchange message must not be skipped" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -2444,8 +2668,10 @@
if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
} /* FALLTROUGH */
@@ -2467,8 +2693,10 @@
if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2485,8 +2713,10 @@
if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2502,8 +2732,10 @@
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2534,17 +2766,24 @@
if( ssl_parse_signature_algorithm( ssl, &p, end,
&md_alg, &pk_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
+ if( pk_alg !=
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2574,8 +2813,10 @@
if( p > end - 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
sig_len = ( p[0] << 8 ) | p[1];
@@ -2584,8 +2825,10 @@
if( p != end - sig_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2630,19 +2873,24 @@
if( ssl->session_negotiate->peer_cert == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
/*
* Verify signature
*/
- if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+ pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
@@ -2658,8 +2906,10 @@
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@@ -2724,8 +2974,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -2801,8 +3053,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+ size_t sig_alg_len =
+ ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
+ | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C)
unsigned char* sig_alg;
size_t i;
@@ -2820,11 +3073,14 @@
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
+ + 3 + n + sig_alg_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
@@ -2832,8 +3088,9 @@
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( i = 0; i < sig_alg_len; i += 2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
- ",%d", sig_alg[i], sig_alg[i + 1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Supported Signature Algorithm found: %d,%d",
+ sig_alg[i], sig_alg[i + 1] ) );
}
#endif
@@ -2922,9 +3179,9 @@
i = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[i], n,
- ssl->conf->f_rng, ssl->conf->p_rng );
+ (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ &ssl->out_msg[i], n,
+ ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@@ -2935,10 +3192,10 @@
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ ssl->handshake->premaster,
+ MBEDTLS_PREMASTER_SIZE,
+ &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
@@ -3001,10 +3258,10 @@
n = ssl->handshake->ecrs_n;
#endif
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ MBEDTLS_MPI_MAX_SIZE,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
@@ -3039,15 +3296,17 @@
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
- "SSL buffer too short" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity too long or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );
- memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
+ memcpy( ssl->out_msg + i,
+ ssl->conf->psk_identity,
+ ssl->conf->psk_identity_len );
i += ssl->conf->psk_identity_len;
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
@@ -3075,8 +3334,8 @@
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
- " or SSL buffer too short" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity or DHM size too long or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
@@ -3123,7 +3382,8 @@
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
}
@@ -3332,8 +3592,9 @@
* Until we encounter a server that does not, we will take this
* shortcut.
*
- * Reason: Otherwise we should have running hashes for SHA512 and SHA224
- * in order to satisfy 'weird' needs from the server side.
+ * Reason: Otherwise we should have running hashes for SHA512 and
+ * SHA224 in order to satisfy 'weird' needs from the server
+ * side.
*/
if( ssl->transform_negotiate->ciphersuite_info->mac ==
MBEDTLS_MD_SHA384 )
@@ -3423,8 +3684,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 56e9bdd..04565e0 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -1,8 +1,14 @@
/*
* DTLS cookie callbacks implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* These session callbacks use a simple chained list
@@ -133,8 +158,7 @@
{
unsigned char hmac_out[COOKIE_MD_OUTLEN];
- if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
@@ -164,8 +188,7 @@
if( ctx == NULL || cli_id == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( (size_t)( end - *p ) < COOKIE_LEN )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
#if defined(MBEDTLS_HAVE_TIME)
t = (unsigned long) mbedtls_time( NULL );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5825970..97b7784 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1,8 +1,14 @@
/*
* SSLv3/TLSv1 server-side functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8492c19..bbde8e4 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -1,8 +1,14 @@
/*
* TLS server tickets callbacks implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -35,6 +60,7 @@
#define mbedtls_free free
#endif
+#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/platform_util.h"
@@ -54,6 +80,19 @@
#define MAX_KEY_BYTES 32 /* 256 bits */
+#define TICKET_KEY_NAME_BYTES 4
+#define TICKET_IV_BYTES 12
+#define TICKET_CRYPT_LEN_BYTES 2
+#define TICKET_AUTH_TAG_BYTES 16
+
+#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES + \
+ TICKET_AUTH_TAG_BYTES )
+#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES )
+
/*
* Generate/update a key
*/
@@ -278,6 +317,7 @@
* The key_name, iv, and length of encrypted_state are the additional
* authenticated data.
*/
+
int mbedtls_ssl_ticket_write( void *p_ticket,
const mbedtls_ssl_session *session,
unsigned char *start,
@@ -289,9 +329,9 @@
mbedtls_ssl_ticket_context *ctx = p_ticket;
mbedtls_ssl_ticket_key *key;
unsigned char *key_name = start;
- unsigned char *iv = start + 4;
- unsigned char *state_len_bytes = iv + 12;
- unsigned char *state = state_len_bytes + 2;
+ unsigned char *iv = start + TICKET_KEY_NAME_BYTES;
+ unsigned char *state_len_bytes = iv + TICKET_IV_BYTES;
+ unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
unsigned char *tag;
size_t clear_len, ciph_len;
@@ -302,8 +342,7 @@
/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
* in addition to session itself, that will be checked when writing it. */
- if( end - start < 4 + 12 + 2 + 16 )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -317,9 +356,9 @@
*ticket_lifetime = ctx->ticket_lifetime;
- memcpy( key_name, key->name, 4 );
+ memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES );
- if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
+ if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 )
goto cleanup;
/* Dump session state */
@@ -335,8 +374,11 @@
/* Encrypt and authenticate */
tag = state + clear_len;
if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
- iv, 12, key_name, 4 + 12 + 2,
- state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ state, clear_len, state, &ciph_len,
+ tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
{
goto cleanup;
}
@@ -346,7 +388,7 @@
goto cleanup;
}
- *tlen = 4 + 12 + 2 + 16 + ciph_len;
+ *tlen = TICKET_MIN_LEN + ciph_len;
cleanup:
#if defined(MBEDTLS_THREADING_C)
@@ -385,17 +427,16 @@
mbedtls_ssl_ticket_context *ctx = p_ticket;
mbedtls_ssl_ticket_key *key;
unsigned char *key_name = buf;
- unsigned char *iv = buf + 4;
- unsigned char *enc_len_p = iv + 12;
- unsigned char *ticket = enc_len_p + 2;
+ unsigned char *iv = buf + TICKET_KEY_NAME_BYTES;
+ unsigned char *enc_len_p = iv + TICKET_IV_BYTES;
+ unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
unsigned char *tag;
size_t enc_len, clear_len;
if( ctx == NULL || ctx->f_rng == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- /* See mbedtls_ssl_ticket_write() */
- if( len < 4 + 12 + 2 + 16 )
+ if( len < TICKET_MIN_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_THREADING_C)
@@ -409,7 +450,7 @@
enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
tag = ticket + enc_len;
- if( len != 4 + 12 + 2 + enc_len + 16 )
+ if( len != TICKET_MIN_LEN + enc_len )
{
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto cleanup;
@@ -425,9 +466,13 @@
}
/* Decrypt and authenticate */
- if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
- key_name, 4 + 12 + 2, ticket, enc_len,
- ticket, &clear_len, tag, 16 ) ) != 0 )
+ if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx,
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ ticket, enc_len,
+ ticket, &clear_len,
+ tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
{
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cbec74f..2471600 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1,8 +1,14 @@
/*
* SSLv3/TLSv1 shared functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The SSL 3.0 specification was drafted by Netscape in 1996,
@@ -1406,32 +1431,10 @@
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#define SSL_SOME_MODES_USE_MAC
#endif
-/* The function below is only used in the Lucky 13 counter-measure in
- * ssl_decrypt_buf(). These are the defines that guard the call site. */
-#if defined(SSL_SOME_MODES_USE_MAC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) )
-/* This function makes sure every byte in the memory region is accessed
- * (in ascending addresses order) */
-static void ssl_read_memory( unsigned char *p, size_t len )
-{
- unsigned char acc = 0;
- volatile unsigned char force;
-
- for( ; len != 0; p++, len-- )
- acc ^= *p;
-
- force = acc;
- (void) force;
-}
-#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */
-
/*
* Encryption/decryption functions
*/
@@ -1642,8 +1645,7 @@
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if( mode == MBEDTLS_MODE_CBC )
{
int ret;
@@ -1762,8 +1764,7 @@
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
}
else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
- ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1781,6 +1782,156 @@
return( 0 );
}
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+/*
+ * Constant-flow conditional memcpy:
+ * - if c1 == c2, equivalent to memcpy(dst, src, len),
+ * - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * Use only bit operations to avoid branches that could be used by some
+ * compilers on some platforms to translate comparison operators.
+ */
+static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
+ const unsigned char *src,
+ size_t len,
+ size_t c1, size_t c2 )
+{
+ /* diff = 0 if c1 == c2, non-zero otherwise */
+ const size_t diff = c1 ^ c2;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* diff_msb's most significant bit is equal to c1 != c2 */
+ const size_t diff_msb = ( diff | -diff );
+
+ /* diff1 = c1 != c2 */
+ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+
+ /* mask = c1 != c2 ? 0xff : 0x00 */
+ const unsigned char mask = (unsigned char) -diff1;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ /* dst[i] = c1 != c2 ? dst[i] : src[i] */
+ size_t i;
+ for( i = 0; i < len; i++ )
+ dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask );
+}
+
+/*
+ * Compute HMAC of variable-length data with constant flow.
+ *
+ * Only works with MD-5, SHA-1, SHA-256 and SHA-384.
+ * (Otherwise, computation of block_size needs to be adapted.)
+ */
+int mbedtls_ssl_cf_hmac(
+ mbedtls_md_context_t *ctx,
+ const unsigned char *add_data, size_t add_data_len,
+ const unsigned char *data, size_t data_len_secret,
+ size_t min_data_len, size_t max_data_len,
+ unsigned char *output )
+{
+ /*
+ * This function breaks the HMAC abstraction and uses the md_clone()
+ * extension to the MD API in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
+ *
+ * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
+ * minlen, then cloning the context, and for each byte up to maxlen
+ * finishing up the hash computation, keeping only the correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
+ /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
+ * all of which have the same block size except SHA-384. */
+ const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
+ const unsigned char * const ikey = ctx->hmac_ctx;
+ const unsigned char * const okey = ikey + block_size;
+ const size_t hash_size = mbedtls_md_get_size( ctx->md_info );
+
+ unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_md_context_t aux;
+ size_t offset;
+ int ret;
+
+ mbedtls_md_init( &aux );
+
+#define MD_CHK( func_call ) \
+ do { \
+ ret = (func_call); \
+ if( ret != 0 ) \
+ goto cleanup; \
+ } while( 0 )
+
+ MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
+
+ /* After hmac_start() of hmac_reset(), ikey has already been hashed,
+ * so we can start directly with the message */
+ MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
+ MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
+
+ /* For each possible length, compute the hash up to that point */
+ for( offset = min_data_len; offset <= max_data_len; offset++ )
+ {
+ MD_CHK( mbedtls_md_clone( &aux, ctx ) );
+ MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
+ offset, data_len_secret );
+
+ if( offset < max_data_len )
+ MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
+ }
+
+ /* Now compute HASH(okey + inner_hash) */
+ MD_CHK( mbedtls_md_starts( ctx ) );
+ MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
+ MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
+ MD_CHK( mbedtls_md_finish( ctx, output ) );
+
+ /* Done, get ready for next time */
+ MD_CHK( mbedtls_md_hmac_reset( ctx ) );
+
+#undef MD_CHK
+
+cleanup:
+ mbedtls_md_free( &aux );
+ return( ret );
+}
+
+/*
+ * Constant-flow memcpy from variable position in buffer.
+ * - functionally equivalent to memcpy(dst, src + offset_secret, len)
+ * - but with execution flow independent from the value of offset_secret.
+ */
+void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
+ const unsigned char *src_base,
+ size_t offset_secret,
+ size_t offset_min, size_t offset_max,
+ size_t len )
+{
+ size_t offset;
+
+ for( offset = offset_min; offset <= offset_max; offset++ )
+ {
+ mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len,
+ offset, offset_secret );
+ }
+}
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+
static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
{
mbedtls_cipher_mode_t mode;
@@ -1935,8 +2086,7 @@
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if( mode == MBEDTLS_MODE_CBC )
{
/*
@@ -2149,8 +2299,7 @@
ssl->in_msglen -= padlen;
}
else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
- ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -2169,6 +2318,7 @@
if( auth_done == 0 )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
+ unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD];
ssl->in_msglen -= ssl->transform_in->maclen;
@@ -2183,6 +2333,8 @@
ssl->in_msg, ssl->in_msglen,
ssl->in_ctr, ssl->in_msgtype,
mac_expect );
+ memcpy( mac_peer, ssl->in_msg + ssl->in_msglen,
+ ssl->transform_in->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -2190,34 +2342,8 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
- /*
- * Process MAC and always update for padlen afterwards to make
- * total time independent of padlen.
- *
- * Known timing attacks:
- * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
- *
- * To compensate for different timings for the MAC calculation
- * depending on how much padding was removed (which is determined
- * by padlen), process extra_run more blocks through the hash
- * function.
- *
- * The formula in the paper is
- * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 )
- * where L1 is the size of the header plus the decrypted message
- * plus CBC padding and L2 is the size of the header plus the
- * decrypted message. This is for an underlying hash function
- * with 64-byte blocks.
- * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values
- * correctly. We round down instead of up, so -56 is the correct
- * value for our calculations instead of -55.
- *
- * Repeat the formula rather than defining a block_size variable.
- * This avoids requiring division by a variable at runtime
- * (which would be marginally less efficient and would require
- * linking an extra division function in some builds).
- */
- size_t j, extra_run = 0;
+ int ret;
+ unsigned char add_data[13];
/*
* The next two sizes are the minimum and maximum values of
@@ -2232,56 +2358,25 @@
const size_t max_len = ssl->in_msglen + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
- switch( ssl->transform_in->ciphersuite_info->mac )
+ memcpy( add_data + 0, ssl->in_ctr, 8 );
+ memcpy( add_data + 8, ssl->in_hdr, 3 );
+ memcpy( add_data + 11, ssl->in_len, 2 );
+
+ ret = mbedtls_ssl_cf_hmac( &ssl->transform_in->md_ctx_dec,
+ add_data, sizeof( add_data ),
+ ssl->in_msg, ssl->in_msglen,
+ min_len, max_len,
+ mac_expect );
+ if( ret != 0 )
{
-#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
- defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_MD5:
- case MBEDTLS_MD_SHA1:
- case MBEDTLS_MD_SHA256:
- /* 8 bytes of message size, 64-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
- ( 13 + ssl->in_msglen + 8 ) / 64;
- break;
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA384:
- /* 16 bytes of message size, 128-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
- ( 13 + ssl->in_msglen + 16 ) / 128;
- break;
-#endif
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret );
+ return( ret );
}
- extra_run &= correct * 0xFF;
-
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
- ssl->in_msglen );
- /* Make sure we access everything even when padlen > 0. This
- * makes the synchronisation requirements for just-in-time
- * Prime+Probe attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
-
- /* Call mbedtls_md_process at least once due to cache attacks
- * that observe whether md_process() was called of not */
- for( j = 0; j < extra_run + 1; j++ )
- mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
-
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-
- /* Make sure we access all the memory that could contain the MAC,
- * before we check it in the next code block. This makes the
- * synchronisation requirements for just-in-time Prime+Probe
- * attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + min_len,
- max_len - min_len + ssl->transform_in->maclen );
+ mbedtls_ssl_cf_memcpy_offset( mac_peer, ssl->in_msg,
+ ssl->in_msglen,
+ min_len, max_len,
+ ssl->transform_in->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2293,11 +2388,10 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, ssl->transform_in->maclen );
#endif
- if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
+ if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect,
ssl->transform_in->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
@@ -2725,7 +2819,7 @@
if( ret < 0 )
return( ret );
- if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_recv returned %d bytes but only %lu were requested",
@@ -2779,7 +2873,7 @@
if( ret <= 0 )
return( ret );
- if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_send returned %d bytes but only %lu bytes were sent",
@@ -7589,7 +7683,9 @@
cur_len = strlen( *p );
tot_len += cur_len;
- if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
+ if( ( cur_len == 0 ) ||
+ ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
+ ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -8557,6 +8653,10 @@
memcpy( buf, ssl->in_offt, n );
ssl->in_msglen -= n;
+ /* Zeroising the plaintext buffer to erase unused application data
+ from the memory. */
+ mbedtls_platform_zeroize( ssl->in_offt, n );
+
if( ssl->in_msglen == 0 )
{
/* all bytes consumed */
diff --git a/library/threading.c b/library/threading.c
index 7c90c7c..61c4b94 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -1,8 +1,14 @@
/*
* Threading abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
diff --git a/library/timing.c b/library/timing.c
index 009516a..50a2216 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -1,8 +1,14 @@
/*
* Portable interface to the CPU cycle counter
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/version.c b/library/version.c
index fd96750..5733288 100644
--- a/library/version.c
+++ b/library/version.c
@@ -1,8 +1,14 @@
/*
* Version information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/version_features.c b/library/version_features.c
index 3b67b2b..cbf38dc 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -1,8 +1,14 @@
/*
* Version feature information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -252,6 +277,12 @@
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
"MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+ "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND",
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
"MBEDTLS_TEST_NULL_ENTROPY",
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
@@ -351,6 +382,9 @@
#if defined(MBEDTLS_ECP_NIST_OPTIM)
"MBEDTLS_ECP_NIST_OPTIM",
#endif /* MBEDTLS_ECP_NIST_OPTIM */
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ "MBEDTLS_ECP_NO_INTERNAL_RNG",
+#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
#if defined(MBEDTLS_ECP_RESTARTABLE)
"MBEDTLS_ECP_RESTARTABLE",
#endif /* MBEDTLS_ECP_RESTARTABLE */
diff --git a/library/x509.c b/library/x509.c
index 4d25303..0c820ec 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1,8 +1,14 @@
/*
* X.509 common functions for parsing and verification
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
diff --git a/library/x509_create.c b/library/x509_create.c
index 546e8fa..0dbd679 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -1,8 +1,14 @@
/*
* X.509 base functions for creating certificates / CSRs
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 00f8545..dba71fa 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -1,8 +1,14 @@
/*
* X.509 Certidicate Revocation List (CRL) parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -258,13 +283,13 @@
size_t len2;
const unsigned char *end2;
+ cur_entry->raw.tag = **p;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
{
return( ret );
}
- cur_entry->raw.tag = **p;
cur_entry->raw.p = *p;
cur_entry->raw.len = len2;
end2 = *p + len2;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 176e885..fadd28e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1,8 +1,14 @@
/*
* X.509 certificate parsing and verification
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -1791,8 +1816,7 @@
if( crt->serial.len == cur->serial.len &&
memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
{
- if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
- return( 1 );
+ return( 1 );
}
cur = cur->next;
diff --git a/library/x509_csr.c b/library/x509_csr.c
index c8c08c8..663047d 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -1,8 +1,14 @@
/*
* X.509 Certificate Signing Request (CSR) parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 61d7ba4..5462e83 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -1,8 +1,14 @@
/*
* X.509 certificate writing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* References:
@@ -74,39 +99,44 @@
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
}
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx,
+ int version )
{
ctx->version = version;
}
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg )
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx,
+ mbedtls_md_type_t md_alg )
{
ctx->md_alg = md_alg;
}
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key )
{
ctx->subject_key = key;
}
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key )
{
ctx->issuer_key = key;
}
int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name )
+ const char *subject_name )
{
return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
}
int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name )
+ const char *issuer_name )
{
return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
}
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial )
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx,
+ const mbedtls_mpi *serial )
{
int ret;
@@ -116,8 +146,9 @@
return( 0 );
}
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
- const char *not_after )
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx,
+ const char *not_before,
+ const char *not_after )
{
if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
@@ -137,12 +168,12 @@
int critical,
const unsigned char *val, size_t val_len )
{
- return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
- critical, val, val_len );
+ return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
+ critical, val, val_len ) );
}
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen )
+ int is_ca, int max_pathlen )
{
int ret;
unsigned char buf[9];
@@ -158,18 +189,21 @@
{
if( max_pathlen >= 0 )
{
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf,
+ max_pathlen ) );
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
- 0, buf + sizeof(buf) - len, len );
+ return(
+ mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
+ 0, buf + sizeof(buf) - len, len ) );
}
#if defined(MBEDTLS_SHA1_C)
@@ -181,7 +215,8 @@
size_t len = 0;
memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
@@ -191,11 +226,13 @@
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
- 0, buf + sizeof(buf) - len, len );
+ return mbedtls_x509write_crt_set_extension( ctx,
+ MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len );
}
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
@@ -206,7 +243,8 @@
size_t len = 0;
memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
@@ -216,15 +254,19 @@
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
- 0, buf + sizeof( buf ) - len, len );
+ return mbedtls_x509write_crt_set_extension(
+ ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
+ 0, buf + sizeof( buf ) - len, len );
}
#endif /* MBEDTLS_SHA1_C */
@@ -271,8 +313,8 @@
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- 1, c, (size_t)ret );
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
+ 1, c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -298,8 +340,8 @@
return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- 0, c, (size_t)ret );
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
+ 0, c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -321,7 +363,8 @@
(const unsigned char *) t + 2,
size - 2 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_UTC_TIME ) );
}
else
{
@@ -329,15 +372,17 @@
(const unsigned char *) t,
size ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_GENERALIZED_TIME ) );
}
return( (int) len );
}
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
const char *sig_oid;
@@ -345,15 +390,14 @@
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[SIGNATURE_MAX_SIZE];
- unsigned char tmp_buf[2048];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
/*
- * Prepare data to be signed in tmp_buf
+ * Prepare data to be signed at the end of the target buffer
*/
- c = tmp_buf + sizeof( tmp_buf );
+ c = buf + size;
/* Signature algorithm needed in TBS, and later for actual signature */
@@ -379,27 +423,36 @@
/* Only for v3 */
if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
{
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_x509_write_extensions( &c,
+ buf, ctx->extensions ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
}
/*
* SubjectPublicKeyInfo
*/
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key,
- tmp_buf, c - tmp_buf ) );
+ MBEDTLS_ASN1_CHK_ADD( pub_len,
+ mbedtls_pk_write_pubkey_der( ctx->subject_key,
+ buf, c - buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_x509_write_names( &c, buf,
+ ctx->subject ) );
/*
* Validity ::= SEQUENCE {
@@ -408,32 +461,39 @@
*/
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ x509_write_time( &c, buf, ctx->not_after,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
- MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ x509_write_time( &c, buf, ctx->not_before,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
/*
* Issuer ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
+ ctx->issuer ) );
/*
* Signature ::= AlgorithmIdentifier
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf,
- sig_oid, strlen( sig_oid ), 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_algorithm_identifier( &c, buf,
+ sig_oid, strlen( sig_oid ), 0 ) );
/*
* Serial ::= INTEGER
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf,
+ &ctx->serial ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
@@ -443,48 +503,67 @@
if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
{
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ mbedtls_asn1_write_int( &c, buf, ctx->version ) );
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_len( &c, buf, sub_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
/*
* Make signature
*/
+
+ /* Compute hash of CRT. */
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
len, hash ) ) != 0 )
{
return( ret );
}
- if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 )
+ if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
+ hash, 0, sig, &sig_len,
+ f_rng, p_rng ) ) != 0 )
{
return( ret );
}
- /*
- * Write data to output buffer
- */
+ /* Move CRT to the front of the buffer to have space
+ * for the signature. */
+ memmove( buf, c, len );
+ c = buf + len;
+
+ /* Add signature at the end of the buffer,
+ * making sure that it doesn't underflow
+ * into the CRT buffer. */
c2 = buf + size;
- MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
+ MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c,
sig_oid, sig_oid_len, sig, sig_len ) );
- if( len > (size_t)( c2 - buf ) )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ /*
+ * Memory layout after this step:
+ *
+ * buf c=buf+len c2 buf+size
+ * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm]
+ */
- c2 -= len;
- memcpy( c2, c, len );
+ /* Move raw CRT to just before the signature. */
+ c = c2 - len;
+ memmove( c, buf, len );
len += sig_and_oid_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
return( (int) len );
@@ -494,23 +573,23 @@
#define PEM_END_CRT "-----END CERTIFICATE-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
- unsigned char output_buf[4096];
- size_t olen = 0;
+ size_t olen;
- if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
+ if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
f_rng, p_rng ) ) < 0 )
{
return( ret );
}
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
- output_buf + sizeof(output_buf) - ret,
- ret, buf, size, &olen ) ) != 0 )
+ buf + size - ret, ret,
+ buf, size, &olen ) ) != 0 )
{
return( ret );
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 7406a97..60cf123 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -1,8 +1,14 @@
/*
* X.509 Certificate Signing Request writing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
* References:
@@ -54,6 +79,14 @@
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@@ -160,71 +193,85 @@
return( 0 );
}
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
+ unsigned char *buf,
+ size_t size,
+ unsigned char *sig,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[SIGNATURE_MAX_SIZE];
- unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
- /*
- * Prepare data to be signed in tmp_buf
- */
- c = tmp_buf + sizeof( tmp_buf );
+ /* Write the CSR backwards starting from the end of buf */
+ c = buf + size;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf,
+ ctx->extensions ) );
if( len )
{
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SET ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_oid(
+ &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
- tmp_buf, c - tmp_buf ) );
+ buf, c - buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
+ ctx->subject ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
/*
- * Prepare signature
+ * Sign the written CSR data into the sig buffer
+ * Note: hash errors can happen only after an internal error
*/
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
if( ret != 0 )
@@ -244,32 +291,68 @@
return( MBEDTLS_ERR_X509_INVALID_ALG );
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
- &sig_oid, &sig_oid_len ) ) != 0 )
+ &sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
/*
- * Write data to output buffer
+ * Move the written CSR data to the start of buf to create space for
+ * writing the signature into buf.
+ */
+ memmove( buf, c, len );
+
+ /*
+ * Write sig and its OID into buf backwards from the end of buf.
+ * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len
+ * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
*/
c2 = buf + size;
- MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
- sig_oid, sig_oid_len, sig, sig_len ) );
+ MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len,
+ mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len,
+ sig, sig_len ) );
- if( len > (size_t)( c2 - buf ) )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
+ /*
+ * Compact the space between the CSR data and signature by moving the
+ * CSR data to the start of the signature.
+ */
c2 -= len;
- memcpy( c2, c, len );
+ memmove( c2, buf, len );
+ /* ASN encode the total size and tag the CSR data with it. */
len += sig_and_oid_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag(
+ &c2, buf,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ /* Zero the unused bytes at the start of buf */
+ memset( buf, 0, c2 - buf);
return( (int) len );
}
+int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ unsigned char *sig;
+
+ if( ( sig = mbedtls_calloc( 1, SIGNATURE_MAX_SIZE ) ) == NULL )
+ {
+ return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ }
+
+ ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng );
+
+ mbedtls_free( sig );
+
+ return( ret );
+}
+
#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
diff --git a/library/xtea.c b/library/xtea.c
index a33707b..4e62817 100644
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -1,8 +1,14 @@
/*
* An 32-bit implementation of the XTEA algorithm
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 8242ea7..8b44aad 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -1,8 +1,14 @@
/*
* AES-256 file encryption program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
@@ -76,7 +101,7 @@
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
"and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -465,6 +490,6 @@
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index a5acf5b..9c566e7 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -2,8 +2,14 @@
* \brief Generic file encryption program using generic wrappers for configured
* security.
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
@@ -78,14 +103,15 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
{
- int ret = 1, i, n;
+ int ret = 1, i;
+ unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
@@ -562,6 +588,6 @@
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 709a149..d6c5cf8 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -1,8 +1,14 @@
/*
* generic message digest layer demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -48,7 +73,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -203,7 +228,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
/*
@@ -213,12 +238,12 @@
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
ret = 0;
@@ -237,6 +262,6 @@
exit:
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 55a0c7e..ada025b 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -1,8 +1,14 @@
/*
* Classic "Hello, world" demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -44,7 +69,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -58,7 +83,7 @@
mbedtls_printf( "\n MD5('%s') = ", str );
if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
- return( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
for( i = 0; i < 16; i++ )
mbedtls_printf( "%02x", digest[i] );
@@ -70,6 +95,6 @@
fflush( stdout ); getchar();
#endif
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
#endif /* MBEDTLS_MD5_C */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 86b260c..68f4b71 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -1,8 +1,14 @@
/*
* Diffie-Hellman-Merkle key exchange (client side)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -68,7 +93,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -307,7 +332,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index bf5482e..fcfa5b9 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -1,8 +1,14 @@
/*
* Diffie-Hellman-Merkle key exchange (prime generation)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -45,7 +70,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -91,7 +116,7 @@
{
usage:
mbedtls_printf( USAGE );
- return( exit_code );
+ goto exit;
}
for( i = 1; i < argc; i++ )
@@ -197,7 +222,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index c011774..5e008ab 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -1,8 +1,14 @@
/*
* Diffie-Hellman-Merkle key exchange (server side)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -68,7 +93,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -330,7 +355,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 9f849dd..1c10139 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -1,8 +1,14 @@
/*
* Example ECDHE with Curve25519 program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -45,7 +70,7 @@
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -238,7 +263,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 9feb160..2479164 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -1,8 +1,14 @@
/*
* Example ECDSA program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -66,7 +91,7 @@
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
#if defined(VERBOSE)
@@ -248,7 +273,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 23e4e14..76ed6d7 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -1,8 +1,14 @@
/*
* Key generation application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -133,7 +158,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -446,7 +471,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 7939309..c6bd192 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -1,8 +1,14 @@
/*
* Key reading application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -70,7 +95,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -311,6 +336,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 6096429..afe024a 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -1,8 +1,14 @@
/*
* Key writing application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -94,7 +119,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -436,6 +461,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index ecdcd32..e7df647 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -1,8 +1,14 @@
/*
* Simple MPI demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -46,7 +71,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -112,6 +137,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index bf42507..e53d6fd 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -1,8 +1,14 @@
/*
* Public key-based simple decryption program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -56,7 +81,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -64,7 +89,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
@@ -171,7 +197,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index a32b147..4e359fd 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -1,8 +1,14 @@
/*
* RSA simple data encryption program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -57,7 +82,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -176,7 +201,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index bdedca4..8b875b2 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -1,8 +1,14 @@
/*
* Public key-based signature creation program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -47,7 +72,7 @@
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -184,7 +209,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a6bfe3f..5969488 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -1,8 +1,14 @@
/*
* Public key-based signature verification program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -45,7 +70,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index ff71bd0..3f8823d 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -1,8 +1,14 @@
/*
* RSA simple decryption program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -55,7 +80,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -65,7 +90,7 @@
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
- int c;
+ unsigned c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -207,6 +232,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 4a71c15..c206173 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -1,8 +1,14 @@
/*
* RSA simple data encryption program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -55,7 +80,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -184,7 +209,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index d556c19..7e08c05 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -1,8 +1,14 @@
/*
* Example RSA key generation program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -60,7 +85,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -186,7 +211,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt
index 22c37fe..254fcf8 100644
--- a/programs/pkey/rsa_priv.txt
+++ b/programs/pkey/rsa_priv.txt
@@ -1,8 +1,8 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
-D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
-P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
-Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
-DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
-DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
-QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
+D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
+P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
+Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
+DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
+DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
+QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt
index 2c6d313..1e7ae0c 100644
--- a/programs/pkey/rsa_pub.txt
+++ b/programs/pkey/rsa_pub.txt
@@ -1,2 +1,2 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 9bcd7a6..ea7e450 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -1,8 +1,14 @@
/*
* RSA/SHA-256 signature creation program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -46,7 +71,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -188,7 +213,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 42209e2..b5ab26e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -1,8 +1,14 @@
/*
* RSASSA-PSS/SHA-256 signature creation program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -47,7 +72,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -175,7 +200,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 94f0ef9..809c434 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -1,8 +1,14 @@
/*
* RSA/SHA-256 signature verification program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -45,7 +70,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -59,7 +84,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
@@ -161,7 +187,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 148cd51..b67be4a 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -1,8 +1,14 @@
/*
* RSASSA-PSS/SHA-256 signature verification program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -47,7 +72,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -152,7 +177,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 6ae63b7..671df5b 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -1,8 +1,14 @@
/**
* \brief Use and generate multiple entropies calls into a file
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -47,7 +72,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -63,13 +88,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -99,6 +124,6 @@
fclose( f );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 59df34b..0eb1477 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -1,8 +1,14 @@
/**
* \brief Use and generate random data into a file via the CTR_DBRG based on AES
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -50,7 +75,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -69,13 +94,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -132,6 +157,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 5ea52ae..6cfd0fa 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -1,8 +1,14 @@
/**
* \brief Generate random data into a file
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -48,7 +73,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -65,13 +90,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_havege_init( &hs );
@@ -104,6 +129,6 @@
exit:
mbedtls_havege_free( &hs );
fclose( f );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 803920c..094543b 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -8,12 +8,13 @@
set(targets
dtls_client
dtls_server
+ mini_client
ssl_client1
ssl_client2
- ssl_server
ssl_fork_server
ssl_mail_client
- mini_client
+ ssl_server
+ ssl_server2
)
if(USE_PKCS11_HELPER_LIBRARY)
@@ -30,28 +31,28 @@
add_executable(dtls_server dtls_server.c)
target_link_libraries(dtls_server ${libs})
+add_executable(mini_client mini_client.c)
+target_link_libraries(mini_client ${libs})
+
add_executable(ssl_client1 ssl_client1.c)
target_link_libraries(ssl_client1 ${libs})
-add_executable(ssl_client2 ssl_client2.c)
-target_sources(ssl_client2 PUBLIC query_config.c)
+add_executable(ssl_client2 ssl_client2.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c)
target_link_libraries(ssl_client2 ${libs})
-add_executable(ssl_server ssl_server.c)
-target_link_libraries(ssl_server ${libs})
-
-add_executable(ssl_server2 ssl_server2.c)
-target_sources(ssl_server2 PUBLIC query_config.c)
-target_link_libraries(ssl_server2 ${libs})
-
add_executable(ssl_fork_server ssl_fork_server.c)
target_link_libraries(ssl_fork_server ${libs})
add_executable(ssl_mail_client ssl_mail_client.c)
target_link_libraries(ssl_mail_client ${libs})
-add_executable(mini_client mini_client.c)
-target_link_libraries(mini_client ${libs})
+add_executable(ssl_server ssl_server.c)
+target_link_libraries(ssl_server ${libs})
+
+add_executable(ssl_server2 ssl_server2.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c)
+target_link_libraries(ssl_server2 ${libs})
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 3ea2a68..69d4f33 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -1,8 +1,14 @@
/*
* Simple DTLS client demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -29,6 +54,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_exit exit
@@ -48,7 +74,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -355,7 +381,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index bb32724..8339d9d 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -1,8 +1,14 @@
/*
* Simple DTLS server demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -29,6 +54,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_time_t time_t
@@ -61,7 +87,7 @@
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
"MBEDTLS_TIMING_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -430,7 +456,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 4b8140e..3f2ab5a 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -2,8 +2,14 @@
* Minimal SSL client, used for memory measurements.
* (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -60,7 +85,7 @@
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -296,6 +321,6 @@
mbedtls_x509_crt_free( &ca );
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 37e4141..798c917 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1,8 +1,14 @@
/*
* Query Mbed TLS compile time configurations from config.h
*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -714,6 +739,22 @@
}
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+ if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
+
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 )
{
@@ -978,6 +1019,14 @@
}
#endif /* MBEDTLS_ECP_NIST_OPTIM */
+#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ if( strcmp( "MBEDTLS_ECP_NO_INTERNAL_RNG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_INTERNAL_RNG );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 )
{
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index b723243..bb07feb 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -1,8 +1,14 @@
/*
* SSL client demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -51,7 +76,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -312,7 +337,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 13d0d17..4f26b57 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1,8 +1,14 @@
/*
* SSL client with certificate authentication
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -48,7 +73,7 @@
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -259,7 +284,9 @@
#define USAGE_ECRESTART ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
@@ -282,7 +309,8 @@
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \
USAGE_DTLS \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
@@ -290,7 +318,8 @@
USAGE_PSK \
USAGE_ECJPAKE \
USAGE_ECRESTART \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -307,7 +336,8 @@
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -594,7 +624,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -995,7 +1028,7 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
}
else if( strcmp( p, "skip_close_notify" ) == 0 )
{
@@ -2168,7 +2201,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 80407e4..9713c34 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -1,8 +1,14 @@
/*
* SSL server demonstration program using fork() for handling multiple clients
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -54,14 +79,14 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#elif defined(_WIN32)
int main( void )
{
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -416,7 +441,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 3163e21..d0e65e1 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -1,8 +1,14 @@
/*
* SSL client for SMTP servers
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/* Enable definition of gethostname() even when compiling with -std=c99. Must
@@ -24,6 +49,10 @@
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
+#if defined(__NetBSD__)
+#define _XOPEN_SOURCE 600
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -56,7 +85,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -853,7 +882,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 0624d33..5e8737a 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -2,8 +2,14 @@
* SSL server demonstration program using pthread for handling multiple
* clients.
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -54,7 +79,7 @@
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -524,7 +549,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 3e1d9a4..242680e 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -1,8 +1,14 @@
/*
* SSL server demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -52,7 +77,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -397,7 +422,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b429b24..3115966 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1,8 +1,14 @@
/*
* SSL client with options
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -49,7 +74,7 @@
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -366,7 +391,9 @@
#define USAGE_CURVES ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \
@@ -387,7 +414,8 @@
USAGE_COOKIES \
USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \
@@ -398,7 +426,8 @@
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -411,7 +440,8 @@
USAGE_EMS \
USAGE_ETM \
USAGE_CURVES \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -1323,7 +1353,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -1773,7 +1806,7 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
}
else
goto usage;
@@ -3217,7 +3250,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 282ef58..a74db1e 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -27,8 +27,8 @@
add_executable(zeroize zeroize.c)
target_link_libraries(zeroize ${libs})
-add_executable(query_compile_time_config query_compile_time_config.c)
-target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
+add_executable(query_compile_time_config query_compile_time_config.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../ssl/query_config.c)
target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark udp_proxy query_compile_time_config
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 0835107..c24ace4 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -1,8 +1,14 @@
/*
* Benchmark demonstration program
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -43,7 +68,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -1011,7 +1036,7 @@
fflush( stdout ); getchar();
#endif
- return( 0 );
+ mbedtls_exit( 0 );
}
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index c652884..0bd1265 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -2,8 +2,14 @@
* This program is a dummy C++ program to ensure Mbed TLS library header files
* can be included and built with a C++ compiler.
*
- * Copyright (C) 2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index 17becf2..4cb23e3 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -1,8 +1,14 @@
/*
* Query the Mbed TLS compile time configuration
*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index bd28e9a..9bc9a9c 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -1,8 +1,14 @@
/*
* Self-test demonstration program
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -500,7 +525,5 @@
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- /* return() is here to prevent compiler warnings */
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
-
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 4be0865..66ead4a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -1,8 +1,14 @@
/*
* UDP proxy: emulate an unreliable UDP connexion for DTLS testing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
/*
@@ -42,6 +67,7 @@
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -50,7 +76,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -978,7 +1004,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh
index 29033d5..6f68daf 100755
--- a/programs/test/udp_proxy_wrapper.sh
+++ b/programs/test/udp_proxy_wrapper.sh
@@ -1,6 +1,48 @@
#!/bin/sh
# -*-sh-basic-offset: 4-*-
# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -u
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index 29cc0ac..dbc394e 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -4,15 +4,19 @@
* This is a simple test application used for debugger-driven testing to check
* whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
* optimizations. This application is used by the GDB script at
- * tests/scripts/test_zeroize.gdb under the assumption that the code does not
- * change often (as opposed to the library code) because the script sets a
- * breakpoint at the last return statement in the main() function of this
- * program. The debugger facilities are then used to manually inspect the
- * memory and verify that the call to mbedtls_platform_zeroize() was not
- * eliminated.
+ * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last
+ * return statement in the main() function of this program. The debugger
+ * facilities are then used to manually inspect the memory and verify that the
+ * call to mbedtls_platform_zeroize() was not eliminated.
*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -26,7 +30,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -42,6 +65,7 @@
#else
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@@ -72,14 +96,14 @@
{
mbedtls_printf( "This program takes exactly 1 agument\n" );
usage();
- return( exit_code );
+ mbedtls_exit( exit_code );
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
@@ -97,5 +121,5 @@
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
- return( exit_code );
+ mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment!
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index f184939..153b4fc 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -1,8 +1,14 @@
/*
* Convert PEM to DER
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -61,7 +86,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -290,6 +315,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 458280c..4ea9d32 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -1,8 +1,14 @@
/*
* Translate error code to error string
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -29,7 +54,9 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#endif
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
@@ -48,7 +75,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
@@ -59,7 +86,7 @@
if( argc != 2 )
{
mbedtls_printf( USAGE );
- return( 0 );
+ mbedtls_exit( 0 );
}
val = strtol( argv[1], &end, 10 );
@@ -87,6 +114,6 @@
fflush( stdout ); getchar();
#endif
- return( val );
+ mbedtls_exit( val );
}
#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/wince_main.c b/programs/wince_main.c
index 203a2ba..511542a 100644
--- a/programs/wince_main.c
+++ b/programs/wince_main.c
@@ -1,8 +1,14 @@
/*
* Windows CE console application entry point
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if defined(_WIN32_WCE)
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 84d62fe..022e2e3 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -1,8 +1,14 @@
/*
* Certificate reading application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -51,7 +76,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -493,7 +518,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index f3d9157..dc79603 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -1,8 +1,14 @@
/*
* Certificate request generation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -46,7 +71,7 @@
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -102,9 +127,8 @@
" Add NsCertType even if it is empty\n" \
" md=%%s default: SHA256\n" \
" possible values:\n" \
- " MD2, MD4, MD5, SHA1\n" \
- " SHA224, SHA256\n" \
- " SHA384, SHA512\n" \
+ " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
"\n"
@@ -219,58 +243,14 @@
}
else if( strcmp( p, "md" ) == 0 )
{
- if( strcmp( q, "SHA256" ) == 0 )
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string( q );
+ if( md_info == NULL )
{
- opt.md_alg = MBEDTLS_MD_SHA256;
- }
- else if( strcmp( q, "SHA224" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA224;
- }
- else
-#if defined(MBEDTLS_MD5_C)
- if( strcmp( q, "MD5" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD5;
- }
- else
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_MD4_C)
- if( strcmp( q, "MD4" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD4;
- }
- else
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_MD2_C)
- if( strcmp( q, "MD2" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD2;
- }
- else
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_SHA1_C)
- if( strcmp( q, "SHA1" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA1;
- }
- else
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA512_C)
- if( strcmp( q, "SHA384" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA384;
- }
- else
- if( strcmp( q, "SHA512" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA512;
- }
- else
-#endif /* MBEDTLS_SHA512_C */
- {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
}
+ opt.md_alg = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "key_usage" ) == 0 )
{
@@ -444,7 +424,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index c3e89be..f0f044d 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -1,8 +1,14 @@
/*
* Certificate generation and signing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -47,7 +72,7 @@
"MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_ERROR_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -120,8 +145,9 @@
" is_ca=%%d default: 0 (disabled)\n" \
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
- " Supported values:\n" \
- " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\
+ " Supported values (if enabled):\n" \
+ " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
" version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\
" subject_identifier=%%s default: 1\n" \
@@ -355,23 +381,14 @@
}
else if( strcmp( p, "md" ) == 0 )
{
- if( strcmp( q, "SHA1" ) == 0 )
- opt.md = MBEDTLS_MD_SHA1;
- else if( strcmp( q, "SHA256" ) == 0 )
- opt.md = MBEDTLS_MD_SHA256;
- else if( strcmp( q, "SHA512" ) == 0 )
- opt.md = MBEDTLS_MD_SHA512;
- else if( strcmp( q, "MD2" ) == 0 )
- opt.md = MBEDTLS_MD_MD2;
- else if( strcmp( q, "MD4" ) == 0 )
- opt.md = MBEDTLS_MD_MD4;
- else if( strcmp( q, "MD5" ) == 0 )
- opt.md = MBEDTLS_MD_MD5;
- else
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string( q );
+ if( md_info == NULL )
{
mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
}
+ opt.md = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "version" ) == 0 )
{
@@ -811,7 +828,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 127320a..aa6f285 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -1,8 +1,14 @@
/*
* CRL reading application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -42,7 +67,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 3bb4277..03ec943 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -1,8 +1,14 @@
/*
* Certificate request reading application
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -42,7 +67,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index c2aca50..07c726a 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -1,9 +1,5 @@
#!/usr/bin/env python3
"""
-This file is part of Mbed TLS (https://tls.mbed.org)
-
-Copyright (c) 2018, Arm Limited, All Rights Reserved
-
Purpose
This script is a small wrapper around the abi-compliance-checker and
@@ -15,6 +11,48 @@
while running the script. Note: must be run from Mbed TLS root.
"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
+
import os
import sys
import traceback
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
index bebab10..f2f511a 100755
--- a/scripts/apidoc_full.sh
+++ b/scripts/apidoc_full.sh
@@ -6,6 +6,48 @@
#
# /!\ This must not be a Makefile target, as it would create a race condition
# when multiple targets are invoked in the same parallel build.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
new file mode 100755
index 0000000..02bae25
--- /dev/null
+++ b/scripts/assemble_changelog.py
@@ -0,0 +1,530 @@
+#!/usr/bin/env python3
+
+"""Assemble Mbed TLS change log entries into the change log file.
+
+Add changelog entries to the first level-2 section.
+Create a new level-2 section for unreleased changes if needed.
+Remove the input files unless --keep-entries is specified.
+
+In each level-3 section, entries are sorted in chronological order
+(oldest first). From oldest to newest:
+* Merged entry files are sorted according to their merge date (date of
+ the merge commit that brought the commit that created the file into
+ the target branch).
+* Committed but unmerged entry files are sorted according to the date
+ of the commit that adds them.
+* Uncommitted entry files are sorted according to their modification time.
+
+You must run this program from within a git working directory.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
+
+import argparse
+from collections import OrderedDict, namedtuple
+import datetime
+import functools
+import glob
+import os
+import re
+import subprocess
+import sys
+
+class InputFormatError(Exception):
+ def __init__(self, filename, line_number, message, *args, **kwargs):
+ message = '{}:{}: {}'.format(filename, line_number,
+ message.format(*args, **kwargs))
+ super().__init__(message)
+
+class CategoryParseError(Exception):
+ def __init__(self, line_offset, error_message):
+ self.line_offset = line_offset
+ self.error_message = error_message
+ super().__init__('{}: {}'.format(line_offset, error_message))
+
+class LostContent(Exception):
+ def __init__(self, filename, line):
+ message = ('Lost content from {}: "{}"'.format(filename, line))
+ super().__init__(message)
+
+# The category names we use in the changelog.
+# If you edit this, update ChangeLog.d/README.md.
+STANDARD_CATEGORIES = (
+ b'API changes',
+ b'Default behavior changes',
+ b'Requirement changes',
+ b'New deprecations',
+ b'Removals',
+ b'Features',
+ b'Security',
+ b'Bugfix',
+ b'Changes',
+)
+
+CategoryContent = namedtuple('CategoryContent', [
+ 'name', 'title_line', # Title text and line number of the title
+ 'body', 'body_line', # Body text and starting line number of the body
+])
+
+class ChangelogFormat:
+ """Virtual class documenting how to write a changelog format class."""
+
+ @classmethod
+ def extract_top_version(cls, changelog_file_content):
+ """Split out the top version section.
+
+ If the top version is already released, create a new top
+ version section for an unreleased version.
+
+ Return ``(header, top_version_title, top_version_body, trailer)``
+ where the "top version" is the existing top version section if it's
+ for unreleased changes, and a newly created section otherwise.
+ To assemble the changelog after modifying top_version_body,
+ concatenate the four pieces.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def version_title_text(cls, version_title):
+ """Return the text of a formatted version section title."""
+ raise NotImplementedError
+
+ @classmethod
+ def split_categories(cls, version_body):
+ """Split a changelog version section body into categories.
+
+ Return a list of `CategoryContent` the name is category title
+ without any formatting.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def format_category(cls, title, body):
+ """Construct the text of a category section from its title and body."""
+ raise NotImplementedError
+
+class TextChangelogFormat(ChangelogFormat):
+ """The traditional Mbed TLS changelog format."""
+
+ _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
+ @classmethod
+ def is_released_version(cls, title):
+ # Look for an incomplete release date
+ return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
+
+ _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
+ re.DOTALL)
+ @classmethod
+ def extract_top_version(cls, changelog_file_content):
+ """A version section starts with a line starting with '='."""
+ m = re.search(cls._top_version_re, changelog_file_content)
+ top_version_start = m.start(1)
+ top_version_end = m.end(2)
+ top_version_title = m.group(1)
+ top_version_body = m.group(2)
+ if cls.is_released_version(top_version_title):
+ top_version_end = top_version_start
+ top_version_title = cls._unreleased_version_text + b'\n\n'
+ top_version_body = b''
+ return (changelog_file_content[:top_version_start],
+ top_version_title, top_version_body,
+ changelog_file_content[top_version_end:])
+
+ @classmethod
+ def version_title_text(cls, version_title):
+ return re.sub(br'\n.*', version_title, re.DOTALL)
+
+ _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
+ @classmethod
+ def split_categories(cls, version_body):
+ """A category title is a line with the title in column 0."""
+ if not version_body:
+ return []
+ title_matches = list(re.finditer(cls._category_title_re, version_body))
+ if not title_matches or title_matches[0].start() != 0:
+ # There is junk before the first category.
+ raise CategoryParseError(0, 'Junk found where category expected')
+ title_starts = [m.start(1) for m in title_matches]
+ body_starts = [m.end(0) for m in title_matches]
+ body_ends = title_starts[1:] + [len(version_body)]
+ bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
+ for (body_start, body_end) in zip(body_starts, body_ends)]
+ title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
+ body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
+ return [CategoryContent(title_match.group(1), title_line,
+ body, body_line)
+ for title_match, title_line, body, body_line
+ in zip(title_matches, title_lines, bodies, body_lines)]
+
+ @classmethod
+ def format_category(cls, title, body):
+ # `split_categories` ensures that each body ends with a newline.
+ # Make sure that there is additionally a blank line between categories.
+ if not body.endswith(b'\n\n'):
+ body += b'\n'
+ return title + b'\n' + body
+
+class ChangeLog:
+ """An Mbed TLS changelog.
+
+ A changelog file consists of some header text followed by one or
+ more version sections. The version sections are in reverse
+ chronological order. Each version section consists of a title and a body.
+
+ The body of a version section consists of zero or more category
+ subsections. Each category subsection consists of a title and a body.
+
+ A changelog entry file has the same format as the body of a version section.
+
+ A `ChangelogFormat` object defines the concrete syntax of the changelog.
+ Entry files must have the same format as the changelog file.
+ """
+
+ # Only accept dotted version numbers (e.g. "3.1", not "3").
+ # Refuse ".x" in a version number where x is a letter: this indicates
+ # a version that is not yet released. Something like "3.1a" is accepted.
+ _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
+ _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
+
+ def add_categories_from_text(self, filename, line_offset,
+ text, allow_unknown_category):
+ """Parse a version section or entry file."""
+ try:
+ categories = self.format.split_categories(text)
+ except CategoryParseError as e:
+ raise InputFormatError(filename, line_offset + e.line_offset,
+ e.error_message)
+ for category in categories:
+ if not allow_unknown_category and \
+ category.name not in self.categories:
+ raise InputFormatError(filename,
+ line_offset + category.title_line,
+ 'Unknown category: "{}"',
+ category.name.decode('utf8'))
+ self.categories[category.name] += category.body
+
+ def __init__(self, input_stream, changelog_format):
+ """Create a changelog object.
+
+ Populate the changelog object from the content of the file
+ input_stream.
+ """
+ self.format = changelog_format
+ whole_file = input_stream.read()
+ (self.header,
+ self.top_version_title, top_version_body,
+ self.trailer) = self.format.extract_top_version(whole_file)
+ # Split the top version section into categories.
+ self.categories = OrderedDict()
+ for category in STANDARD_CATEGORIES:
+ self.categories[category] = b''
+ offset = (self.header + self.top_version_title).count(b'\n') + 1
+ self.add_categories_from_text(input_stream.name, offset,
+ top_version_body, True)
+
+ def add_file(self, input_stream):
+ """Add changelog entries from a file.
+ """
+ self.add_categories_from_text(input_stream.name, 1,
+ input_stream.read(), False)
+
+ def write(self, filename):
+ """Write the changelog to the specified file.
+ """
+ with open(filename, 'wb') as out:
+ out.write(self.header)
+ out.write(self.top_version_title)
+ for title, body in self.categories.items():
+ if not body:
+ continue
+ out.write(self.format.format_category(title, body))
+ out.write(self.trailer)
+
+
+@functools.total_ordering
+class EntryFileSortKey:
+ """This classes defines an ordering on changelog entry files: older < newer.
+
+ * Merged entry files are sorted according to their merge date (date of
+ the merge commit that brought the commit that created the file into
+ the target branch).
+ * Committed but unmerged entry files are sorted according to the date
+ of the commit that adds them.
+ * Uncommitted entry files are sorted according to their modification time.
+
+ This class assumes that the file is in a git working directory with
+ the target branch checked out.
+ """
+
+ # Categories of files. A lower number is considered older.
+ MERGED = 0
+ COMMITTED = 1
+ LOCAL = 2
+
+ @staticmethod
+ def creation_hash(filename):
+ """Return the git commit id at which the given file was created.
+
+ Return None if the file was never checked into git.
+ """
+ hashes = subprocess.check_output(['git', 'log', '--format=%H',
+ '--follow',
+ '--', filename])
+ m = re.search(b'(.+)$', hashes)
+ if not m:
+ # The git output is empty. This means that the file was
+ # never checked in.
+ return None
+ # The last commit in the log is the oldest one, which is when the
+ # file was created.
+ return m.group(0)
+
+ @staticmethod
+ def list_merges(some_hash, target, *options):
+ """List merge commits from some_hash to target.
+
+ Pass options to git to select which commits are included.
+ """
+ text = subprocess.check_output(['git', 'rev-list',
+ '--merges', *options,
+ b'..'.join([some_hash, target])])
+ return text.rstrip(b'\n').split(b'\n')
+
+ @classmethod
+ def merge_hash(cls, some_hash):
+ """Return the git commit id at which the given commit was merged.
+
+ Return None if the given commit was never merged.
+ """
+ target = b'HEAD'
+ # List the merges from some_hash to the target in two ways.
+ # The ancestry list is the ones that are both descendants of
+ # some_hash and ancestors of the target.
+ ancestry = frozenset(cls.list_merges(some_hash, target,
+ '--ancestry-path'))
+ # The first_parents list only contains merges that are directly
+ # on the target branch. We want it in reverse order (oldest first).
+ first_parents = cls.list_merges(some_hash, target,
+ '--first-parent', '--reverse')
+ # Look for the oldest merge commit that's both on the direct path
+ # and directly on the target branch. That's the place where some_hash
+ # was merged on the target branch. See
+ # https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
+ for commit in first_parents:
+ if commit in ancestry:
+ return commit
+ return None
+
+ @staticmethod
+ def commit_timestamp(commit_id):
+ """Return the timestamp of the given commit."""
+ text = subprocess.check_output(['git', 'show', '-s',
+ '--format=%ct',
+ commit_id])
+ return datetime.datetime.utcfromtimestamp(int(text))
+
+ @staticmethod
+ def file_timestamp(filename):
+ """Return the modification timestamp of the given file."""
+ mtime = os.stat(filename).st_mtime
+ return datetime.datetime.fromtimestamp(mtime)
+
+ def __init__(self, filename):
+ """Determine position of the file in the changelog entry order.
+
+ This constructor returns an object that can be used with comparison
+ operators, with `sort` and `sorted`, etc. Older entries are sorted
+ before newer entries.
+ """
+ self.filename = filename
+ creation_hash = self.creation_hash(filename)
+ if not creation_hash:
+ self.category = self.LOCAL
+ self.datetime = self.file_timestamp(filename)
+ return
+ merge_hash = self.merge_hash(creation_hash)
+ if not merge_hash:
+ self.category = self.COMMITTED
+ self.datetime = self.commit_timestamp(creation_hash)
+ return
+ self.category = self.MERGED
+ self.datetime = self.commit_timestamp(merge_hash)
+
+ def sort_key(self):
+ """"Return a concrete sort key for this entry file sort key object.
+
+ ``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
+ """
+ return (self.category, self.datetime, self.filename)
+
+ def __eq__(self, other):
+ return self.sort_key() == other.sort_key()
+
+ def __lt__(self, other):
+ return self.sort_key() < other.sort_key()
+
+
+def check_output(generated_output_file, main_input_file, merged_files):
+ """Make sanity checks on the generated output.
+
+ The intent of these sanity checks is to have reasonable confidence
+ that no content has been lost.
+
+ The sanity check is that every line that is present in an input file
+ is also present in an output file. This is not perfect but good enough
+ for now.
+ """
+ generated_output = set(open(generated_output_file, 'rb'))
+ for line in open(main_input_file, 'rb'):
+ if line not in generated_output:
+ raise LostContent('original file', line)
+ for merged_file in merged_files:
+ for line in open(merged_file, 'rb'):
+ if line not in generated_output:
+ raise LostContent(merged_file, line)
+
+def finish_output(changelog, output_file, input_file, merged_files):
+ """Write the changelog to the output file.
+
+ The input file and the list of merged files are used only for sanity
+ checks on the output.
+ """
+ if os.path.exists(output_file) and not os.path.isfile(output_file):
+ # The output is a non-regular file (e.g. pipe). Write to it directly.
+ output_temp = output_file
+ else:
+ # The output is a regular file. Write to a temporary file,
+ # then move it into place atomically.
+ output_temp = output_file + '.tmp'
+ changelog.write(output_temp)
+ check_output(output_temp, input_file, merged_files)
+ if output_temp != output_file:
+ os.rename(output_temp, output_file)
+
+def remove_merged_entries(files_to_remove):
+ for filename in files_to_remove:
+ os.remove(filename)
+
+def list_files_to_merge(options):
+ """List the entry files to merge, oldest first.
+
+ "Oldest" is defined by `EntryFileSortKey`.
+ """
+ files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
+ files_to_merge.sort(key=EntryFileSortKey)
+ return files_to_merge
+
+def merge_entries(options):
+ """Merge changelog entries into the changelog file.
+
+ Read the changelog file from options.input.
+ Read entries to merge from the directory options.dir.
+ Write the new changelog to options.output.
+ Remove the merged entries if options.keep_entries is false.
+ """
+ with open(options.input, 'rb') as input_file:
+ changelog = ChangeLog(input_file, TextChangelogFormat)
+ files_to_merge = list_files_to_merge(options)
+ if not files_to_merge:
+ sys.stderr.write('There are no pending changelog entries.\n')
+ return
+ for filename in files_to_merge:
+ with open(filename, 'rb') as input_file:
+ changelog.add_file(input_file)
+ finish_output(changelog, options.output, options.input, files_to_merge)
+ if not options.keep_entries:
+ remove_merged_entries(files_to_merge)
+
+def show_file_timestamps(options):
+ """List the files to merge and their timestamp.
+
+ This is only intended for debugging purposes.
+ """
+ files = list_files_to_merge(options)
+ for filename in files:
+ ts = EntryFileSortKey(filename)
+ print(ts.category, ts.datetime, filename)
+
+def set_defaults(options):
+ """Add default values for missing options."""
+ output_file = getattr(options, 'output', None)
+ if output_file is None:
+ options.output = options.input
+ if getattr(options, 'keep_entries', None) is None:
+ options.keep_entries = (output_file is not None)
+
+def main():
+ """Command line entry point."""
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('--dir', '-d', metavar='DIR',
+ default='ChangeLog.d',
+ help='Directory to read entries from'
+ ' (default: ChangeLog.d)')
+ parser.add_argument('--input', '-i', metavar='FILE',
+ default='ChangeLog',
+ help='Existing changelog file to read from and augment'
+ ' (default: ChangeLog)')
+ parser.add_argument('--keep-entries',
+ action='store_true', dest='keep_entries', default=None,
+ help='Keep the files containing entries'
+ ' (default: remove them if --output/-o is not specified)')
+ parser.add_argument('--no-keep-entries',
+ action='store_false', dest='keep_entries',
+ help='Remove the files containing entries after they are merged'
+ ' (default: remove them if --output/-o is not specified)')
+ parser.add_argument('--output', '-o', metavar='FILE',
+ help='Output changelog file'
+ ' (default: overwrite the input)')
+ parser.add_argument('--list-files-only',
+ action='store_true',
+ help=('Only list the files that would be processed '
+ '(with some debugging information)'))
+ options = parser.parse_args()
+ set_defaults(options)
+ if options.list_files_only:
+ show_file_timestamps(options)
+ return
+ merge_entries(options)
+
+if __name__ == '__main__':
+ main()
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index c39a86a..5ac117f 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -1,8 +1,46 @@
#!/bin/bash
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/scripts/config.pl b/scripts/config.pl
index c2be0ba..e5cc697 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -1,8 +1,46 @@
#!/usr/bin/env perl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -19,30 +57,17 @@
#
# The following options are disabled instead of enabled with "full".
#
-# MBEDTLS_TEST_NULL_ENTROPY
-# MBEDTLS_DEPRECATED_REMOVED
-# MBEDTLS_HAVE_SSE2
-# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-# MBEDTLS_ECP_DP_M221_ENABLED
-# MBEDTLS_ECP_DP_M383_ENABLED
-# MBEDTLS_ECP_DP_M511_ENABLED
-# MBEDTLS_MEMORY_BACKTRACE
-# MBEDTLS_MEMORY_BUFFER_ALLOC_C
-# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-# MBEDTLS_NO_PLATFORM_ENTROPY
-# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-# MBEDTLS_REMOVE_3DES_CIPHERSUITES
-# MBEDTLS_SSL_HW_RECORD_ACCEL
-# MBEDTLS_RSA_NO_CRT
-# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-# - this could be enabled if the respective tests were adapted
-# MBEDTLS_ZLIB_SUPPORT
-# MBEDTLS_PKCS11_C
-# MBEDTLS_NO_UDBL_DIVISION
-# MBEDTLS_NO_64BIT_MULTIPLICATION
-# and any symbol beginning _ALT
+# * Options that require additional build dependencies or unusual hardware.
+# * Options that make testing less effective.
+# * Options that are incompatible with other options, or more generally that
+# interact with other parts of the code in such a way that a bulk enabling
+# is not a good way to test them.
+# * Options that remove features.
#
+# The baremetal configuration excludes options that require a library or
+# operating system feature that is typically not present on bare metal
+# systems. Features that are excluded from "full" won't be in "baremetal"
+# either.
use warnings;
use strict;
@@ -83,53 +108,57 @@
EOU
my @excluded = qw(
-MBEDTLS_TEST_NULL_ENTROPY
-MBEDTLS_DEPRECATED_REMOVED
-MBEDTLS_HAVE_SSE2
-MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-MBEDTLS_ECP_DP_M221_ENABLED
-MBEDTLS_ECP_DP_M383_ENABLED
-MBEDTLS_ECP_DP_M511_ENABLED
-MBEDTLS_MEMORY_DEBUG
+MBEDTLS_DEPRECATED_REMOVED
+MBEDTLS_DEPRECATED_WARNING
+MBEDTLS_ECP_NO_INTERNAL_RNG
+MBEDTLS_HAVE_SSE2
MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C
+MBEDTLS_MEMORY_DEBUG
+MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_RSA_NO_CRT
-MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_NO_UDBL_DIVISION
+MBEDTLS_PKCS11_C
+MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_REMOVE_3DES_CIPHERSUITES
+MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_RSA_NO_CRT
MBEDTLS_SSL_HW_RECORD_ACCEL
-MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_ZLIB_SUPPORT
-MBEDTLS_PKCS11_C
-MBEDTLS_NO_UDBL_DIVISION
-MBEDTLS_NO_64BIT_MULTIPLICATION
_ALT\s*$
);
# Things that should be disabled in "baremetal"
my @excluded_baremetal = qw(
-MBEDTLS_NET_C
-MBEDTLS_TIMING_C
-MBEDTLS_FS_IO
MBEDTLS_ENTROPY_NV_SEED
+MBEDTLS_FS_IO
+MBEDTLS_HAVEGE_C
MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_DATE
-MBEDTLS_DEPRECATED_WARNING
-MBEDTLS_HAVEGE_C
-MBEDTLS_THREADING_C
-MBEDTLS_THREADING_PTHREAD
MBEDTLS_MEMORY_BACKTRACE
MBEDTLS_MEMORY_BUFFER_ALLOC_C
-MBEDTLS_PLATFORM_TIME_ALT
+MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT
+MBEDTLS_PLATFORM_NV_SEED_ALT
+MBEDTLS_PLATFORM_TIME_ALT
+MBEDTLS_THREADING_C
+MBEDTLS_THREADING_PTHREAD
+MBEDTLS_TIMING_C
);
-# Things that should be enabled in "full" even if they match @excluded
+# Things that should be enabled in "full" even if they match @excluded.
+# Platform ALTs enable global variables that allow configuring the behavior
+# but default to the default behavior, except for PLATFORM_SETUP_TEARDOWN_ALT
+# which requires the application to provide relevant functions like
+# non-platform ALTs.
my @non_excluded = qw(
-PLATFORM_[A-Z0-9]+_ALT
+PLATFORM_(?!SETUP_TEARDOWN_)[A-Z_0-9]+_ALT
);
# Things that should be enabled in "baremetal"
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index a08742c..162d93b 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -1,8 +1,14 @@
/*
* Error message information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 064da4c..dc91d83 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -1,8 +1,14 @@
/*
* Query Mbed TLS compile time configurations from config.h
*
- * Copyright (C) 2018, Arm Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index 767eda1..68868b7 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -1,8 +1,14 @@
/*
* Version feature information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj
index d93ace7..b0105bd 100644
--- a/scripts/data_files/vs2010-main-template.vcxproj
+++ b/scripts/data_files/vs2010-main-template.vcxproj
@@ -45,7 +45,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 94a04cf..097f36b 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -6,6 +6,48 @@
# Usage (preferably on a 32-bit platform):
# cmake -D CMAKE_BUILD_TYPE=Release .
# scripts/ecc-heap.sh | tee ecc-heap.log
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index c08ef1c..461d6e4 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -1,8 +1,46 @@
#!/bin/sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 0c1f7e1..a2ff4f6 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -4,6 +4,48 @@
#
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
# or generate_errors.pl include_dir data_dir error_file
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
@@ -48,12 +90,16 @@
$/ = $line_separator;
my @files = <$include_dir/*.h>;
+my @necessary_include_files;
my @matches;
foreach my $file (@files) {
open(FILE, "$file");
my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, <FILE>);
push(@matches, @grep_res);
close FILE;
+ my $include_name = $file;
+ $include_name =~ s!.*/!!;
+ push @necessary_include_files, $include_name if @grep_res;
}
my $ll_old_define = "";
@@ -63,10 +109,10 @@
my $hl_code_check = "";
my $headers = "";
+my %included_headers;
my %error_codes_seen;
-
foreach my $line (@matches)
{
next if ($line =~ /compat-1.2.h/);
@@ -97,11 +143,12 @@
my $include_name = $module_name;
$include_name =~ tr/A-Z/a-z/;
- $include_name = "" if ($include_name eq "asn1");
# Fix faulty ones
$include_name = "net_sockets" if ($module_name eq "NET");
+ $included_headers{"${include_name}.h"} = $module_name;
+
my $found_ll = grep $_ eq $module_name, @low_level_modules;
my $found_hl = grep $_ eq $module_name, @high_level_modules;
if (!$found_ll && !$found_hl)
@@ -205,3 +252,15 @@
open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!";
print ERROR_FILE $error_format;
close(ERROR_FILE);
+
+my $errors = 0;
+for my $include_name (@necessary_include_files)
+{
+ if (not $included_headers{$include_name})
+ {
+ print STDERR "The header file \"$include_name\" defines error codes but has not been included!\n";
+ ++$errors;
+ }
+}
+
+exit !!$errors;
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 1bd82ca..3a83620 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -1,5 +1,46 @@
#!/usr/bin/env perl
#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index f15e03a..8d7b316 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -15,6 +15,48 @@
# function by using the template in scripts/data_files/query_config.fmt.
#
# Usage: ./scripts/generate_query_config.pl without arguments
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 20f653b..6979f94 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -5,6 +5,48 @@
#
# Must be run from mbedTLS root or scripts directory.
# Takes no argument.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
index 4e3342a..2dc4222 100755
--- a/scripts/massif_max.pl
+++ b/scripts/massif_max.pl
@@ -1,6 +1,48 @@
#!/usr/bin/env perl
# Parse a massif.out.xxx file and output peak total memory usage
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/scripts/memory.sh b/scripts/memory.sh
index 3dad289..8f8dcd7 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -5,6 +5,48 @@
#
# Use different build options for measuring executable size and memory usage,
# since for memory we want debug information.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 04edc38..a39a3d9 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -2,9 +2,47 @@
# output_env.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -13,6 +51,7 @@
# This includes:
# - architecture of the system
# - type and version of the operating system
+# - version of make and cmake
# - version of armcc, clang, gcc-arm and gcc compilers
# - version of libc, clang, asan and valgrind if installed
# - version of gnuTLS and OpenSSL
@@ -71,6 +110,12 @@
echo "** Tool Versions:"
echo
+print_version "make" "--version" "" "head -n 1"
+echo
+
+print_version "cmake" "--version" "" "head -n 1"
+echo
+
if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
: "${ARMC5_CC:=armcc}"
print_version "$ARMC5_CC" "--vsn" "" "head -n 2"
@@ -105,6 +150,9 @@
print_version "python" "--version" "" "head -n 1"
echo
+print_version "python3" "--version" "" "head -n 1"
+echo
+
# Find the installed version of Pylint. Installed as a distro package this can
# be pylint3 and as a PEP egg, pylint. In test scripts We prefer pylint over
# pylint3
diff --git a/scripts/rename.pl b/scripts/rename.pl
index fb42809..3f47bf2 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,8 +1,46 @@
#!/usr/bin/env perl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh
index df9450e..427e33b 100755
--- a/scripts/tmp_ignore_makefiles.sh
+++ b/scripts/tmp_ignore_makefiles.sh
@@ -2,6 +2,48 @@
# Temporarily (de)ignore Makefiles generated by CMake to allow easier
# git development
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
IGNORE=""
diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat
new file mode 100644
index 0000000..e419931
--- /dev/null
+++ b/scripts/windows_msbuild.bat
@@ -0,0 +1,20 @@
+@rem Build and test Mbed TLS with Visual Studio using msbuild.
+@rem Usage: windows_msbuild [RETARGET]
+@rem RETARGET: version of Visual Studio to emulate
+@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset
+
+@rem These parameters are hard-coded for now.
+set "arch=x64" & @rem "x86" or "x64"
+set "cfg=Release" & @rem "Debug" or "Release"
+set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat"
+
+if not "%~1"=="" set "retarget=,PlatformToolset=%1"
+
+@rem If the %USERPROFILE%\Source directory exists, then running
+@rem vcvarsall.bat will silently change the directory to that directory.
+@rem Setting the VSCMD_START_DIR environment variable causes it to change
+@rem to that directory instead.
+set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010"
+
+"%vcvarsall%" x64 && ^
+msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln
diff --git a/tests/compat.sh b/tests/compat.sh
index 54bc0b7..8905430 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -2,9 +2,47 @@
# compat.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -79,12 +117,12 @@
print_usage() {
echo "Usage: $0"
printf " -h|--help\tPrint this help.\n"
- printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n"
- printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n"
- printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n"
- printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n"
- printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n"
- printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n"
+ printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER"
+ printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE"
+ printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES"
+ printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES"
+ printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES"
+ printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS"
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
@@ -896,7 +934,7 @@
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
- G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+ G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then
@@ -945,39 +983,29 @@
;;
"RSA")
- M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
- O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
+ M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
+ O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key"
+ G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key"
if [ "X$VERIFY" = "XYES" ]; then
- M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
- O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
- G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
+ M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key"
+ O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key"
+ G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key"
else
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
fi
-
- # Allow SHA-1. It's disabled by default for security reasons but
- # our tests still use certificates signed with it.
- M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
- M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
;;
"PSK")
# give RSA-PSK-capable server a RSA cert
# (should be a separate type, but harder to close with openssl)
- M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
+ M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
- G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
+ G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
-
- # Allow SHA-1. It's disabled by default for security reasons but
- # our tests still use certificates signed with it.
- M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
- M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
;;
esac
}
@@ -1106,7 +1134,7 @@
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
TITLE="$TITLE $MODE,$VERIF $2"
- printf "$TITLE "
+ printf "%s " "$TITLE"
LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
@@ -1219,7 +1247,7 @@
cp $CLI_OUT c-cli-${TESTS}.log
echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
+ if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
echo " ! server output:"
cat c-srv-${TESTS}.log
echo " ! ==================================================="
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h
index ed74eda..988e122 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/config-wrapper-malloc-0-null.h
@@ -2,8 +2,14 @@
* Used for testing.
*/
/*
- * Copyright (C) 2019, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
*/
#ifndef MBEDTLS_CONFIG_H
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 669b406..f5a2715 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -13,8 +13,10 @@
## Tools
OPENSSL ?= openssl
FAKETIME ?= faketime
-MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
-MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
+
+TOP_DIR = ../..
+MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
+MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
@@ -202,6 +204,10 @@
$(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
+server5-tricky-ip-san.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
+all_final += server5-tricky-ip-san.crt
+
server10-badsign.crt: server10.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server10-badsign.crt
@@ -999,7 +1005,10 @@
crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
-server1_all: crl.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
+crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
+ $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
+
+server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
# server2*
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 6f54ed0..d07241a 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -111,7 +111,7 @@
- crl-ec-sha*.pem: (2) server6.crt
- crl-future.pem: (2) server6.crt + unknown
- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
-- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
+- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
- crt_cat_*.pem: (1+2) concatenations in various orders:
ec = crl-ec-sha256.pem, ecfut = crl-future.pem
diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/bitstring-in-dn.pem
index 1a98aa3..c50bd66 100644
--- a/tests/data_files/bitstring-in-dn.pem
+++ b/tests/data_files/bitstring-in-dn.pem
@@ -1,51 +1,51 @@
------BEGIN CERTIFICATE-----
-MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0
-IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG
-9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp
-dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC
-WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD
-QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs
-ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk
-V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT
-SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb
-EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe
-J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt
-tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd
-iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j
-cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
-AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA
-A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/
-A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G
-tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML
-pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE
-ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR
-5RbzoLMOxq7hoOCyIaQeM/wgxeGE
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri
-gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2
-XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P
-NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA
-u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j
-Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v
-OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8
-2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I
-DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE
-FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq
-+Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz
-19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR
-iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL
-SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO
-/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp
-HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr
-QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr
-JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP
-GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e
-+KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU
-DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe
-FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx
-FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/
-70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an
-N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg==
------END RSA PRIVATE KEY-----
\ No newline at end of file
+-----BEGIN CERTIFICATE-----
+MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0
+IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG
+9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp
+dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC
+WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD
+QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs
+ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk
+V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT
+SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb
+EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe
+J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt
+tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd
+iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j
+cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA
+A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/
+A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G
+tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML
+pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE
+ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR
+5RbzoLMOxq7hoOCyIaQeM/wgxeGE
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri
+gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2
+XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P
+NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA
+u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j
+Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v
+OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8
+2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I
+DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE
+FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq
++Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz
+19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR
+iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL
+SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO
+/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp
+HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr
+QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr
+JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP
+GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e
++KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU
+DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe
+FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx
+FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/
+70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an
+N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr
new file mode 100644
index 0000000..a8c39bd
--- /dev/null
+++ b/tests/data_files/cert_md2.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA
+A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9
+1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb
+q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn
+mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x
+sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV
+oHOmuGG901WMMemzZXjoLi+8ZpVL
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr
new file mode 100644
index 0000000..d8a3dbf
--- /dev/null
+++ b/tests/data_files/cert_md4.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA
+A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh
+oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L
+mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X
+HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9
+dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6
+MkGpWB68T8FRBoVrWLOh+a9yNwyp
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/cert_md5.crt b/tests/data_files/cert_md5.crt
index 8b4d089..d69b0b7 100644
--- a/tests/data_files/cert_md5.crt
+++ b/tests/data_files/cert_md5.crt
@@ -3,18 +3,18 @@
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
-uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
-d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
-CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
-lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
-bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
-AQEAPO/yXYVCQfm1gRzYoPP4T8Dd7jfpS0Yz5hAWMDi73aXufk9ltGdXauQxA4Pu
-NQLWBMFMtJyO2OUb0p+oPGCxQayLx1sIjS9Gfy70xHlL3jnZy4kLXtkiARz8ZptW
-krxzQh017mXIn8W2VGYWA1gCNrg/Xb3VtlxVCzPa2zGCkIJHKe/dqNtKY3xx/SEQ
-gsVvdT8lpI8HfeElBfWvFxGps77pvE2HDcAdrIkjrsBWoSIq6CqIQjyW7WSN7UgI
-bTczqejHkrggI8yWIIoDAiUX9OGT76Mv4wpmOPww8hqoVfpvvPQ2l6byVNJYPj/L
-oiUV6sDYenOgMJ3Tf7UzTR91MA==
+AQEANsxVCbbev5mngG0+PvQ4y/s0jNjz6i+tn4fTOtMNBOC77clNju65vlHWqD9Y
+rZP6wqGSzdYbOoojCq0l65T6os1CFcaygIpUSFF57MbfTiiwZaLF93qf9Jf+VHln
+CQA/tQolZJDjef8LXAYK68GVVxenZI9ITnMIg6Qd9vpHqK44a6xWU226pG7g+6ae
+97dhpLsYMxggv6t/ATFt7KiIXC4cOQBzQobRfsRcxWlaOxlFEXeCFoonQaHHaU9c
+KqLO1sqygLIhP7ZA2qmfodVLc5B3WxrogaupPCbpKNdieR43HvGZ+3ig/gLjyLg1
+L8qiSesxaHvjtkW9N7sjPxRS8Q==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_md5.csr b/tests/data_files/cert_md5.csr
new file mode 100644
index 0000000..dc6792d
--- /dev/null
+++ b/tests/data_files/cert_md5.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBBAUA
+A4IBAQBNEvxgn3Pc62hsMgMz33IdeNpazeK3ae2gwQQFgL7qMp/kskfpIKF4m8eB
+YrmjKn9cqszRD606/ZtWYDwINUUc6O7bQGmpGIFd7bSPm/pbsajc6R7kzA/tD/bk
+G5zqu9Bj0x92hEwdku0zY+Hx9PgT2dK8M72iFylHBwT3X1tNyXhh7xWJ9RlAfSvN
+KdS6s3kRjK4qcir0MnflV5f2HD6r1v9cSVyme6eVLvOmup89z0cihH7NDwDJaYbi
+oqcKXFbro8/2ruEzPUS6U8NA9cjlX9DW8buIu4cQACVx5YevlwKoayYfXcRRvIFo
+OLiPq14TuZj3c0+HFOxWj4UBAjvI
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/crl-futureRevocationDate.pem b/tests/data_files/crl-futureRevocationDate.pem
new file mode 100644
index 0000000..f147a8f
--- /dev/null
+++ b/tests/data_files/crl-futureRevocationDate.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTI4MTIzMDIzMDAw
+MFoXDTI5MTIzMDIzMDAwMFowKDASAgEBFw0yOTAxMDExMjQ0MDdaMBICAQMXDTI5
+MDEwMTEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKbL1mDpzCbLJmRZKM2KHPvK
+ijS4UMnanzzYpLAwom1NI69v2fE1/EfiXv0empE6mFqnLwOG4ZP8fECfxjMXO2Ee
+VhxYiRjly6q9hfIUk1e+N9ct8unNnLEBvf6Syfy9+FSO3Q/ahljpYlXsXxg62WXl
+9xp5b5Ok+/0sCv0eL5uFQKXQa8hS9dZo6py7jvFDQC+wVau1mXjQW85iXMLm7vik
+4lR+kfZloeq1jIbsx8cdMi32YVt7uccaqoFcjtrdrWfGmi0wvlDc8K5J0l4tIxZY
+9P+T4fzSgQLdqGZ3xADheEaGTRVL/5oe5L4zRH32BZONMFCijv+j1SpWLxHE8cM=
+-----END X509 CRL-----
diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh
index 22f3bf5..49ec1f8 100755
--- a/tests/data_files/dir-maxpath/long.sh
+++ b/tests/data_files/dir-maxpath/long.sh
@@ -1,4 +1,46 @@
#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl
index d0ec137..4d0d003 100755
--- a/tests/data_files/print_c.pl
+++ b/tests/data_files/print_c.pl
@@ -1,4 +1,47 @@
#!/usr/bin/env perl
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
+
use strict;
use warnings;
diff --git a/tests/data_files/server5-tricky-ip-san.crt b/tests/data_files/server5-tricky-ip-san.crt
new file mode 100644
index 0000000..135830f
--- /dev/null
+++ b/tests/data_files/server5-tricky-ip-san.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBljCCATygAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBTQU4w
+HhcNMjAwNzIzMTAyNzQ2WhcNMzAwNzIxMTAyNzQ2WjBBMQswCQYDVQQGEwJVSzER
+MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBT
+QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5
+BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oyUw
+IzAhBgNVHREEGjAYhwRhYmNkhxBhYmNkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC
+A0gAMEUCIFDc8ZALA/9Zv7dZTWrZOOp/dgPAEJRT+h68nD6KF+XyAiEAs1QqugOo
+Dwru0DSEmpYkmj1Keunpd0VopM0joC1cc5A=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index f66b39e..3f8d8f5 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -26,3 +26,7 @@
[idpdata]
fullname=URI:http://pki.example.com/
+
+# these IPs are the ascii values for 'abcd' and 'abcd.example.com'
+[tricky_ip_san]
+subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d
diff --git a/tests/data_files/test-ca.server1.future-crl.db b/tests/data_files/test-ca.server1.future-crl.db
new file mode 100644
index 0000000..763aa12
--- /dev/null
+++ b/tests/data_files/test-ca.server1.future-crl.db
@@ -0,0 +1,2 @@
+R 210212144406Z 290101124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1
+R 210212144400Z 290101124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA
diff --git a/tests/data_files/test-ca.server1.future-crl.opensslconf b/tests/data_files/test-ca.server1.future-crl.opensslconf
new file mode 100644
index 0000000..e9ce754
--- /dev/null
+++ b/tests/data_files/test-ca.server1.future-crl.opensslconf
@@ -0,0 +1,18 @@
+ [ ca ]
+ default_ca = test-ca
+
+ [ test-ca ]
+ certificate = test-ca.crt
+ private_key = test-ca.key
+ serial = test-ca.server1.serial
+ default_md = sha1
+ default_startdate = 110212144406Z
+ default_enddate = 210212144406Z
+ new_certs_dir = ./
+ database = ./test-ca.server1.future-crl.db
+ policy = policy_match
+
+ [policy_match]
+ countryName = supplied
+ organizationName = supplied
+ commonName = supplied
diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf
index 4a5072e..209b0ff 100644
--- a/tests/data_files/test-ca.server1.opensslconf
+++ b/tests/data_files/test-ca.server1.opensslconf
@@ -1,6 +1,6 @@
[ ca ]
default_ca = test-ca
-
+
[ test-ca ]
certificate = test-ca.crt
private_key = test-ca.key
diff --git a/tests/git-scripts/pre-commit.sh b/tests/git-scripts/pre-commit.sh
new file mode 100755
index 0000000..fac10cc
--- /dev/null
+++ b/tests/git-scripts/pre-commit.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# pre-commit.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
+
+# Purpose
+#
+# This script does quick sanity checks before commiting:
+# - check that generated files are up-to-date.
+#
+# It is meant to be called as a git pre-commit hook, see README.md.
+#
+# From the git sample pre-commit hook:
+# Called by "git commit" with no arguments. The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+
+set -eu
+
+tests/scripts/check-generated-files.sh
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index 86edf5a..4435e58 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -1,9 +1,47 @@
#!/bin/sh
# pre-push.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -32,18 +70,4 @@
set -eu
-run_test()
-{
- TEST=$1
- echo "running '$TEST'"
- if ! `$TEST > /dev/null 2>&1`; then
- echo "test '$TEST' failed"
- return 1
- fi
-}
-
-run_test ./tests/scripts/check-doxy-blocks.pl
-run_test ./tests/scripts/check-names.sh
-run_test ./tests/scripts/check-generated-files.sh
-run_test ./tests/scripts/check-files.py
-run_test ./tests/scripts/doxygen.sh
+tests/scripts/all.sh -q -k 'check_*'
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4e49515..07ff62d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2,9 +2,47 @@
# all.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
@@ -118,8 +156,17 @@
MEMORY=0
FORCE=0
+ QUIET=0
KEEP_GOING=0
+ # Seed value used with the --release-test option.
+ #
+ # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
+ # both values are kept in sync. If you change the value here because it
+ # breaks some tests, you'll definitely want to change it in
+ # basic-build-test.sh as well.
+ RELEASE_SEED=1
+
# Default commands, can be overridden by the environment
: ${OPENSSL:="openssl"}
: ${OPENSSL_LEGACY:="$OPENSSL"}
@@ -131,12 +178,16 @@
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
+ : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then
export MAKEFLAGS="-j"
fi
+ # Include more verbose output for failing tests run by CMake
+ export CTEST_OUTPUT_ON_FAILURE=1
+
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
@@ -189,9 +240,13 @@
--list-components List components supported on this platform and exit.
General options:
+ -q|--quiet Only output component names, and errors if any.
-f|--force Force the tests to overwrite any modified files.
-k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests.
+ --arm-none-eabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-none-eabi
+ (default: "${ARM_NONE_EABI_GCC_PREFIX}")
--armcc Run ARM Compiler builds (on by default).
--except Exclude the COMPONENTs listed on the command line,
instead of running only those.
@@ -199,9 +254,10 @@
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
+ --no-quiet Print full ouput from components.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
--random-seed Use a random seed value for randomized tests (default).
- -r|--release-test Run this script in release mode. This fixes the seed value to 1.
+ -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
-s|--seed Integer seed value to use for this test run.
Tool path options:
@@ -265,6 +321,11 @@
else
current_section="$1"
fi
+
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
echo ""
echo "******************************************************************"
echo "* $current_section "
@@ -276,9 +337,13 @@
{
FLAGS="$1"
- msg "build: ARM Compiler 6 ($FLAGS), make"
+ msg "build: ARM Compiler 6 ($FLAGS)"
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-xc -std=c99' make lib
+
+ msg "size: ARM Compiler 6 ($FLAGS)"
+ "$ARMC6_FROMELF" -z library/*.o
+
make clean
}
@@ -312,6 +377,7 @@
while [ $# -gt 0 ]; do
case "$1" in
+ --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
@@ -330,12 +396,14 @@
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
--no-memory) MEMORY=0;;
+ --no-quiet) QUIET=0;;
--openssl) shift; OPENSSL="$1";;
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
--openssl-next) shift; OPENSSL_NEXT="$1";;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
+ --quiet|-q) QUIET=1;;
--random-seed) unset SEED;;
- --release-test|-r) SEED=1;;
+ --release-test|-r) SEED=$RELEASE_SEED;;
--seed|-s) shift; SEED="$1";;
-*)
echo >&2 "Unknown option: $1"
@@ -415,7 +483,7 @@
failure_summary="$failure_summary
$text"
failure_count=$((failure_count + 1))
- echo "${start_red}^^^^$text^^^^${end_color}"
+ echo "${start_red}^^^^$text^^^^${end_color}" >&2
fi
}
make () {
@@ -461,7 +529,23 @@
! "$@"
}
+pre_setup_quiet_redirect () {
+ if [ $QUIET -ne 1 ]; then
+ redirect_out () {
+ "$@"
+ }
+ else
+ redirect_out () {
+ "$@" >/dev/null
+ }
+ fi
+}
+
pre_print_configuration () {
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
@@ -511,7 +595,7 @@
esac
case " $RUN_COMPONENTS " in
- *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";;
+ *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
esac
case " $RUN_COMPONENTS " in
@@ -526,11 +610,19 @@
*_armcc*)
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
ARMC6_AR="$ARMC6_BIN_DIR/armar"
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";;
+ ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
+ check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
+ "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
esac
+ # past this point, no call to check_tool, only printing output
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
msg "info: output_env.sh"
case $RUN_COMPONENTS in
*_armcc*)
@@ -573,8 +665,20 @@
}
component_check_files () {
- msg "test: check-files.py" # < 1s
- record_status tests/scripts/check-files.py
+ msg "Check: file sanity checks (permissions, encodings)" # < 1s
+ record_status tests/scripts/check_files.py
+}
+
+component_check_changelog () {
+ msg "Check: changelog entries" # < 1s
+ rm -f ChangeLog.new
+ record_status scripts/assemble_changelog.py -o ChangeLog.new
+ if [ -e ChangeLog.new ]; then
+ # Show the diff for information. It isn't an error if the diff is
+ # non-empty.
+ diff -u ChangeLog ChangeLog.new || true
+ rm ChangeLog.new
+ fi
}
component_check_names () {
@@ -618,7 +722,7 @@
make test
msg "selftest: make, default config (out-of-box)" # ~10s
- programs/test/selftest
+ if_build_succeeded programs/test/selftest
}
component_test_default_cmake_gcc_asan () {
@@ -629,6 +733,9 @@
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
+ msg "test: selftest (ASan build)" # ~ 10s
+ if_build_succeeded programs/test/selftest
+
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
if_build_succeeded tests/ssl-opt.sh
@@ -645,6 +752,9 @@
msg "test: main suites (inc. selftests) (full config, ASan build)"
make test
+ msg "test: selftest (ASan build)" # ~ 10s
+ if_build_succeeded programs/test/selftest
+
msg "test: ssl-opt.sh (full config, ASan build)"
if_build_succeeded tests/ssl-opt.sh
@@ -757,6 +867,110 @@
if_build_succeeded tests/compat.sh -t RSA
}
+component_test_no_ctr_drbg () {
+ msg "build: Full minus CTR_DRBG"
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: no CTR_DRBG"
+ make test
+
+ # no ssl-opt.sh/compat.sh as they all depend on CTR_DRBG so far
+}
+
+component_test_no_hmac_drbg () {
+ msg "build: Full minus HMAC_DRBG"
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: no HMAC_DRBG"
+ make test
+
+ # No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far,
+ # so there's little value in running those lengthy tests here.
+}
+
+component_test_no_drbg_all_hashes () {
+ # this tests the internal ECP DRBG using a KDF based on SHA-512
+ msg "build: Default minus DRBGs"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Default minus DRBGs"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_no_drbg_no_sha512 () {
+ # this tests the internal ECP DRBG using a KDF based on SHA-256
+ msg "build: Default minus DRBGs minus SHA-512"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+ scripts/config.pl unset MBEDTLS_SHA512_C
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: Default minus DRBGs minus SHA-512"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_ecp_no_internal_rng () {
+ msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
+ scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: ECP_NO_INTERNAL_RNG, no DRBG module"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_ecp_restartable_no_internal_rng () {
+ msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG"
+ scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG
+ scripts/config.pl set MBEDTLS_ECP_RESTARTABLE
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module"
+ make test
+
+ # no SSL tests as they all depend on having a DRBG
+}
+
component_test_small_ssl_out_content_len () {
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
@@ -818,24 +1032,72 @@
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
-component_build_deprecated () {
- msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
+component_test_memsan_constant_flow () {
+ # This tests both (1) accesses to undefined memory, and (2) branches or
+ # memory access depending on secret values. To distinguish between those:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
+ # - or alternatively, change the build type to MemSanDbg, which enables
+ # origin tracking and nicer stack traces (which are useful for debugging
+ # anyway), and check if the origin was TEST_CF_SECRET() or something else.
+ msg "build: cmake MSan (clang), full config with constant flow testing"
scripts/config.pl full
- scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
+ make
- msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
- # No cleanup, just tweak the configuration and rebuild
- make clean
- scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
- scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ msg "test: main suites (Msan + constant flow)"
+ make test
}
+component_test_valgrind_constant_flow () {
+ # This tests both (1) everything that valgrind's memcheck usually checks
+ # (heap buffer overflows, use of uninitialized memory, use-after-free,
+ # etc.) and (2) branches or memory access depending on secret values,
+ # which will be reported as uninitialized memory. To distinguish between
+ # secret and actually uninitialized:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
+ # - or alternatively, build with debug info and manually run the offending
+ # test suite with valgrind --track-origins=yes, then check if the origin
+ # was TEST_CF_SECRET() or something else.
+ msg "build: cmake release GCC, full config with constant flow testing"
+ scripts/config.pl full
+ scripts/config.pl set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make
+
+ # this only shows a summary of the results (how many of each type)
+ # details are left in Testing/<date>/DynamicAnalysis.xml
+ msg "test: main suites (valgrind + constant flow)"
+ make memcheck
+}
+
+component_test_default_no_deprecated () {
+ # Test that removing the deprecated features from the default
+ # configuration leaves something consistent.
+ msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
+ scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
+ make test
+}
+
+component_test_full_deprecated_warning () {
+ # Test that there is nothing deprecated in the full configuration.
+ # A deprecated feature would trigger a warning (made fatal) from
+ # MBEDTLS_DEPRECATED_WARNING.
+ msg "build: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_DEPRECATED_REMOVED
+ scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+ # There are currently no tests for any deprecated feature.
+ # If some are added, 'make test' would trigger warnings here.
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, full + MBEDTLS_DEPRECATED_WARNING" # ~ 5s
+ make test
+}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
@@ -886,6 +1148,7 @@
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@@ -915,6 +1178,7 @@
scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_FS_IO
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
@@ -929,6 +1193,7 @@
scripts/config.pl full
scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
}
@@ -1013,6 +1278,7 @@
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
@@ -1022,6 +1288,16 @@
make test
}
+component_test_no_date_time () {
+ msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
+ scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
+ CC=gcc cmake
+ make
+
+ msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
+ make test
+}
+
component_test_platform_calloc_macro () {
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
@@ -1095,7 +1371,7 @@
info=$1 cc=$2; shift 2
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
- make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror"
+ make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
# We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0
@@ -1226,45 +1502,63 @@
}
component_build_arm_none_eabi_gcc () {
- msg "build: arm-none-eabi-gcc, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
scripts/config.pl baremetal
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_none_eabi_gcc_arm5vte () {
- msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
scripts/config.pl baremetal
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
# It would be better to build with arm-linux-gnueabi-gcc but
# we don't have that on our CI at this time.
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+}
+
+component_build_arm_none_eabi_gcc_m0plus () {
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s
+ scripts/config.pl baremetal
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
- msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX} -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
- msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX} MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
}
component_build_armcc () {
- msg "build: ARM Compiler 5, make"
+ msg "build: ARM Compiler 5"
scripts/config.pl baremetal
-
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
+
+ msg "size: ARM Compiler 5"
+ "$ARMC5_FROMELF" -z library/*.o
+
make clean
# ARM Compiler 6 - Target ARMv7-A
@@ -1416,7 +1710,10 @@
component_check_generate_test_code () {
msg "uint test: generate_test_code.py"
- record_status ./tests/scripts/test_generate_test_code.py
+ # unittest writes out mundane stuff like number or tests run on stderr.
+ # Our convention is to reserve stderr for actual errors, and write
+ # harmless info on stdout so it can be suppress with --quiet.
+ record_status ./tests/scripts/test_generate_test_code.py 2>&1
}
################################################################
@@ -1442,8 +1739,17 @@
# The cleanup function will restore it.
cp -p "$CONFIG_H" "$CONFIG_BAK"
current_component="$1"
- "$@"
+
+ # Run the component code.
+ if [ $QUIET -eq 1 ]; then
+ # msg() is silenced, so just print the component name here
+ echo "${current_component#component_}"
+ fi
+ redirect_out "$@"
+
+ # Restore the build tree to a clean state.
cleanup
+ unset current_component
}
# Preliminary setup
@@ -1460,6 +1766,7 @@
"$@"
}
fi
+pre_setup_quiet_redirect
pre_print_configuration
pre_check_tools
cleanup
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 8990dfb..b8f6242 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -2,9 +2,47 @@
# basic-build-tests.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -43,6 +81,14 @@
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
+# Used to make ssl-opt.sh deterministic.
+#
+# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept
+# in sync. If you change the value here because it breaks some tests, you'll
+# definitely want to change it in all.sh as well.
+: ${SEED:=1}
+export SEED
+
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
export OPENSSL_CMD="$OPENSSL"
@@ -67,7 +113,6 @@
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
make -j
@@ -75,15 +120,19 @@
TEST_OUTPUT=out_${PPID}
cd tests
-# Step 2a - Unit Tests
+if [ ! -f "seedfile" ]; then
+ dd if=/dev/urandom of="seedfile" bs=64 count=1
+fi
+
+# Step 2a - Unit Tests (keep going even if some tests fail)
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo
-# Step 2b - System Tests
+# Step 2b - System Tests (keep going even if some tests fail)
sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
echo
-# Step 2c - Compatibility tests
+# Step 2c - Compatibility tests (keep going even if some tests fail)
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
tee compat-test-$TEST_OUTPUT
OPENSSL_CMD="$OPENSSL_LEGACY" \
@@ -100,7 +149,15 @@
# Step 3 - Process the coverage report
cd ..
-make lcov |tee tests/cov-$TEST_OUTPUT
+{
+ make lcov
+ echo SUCCESS
+} | tee tests/cov-$TEST_OUTPUT
+
+if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then
+ echo >&2 "Fatal: 'make lcov' failed"
+ exit 2
+fi
# Step 4 - Summarise the test report
@@ -192,10 +249,12 @@
# Step 4e - Coverage
echo "Coverage"
-LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p')
-LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p')
-FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p')
-FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p')
+LINES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p')
+LINES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p')
+FUNCS_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p')
+FUNCS_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p')
+BRANCHES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* branches)$/\1/p')
+BRANCHES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) branches)$/\1/p')
LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL))
LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))"
@@ -203,11 +262,14 @@
FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL))
FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))"
+BRANCHES_PERCENT=$((1000*$BRANCHES_TESTED/$BRANCHES_TOTAL))
+BRANCHES_PERCENT="$(($BRANCHES_PERCENT/10)).$(($BRANCHES_PERCENT-($BRANCHES_PERCENT/10)*10))"
+
echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%"
echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%"
+echo "Branches Tested : $BRANCHES_TESTED of $BRANCHES_TOTAL $BRANCHES_PERCENT%"
echo
-
rm unit-test-$TEST_OUTPUT
rm sys-test-$TEST_OUTPUT
rm compat-test-$TEST_OUTPUT
@@ -220,3 +282,7 @@
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
+
+if [ $TOTAL_FAIL -ne 0 ]; then
+ exit 1
+fi
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 4967699..a8aff0b 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -7,6 +7,48 @@
# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
# but that would warn about any undocumented item, while our goal is to find
# items that are documented, but not marked as such by mistake.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 065ea33..8c7300e 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -1,8 +1,46 @@
#! /usr/bin/env sh
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2018, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -10,11 +48,29 @@
set -eu
+if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
+ cat <<EOF
+$0 [-u]
+This script checks that all generated file are up-to-date. If some aren't, by
+default the scripts reports it and exits in error; with the -u option, it just
+updates them instead.
+
+ -u Update the files rather than return an error for out-of-date files.
+EOF
+ exit
+fi
+
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
exit 1
fi
+UPDATE=
+if [ $# -ne 0 ] && [ "$1" = "-u" ]; then
+ shift
+ UPDATE='y'
+fi
+
check()
{
SCRIPT=$1
@@ -40,9 +96,15 @@
for FILE in $FILES; do
if ! diff $FILE $FILE.bak >/dev/null 2>&1; then
echo "'$FILE' was either modified or deleted by '$SCRIPT'"
- exit 1
+ if [ -z "$UPDATE" ]; then
+ exit 1
+ fi
fi
- mv $FILE.bak $FILE
+ if [ -z "$UPDATE" ]; then
+ mv $FILE.bak $FILE
+ else
+ rm $FILE.bak
+ fi
if [ -d $TO_CHECK ]; then
# Create a grep regular expression that we can check against the
@@ -59,7 +121,9 @@
# Check if there are any new files
if ls -1 $TO_CHECK | grep -v "$PATTERN" >/dev/null 2>&1; then
echo "Files were created by '$SCRIPT'"
- exit 1
+ if [ -z "$UPDATE" ]; then
+ exit 1
+ fi
fi
fi
}
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 90ecfd2..7c979bc 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -1,8 +1,46 @@
#!/bin/sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
@@ -54,7 +92,7 @@
diff macros identifiers | sed -n -e 's/< //p' > actual-macros
for THING in actual-macros enum-consts; do
- printf "Names of $THING: "
+ printf 'Names of %s: ' "$THING"
test -r $THING
BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
@@ -67,7 +105,7 @@
done
for THING in identifiers; do
- printf "Names of $THING: "
+ printf 'Names of %s: ' "$THING"
test -r $THING
BAD=$( grep -v '^mbedtls_[0-9a-z_]*[0-9a-z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index cd18518..8289091 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -1,8 +1,46 @@
#! /usr/bin/env sh
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose:
#
diff --git a/tests/scripts/check-files.py b/tests/scripts/check_files.py
similarity index 62%
rename from tests/scripts/check-files.py
rename to tests/scripts/check_files.py
index 4bc27f0..2e04650 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check_files.py
@@ -1,7 +1,46 @@
#!/usr/bin/env python3
-# This file is part of Mbed TLS (https://tls.mbed.org)
-# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
"""
This script checks the current state of the source code for minor issues,
@@ -14,6 +53,8 @@
import argparse
import logging
import codecs
+import re
+import subprocess
import sys
@@ -23,28 +64,48 @@
To implement a checker that processes a file as a whole, inherit from
this class and implement `check_file_for_issue` and define ``heading``.
- ``files_exemptions``: files whose name ends with a string in this set
+ ``suffix_exemptions``: files whose name ends with a string in this set
will not be checked.
+ ``path_exemptions``: files whose path (relative to the root of the source
+ tree) matches this regular expression will not be checked. This can be
+ ``None`` to match no path. Paths are normalized and converted to ``/``
+ separators before matching.
+
``heading``: human-readable description of the issue
"""
- files_exemptions = frozenset()
+ suffix_exemptions = frozenset()
+ path_exemptions = None
# heading must be defined in derived classes.
# pylint: disable=no-member
def __init__(self):
self.files_with_issues = {}
+ @staticmethod
+ def normalize_path(filepath):
+ """Normalize ``filepath`` with / as the directory separator."""
+ filepath = os.path.normpath(filepath)
+ # On Windows, we may have backslashes to separate directories.
+ # We need slashes to match exemption lists.
+ seps = os.path.sep
+ if os.path.altsep is not None:
+ seps += os.path.altsep
+ return '/'.join(filepath.split(seps))
+
def should_check_file(self, filepath):
"""Whether the given file name should be checked.
- Files whose name ends with a string listed in ``self.files_exemptions``
- will not be checked.
+ Files whose name ends with a string listed in ``self.suffix_exemptions``
+ or whose path matches ``self.path_exemptions`` will not be checked.
"""
- for files_exemption in self.files_exemptions:
+ for files_exemption in self.suffix_exemptions:
if filepath.endswith(files_exemption):
return False
+ if self.path_exemptions and \
+ re.match(self.path_exemptions, self.normalize_path(filepath)):
+ return False
return True
def check_file_for_issue(self, filepath):
@@ -73,6 +134,17 @@
logger.info(filename)
logger.info("")
+BINARY_FILE_PATH_RE_LIST = [
+ r'docs/.*\.pdf\Z',
+ r'programs/fuzz/corpuses/[^.]+\Z',
+ r'tests/data_files/[^.]+\Z',
+ r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z',
+ r'tests/data_files/.*\.req\.[^/]+\Z',
+ r'tests/data_files/.*malformed[^/]+\Z',
+ r'tests/data_files/format_pkcs12\.fmt\Z',
+]
+BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST))
+
class LineIssueTracker(FileIssueTracker):
"""Base class for line-by-line issue tracking.
@@ -80,6 +152,9 @@
this class and implement `line_with_issue`.
"""
+ # Exclude binary files.
+ path_exemptions = BINARY_FILE_PATH_RE
+
def issue_with_line(self, line, filepath):
"""Check the specified line for the issue that this class is for.
@@ -103,7 +178,7 @@
def is_windows_file(filepath):
_root, ext = os.path.splitext(filepath)
- return ext in ('.dsp', '.sln', '.vcxproj')
+ return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj')
class PermissionIssueTracker(FileIssueTracker):
@@ -126,9 +201,18 @@
heading = "Missing newline at end of file:"
+ path_exemptions = BINARY_FILE_PATH_RE
+
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
- if not f.read().endswith(b"\n"):
+ try:
+ f.seek(-1, 2)
+ except OSError:
+ # This script only works on regular files. If we can't seek
+ # 1 before the end, it means that this position is before
+ # the beginning of the file, i.e. that the file is empty.
+ return
+ if f.read(1) != b"\n":
self.files_with_issues[filepath] = None
@@ -138,7 +222,8 @@
heading = "UTF-8 BOM present:"
- files_exemptions = frozenset([".vcxproj", ".sln"])
+ suffix_exemptions = frozenset([".vcxproj", ".sln"])
+ path_exemptions = BINARY_FILE_PATH_RE
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
@@ -152,6 +237,8 @@
heading = "Non-Unix line endings:"
def should_check_file(self, filepath):
+ if not super().should_check_file(filepath):
+ return False
return not is_windows_file(filepath)
def issue_with_line(self, line, _filepath):
@@ -164,6 +251,8 @@
heading = "Non-Windows line endings:"
def should_check_file(self, filepath):
+ if not super().should_check_file(filepath):
+ return False
return is_windows_file(filepath)
def issue_with_line(self, line, _filepath):
@@ -174,7 +263,7 @@
"""Track lines with trailing whitespace."""
heading = "Trailing whitespace:"
- files_exemptions = frozenset([".dsp", ".md"])
+ suffix_exemptions = frozenset([".dsp", ".md"])
def issue_with_line(self, line, _filepath):
return line.rstrip(b"\r\n") != line.rstrip()
@@ -184,7 +273,8 @@
"""Track lines with tabs."""
heading = "Tabs present:"
- files_exemptions = frozenset([
+ suffix_exemptions = frozenset([
+ ".pem", # some openssl dumps have tabs
".sln",
"/Makefile",
"/generate_visualc_files.pl",
@@ -222,30 +312,6 @@
self.check_repo_path()
self.logger = None
self.setup_logger(log_file)
- self.extensions_to_check = (
- ".c",
- ".data",
- ".dsp",
- ".function",
- ".h",
- ".md",
- ".pl",
- ".py",
- ".sh",
- ".sln",
- ".vcxproj",
- "/CMakeLists.txt",
- "/ChangeLog",
- "/Makefile",
- )
- self.excluded_directories = [
- '.git',
- 'mbed-os',
- ]
- self.excluded_paths = list(map(os.path.normpath, [
- 'cov-int',
- 'examples',
- ]))
self.issues_to_check = [
PermissionIssueTracker(),
EndOfFileNewlineIssueTracker(),
@@ -272,23 +338,22 @@
console = logging.StreamHandler()
self.logger.addHandler(console)
- def prune_branch(self, root, d):
- if d in self.excluded_directories:
- return True
- if os.path.normpath(os.path.join(root, d)) in self.excluded_paths:
- return True
- return False
+ @staticmethod
+ def collect_files():
+ bytes_output = subprocess.check_output(['git', 'ls-files', '-z'])
+ bytes_filepaths = bytes_output.split(b'\0')[:-1]
+ ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths)
+ # Prepend './' to files in the top-level directory so that
+ # something like `'/Makefile' in fp` matches in the top-level
+ # directory as well as in subdirectories.
+ return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp)
+ for fp in ascii_filepaths]
def check_files(self):
- for root, dirs, files in os.walk("."):
- dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d))
- for filename in sorted(files):
- filepath = os.path.join(root, filename)
- if not filepath.endswith(self.extensions_to_check):
- continue
- for issue_to_check in self.issues_to_check:
- if issue_to_check.should_check_file(filepath):
- issue_to_check.check_file_for_issue(filepath)
+ for issue_to_check in self.issues_to_check:
+ for filepath in self.collect_files():
+ if issue_to_check.should_check_file(filepath):
+ issue_to_check.check_file_for_issue(filepath)
def output_issues(self):
integrity_return_code = 0
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index ddc90c5..0673430 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -2,7 +2,47 @@
# curves.pl
#
-# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index f57e7ed..dcaec8c 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -2,7 +2,47 @@
# depends-hashes.pl
#
-# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 97a43e8..b5a932e 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -2,7 +2,47 @@
# depends-pkalgs.pl
#
-# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index e7758c9..a249bc7 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -1,6 +1,48 @@
#!/bin/sh
# Make sure the doxygen documentation builds without warnings
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
# Abort on errors (and uninitiliased variables)
set -eu
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 3c074be..9ed0372 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -3,6 +3,48 @@
# Based on NIST CTR_DRBG.rsp validation file
# Only uses AES-256-CTR cases that use a Derivation function
# and concats nonce and personalization for initialization.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl
index 03809cb..0b4613d 100755
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@@ -2,6 +2,48 @@
#
# Based on NIST gcmDecryptxxx.rsp validation files
# Only first 3 of every set used for compile time saving
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl
index 29ec677..5962a3c 100755
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@@ -2,6 +2,48 @@
#
# Based on NIST gcmEncryptIntIVxxx.rsp validation files
# Only first 3 of every set used for compile time saving
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 110cb4b..c17559c 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -1,5 +1,46 @@
#!/usr/bin/env perl
#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use strict;
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index cbc2f59..22bea9d 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -7,6 +7,48 @@
# Usage: generate-afl-tests.sh <test data file path>
# <test data file path> - should be the path to one of the test suite files
# such as 'test_suite_mpi.data'
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
# Abort on errors
set -e
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 21f816e..f452b37 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,8 +1,14 @@
#!/usr/bin/env python3
# Test suites code generator.
#
-# Copyright (C) 2018, Arm Limited, All Rights Reserved
-# SPDX-License-Identifier: Apache-2.0
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
"""
This script is a key part of Mbed TLS test suites framework. For
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index 3bf7ae3..47da663 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -2,7 +2,47 @@
# key-exchanges.pl
#
-# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 21c25b3..4e47fd4 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -1,4 +1,46 @@
#!/usr/bin/env perl
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index cc9c54f..d01e5b6 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -5,6 +5,48 @@
# Outputs the line count of the file to stdout.
#
# Usage: list-identifiers.sh [ -i | --internal ]
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 3c84adb..cb61c4f 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -1,4 +1,46 @@
#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index 930722c..de6a85d 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -1,4 +1,46 @@
#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
set -eu
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 709bb1a..f7c6a8a 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -2,8 +2,14 @@
# Greentea host test script for Mbed TLS on-target test suite testing.
#
-# Copyright (C) 2018, Arm Limited, All Rights Reserved
-# SPDX-License-Identifier: Apache-2.0
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
@@ -17,7 +23,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
"""
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 431e592..51b0c03 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -7,6 +7,48 @@
# an unbounded way, those functions should use interation instead.
#
# Typical usage: scripts/recursion.pl library/*.c
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index d06badd..23c6d22 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -2,9 +2,47 @@
# run-test-suites.pl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
=head1 SYNOPSIS
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
index 11cbf1b..6b19896 100755
--- a/tests/scripts/tcp_client.pl
+++ b/tests/scripts/tcp_client.pl
@@ -4,6 +4,48 @@
# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
# DATA: hex-encoded data to send to the server
# RESPONSE: regexp that must match the server's response
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
use warnings;
use strict;
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 80d5f38..a8bfa6e 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -2,9 +2,47 @@
# test-ref-configs.pl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index c8e8c5c..e64d26d 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -1,8 +1,14 @@
#!/usr/bin/env python3
# Unit test for generate_test_code.py
#
-# Copyright (C) 2018, Arm Limited, All Rights Reserved
-# SPDX-License-Identifier: Apache-2.0
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
@@ -16,7 +22,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
"""
Unit tests for generate_test_code.py
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index c929c88..a7536c4 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -1,8 +1,46 @@
# test_zeroize.gdb
#
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -31,19 +69,13 @@
# the compiler potentially has a bug.
#
# Note: This test requires that the test program is compiled with -g3.
-#
-# WARNING: There does not seem to be a mechanism in GDB scripts to set a
-# breakpoint at the end of a function (probably because there are a lot of
-# complications as function can have multiple exit points, etc). Therefore, it
-# was necessary to hard-code the line number of the breakpoint in the zeroize.c
-# test app. The assumption is that zeroize.c is a simple test app that does not
-# change often (as opposed to the actual library code), so the breakpoint line
-# number does not need to be updated often.
set confirm off
file ./programs/test/zeroize
-break zeroize.c:100
+
+search GDB_BREAK_HERE
+break $_
set args ./programs/test/zeroize.c
run
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
index 9866ca7..df32bc5 100755
--- a/tests/scripts/travis-log-failure.sh
+++ b/tests/scripts/travis-log-failure.sh
@@ -2,9 +2,47 @@
# travis-log-failure.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 24c8616..b9652ef 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2,9 +2,47 @@
# ssl-opt.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# This file is provided under the Apache License 2.0, or the
+# GNU General Public License v2.0 or later.
+#
+# **********
+# Apache License 2.0:
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# **********
+#
+# **********
+# GNU General Public License v2.0 or later:
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# **********
#
# Purpose
#
@@ -92,8 +130,8 @@
echo "Usage: $0 [options]"
printf " -h|--help\tPrint this help.\n"
printf " -m|--memcheck\tCheck memory leaks and errors.\n"
- printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
- printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
+ printf " -f|--filter\tOnly matching tests are executed (BRE)\n"
+ printf " -e|--exclude\tMatching tests are excluded (BRE)\n"
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
@@ -346,7 +384,7 @@
fi
LINE="$LINE$1"
- printf "$LINE "
+ printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done
printf ' '
@@ -365,7 +403,7 @@
fi
echo " ! outputs saved to o-XXX-${TESTS}.log"
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
+ if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
echo " ! server output:"
cat o-srv-${TESTS}.log
echo " ! ========================================================"
@@ -581,6 +619,19 @@
return
fi
+ # update DTLS variable
+ detect_dtls "$SRV_CMD"
+
+ # if the test uses DTLS but no custom proxy, add a simple proxy
+ # as it provides timing info that's useful to debug failures
+ if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+ PXY_CMD="$P_PXY"
+ case " $SRV_CMD " in
+ *' server_addr=::1 '*)
+ PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";;
+ esac
+ fi
+
# fix client port
if [ -n "$PXY_CMD" ]; then
CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
@@ -588,9 +639,6 @@
CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
fi
- # update DTLS variable
- detect_dtls "$SRV_CMD"
-
# prepend valgrind to our commands if active
if [ "$MEMCHECK" -gt 0 ]; then
if is_polar "$SRV_CMD"; then
@@ -607,19 +655,19 @@
# run the commands
if [ -n "$PXY_CMD" ]; then
- echo "$PXY_CMD" > $PXY_OUT
+ printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
$PXY_CMD >> $PXY_OUT 2>&1 &
PXY_PID=$!
wait_proxy_start "$PXY_PORT" "$PXY_PID"
fi
check_osrv_dtls
- echo "$SRV_CMD" > $SRV_OUT
+ printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$!
wait_server_start "$SRV_PORT" "$SRV_PID"
- echo "$CLI_CMD" > $CLI_OUT
+ printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
wait_client_done
@@ -1829,12 +1877,12 @@
# Tests for Max Fragment Length extension
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
- printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
+ printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
exit 1
fi
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
- printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
+ echo "Using non-default maximum content length $MAX_CONTENT_LEN"
fi
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -2775,14 +2823,14 @@
MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
- printf "The ${CONFIG_H} file contains a value for the configuration of\n"
- printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
- printf "test value of ${MAX_IM_CA}. \n"
- printf "\n"
- printf "The tests assume this value and if it changes, the tests in this\n"
- printf "script should also be adjusted.\n"
- printf "\n"
+ cat <<EOF
+${CONFIG_H} contains a value for the configuration of
+MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
+test value of ${MAX_IM_CA}.
+The tests assume this value and if it changes, the tests in this
+script should also be adjusted.
+EOF
exit 1
fi
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 278de16..9403d99 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -46,6 +46,52 @@
#include <strings.h>
#endif
+/*
+ * Define the two macros
+ *
+ * #define TEST_CF_SECRET(ptr, size)
+ * #define TEST_CF_PUBLIC(ptr, size)
+ *
+ * that can be used in tests to mark a memory area as secret (no branch or
+ * memory access should depend on it) or public (default, only needs to be
+ * marked explicitly when it was derived from secret data).
+ *
+ * Arguments:
+ * - ptr: a pointer to the memory area to be marked
+ * - size: the size in bytes of the memory area
+ *
+ * Implementation:
+ * The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can
+ * re-use tools that were designed for checking use of uninitialized memory.
+ * This file contains two implementations: one based on MemorySanitizer, the
+ * other on valgrind's memcheck. If none of them is enabled, dummy macros that
+ * do nothing are defined for convenience.
+ */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+#include <sanitizer/msan_interface.h>
+
+/* Use macros to avoid messing up with origin tracking */
+#define TEST_CF_SECRET __msan_allocated_memory
+// void __msan_allocated_memory(const volatile void* data, size_t size);
+#define TEST_CF_PUBLIC __msan_unpoison
+// void __msan_unpoison(const volatile void *a, size_t size);
+
+#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+#include <valgrind/memcheck.h>
+
+#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED
+// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len)
+#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED
+// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len)
+
+#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
+ MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
+
+#define TEST_CF_SECRET(ptr, size)
+#define TEST_CF_PUBLIC(ptr, size)
+
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+
/* Type for Hex parameters */
typedef struct data_tag
{
@@ -108,6 +154,27 @@
} \
} while( 0 )
+/** Compare two buffers and fail the test case if they differ.
+ *
+ * This macro expands to an instruction, not an expression.
+ * It may jump to the \c exit label.
+ *
+ * \param p1 Pointer to the start of the first buffer.
+ * \param size1 Size of the first buffer in bytes.
+ * This expression may be evaluated multiple times.
+ * \param p2 Pointer to the start of the second buffer.
+ * \param size2 Size of the second buffer in bytes.
+ * This expression may be evaluated multiple times.
+ */
+#define ASSERT_COMPARE( p1, size1, p2, size2 ) \
+ do \
+ { \
+ TEST_ASSERT( ( size1 ) == ( size2 ) ); \
+ if( ( size1 ) != 0 ) \
+ TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \
+ } \
+ while( 0 )
+
/**
* \brief This macro tests the expression passed to it and skips the
* running test if it doesn't evaluate to 'true'.
@@ -244,7 +311,7 @@
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR( const_expr ) \
- ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
+ ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
@@ -336,6 +403,12 @@
void test_fail( const char *test, int line_no, const char* filename )
{
+ if( test_info.result == TEST_RESULT_FAILED )
+ {
+ /* We've already recorded the test as having failed. Don't
+ * overwrite any previous information about the failure. */
+ return;
+ }
test_info.result = TEST_RESULT_FAILED;
test_info.test = test;
test_info.line_no = line_no;
@@ -391,49 +464,56 @@
#endif
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-static int redirect_output( FILE** out_stream, const char* path )
+static int redirect_output( FILE* out_stream, const char* path )
{
- int stdout_fd = dup( fileno( *out_stream ) );
+ int out_fd, dup_fd;
+ FILE* path_stream;
- if( stdout_fd == -1 )
+ out_fd = fileno( out_stream );
+ dup_fd = dup( out_fd );
+
+ if( dup_fd == -1 )
{
- return -1;
+ return( -1 );
}
- fflush( *out_stream );
- fclose( *out_stream );
- *out_stream = fopen( path, "w" );
-
- if( *out_stream == NULL )
+ path_stream = fopen( path, "w" );
+ if( path_stream == NULL )
{
- close( stdout_fd );
- return -1;
+ close( dup_fd );
+ return( -1 );
}
- return stdout_fd;
+ fflush( out_stream );
+ if( dup2( fileno( path_stream ), out_fd ) == -1 )
+ {
+ close( dup_fd );
+ fclose( path_stream );
+ return( -1 );
+ }
+
+ fclose( path_stream );
+ return( dup_fd );
}
-static int restore_output( FILE** out_stream, int old_fd )
+static int restore_output( FILE* out_stream, int dup_fd )
{
- fflush( *out_stream );
- fclose( *out_stream );
+ int out_fd = fileno( out_stream );
- *out_stream = fdopen( old_fd, "w" );
- if( *out_stream == NULL )
+ fflush( out_stream );
+ if( dup2( dup_fd, out_fd ) == -1 )
{
- return -1;
+ close( out_fd );
+ close( dup_fd );
+ return( -1 );
}
- return 0;
-}
-
-static void close_output( FILE* out_stream )
-{
- fclose( out_stream );
+ close( dup_fd );
+ return( 0 );
}
#endif /* __unix__ || __APPLE__ __MACH__ */
-int unhexify( unsigned char *obuf, const char *ibuf )
+int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
int len = strlen( ibuf ) / 2;
@@ -467,7 +547,7 @@
return len;
}
-void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
+void mbedtls_test_hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
@@ -533,7 +613,7 @@
obuf = mbedtls_calloc( 1, *olen );
TEST_HELPER_ASSERT( obuf != NULL );
- (void) unhexify( obuf, ibuf );
+ (void) mbedtls_test_unhexify( obuf, ibuf );
return( obuf );
}
@@ -549,7 +629,7 @@
*/
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
{
-#if !defined(__OpenBSD__)
+#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
if( rng_state != NULL )
@@ -562,7 +642,7 @@
rng_state = NULL;
arc4random_buf( output, len );
-#endif /* !OpenBSD */
+#endif /* !OpenBSD && !NetBSD */
return( 0 );
}
@@ -679,7 +759,7 @@
return( 0 );
}
-int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
+int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
{
int ret = 0;
uint32_t i = 0;
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 5688efd..ca51e7b 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -277,7 +277,8 @@
{
if ( verify_string( &val ) == 0 )
{
- *int_params_store = unhexify( (unsigned char *) val, val );
+ *int_params_store = mbedtls_test_unhexify(
+ (unsigned char *) val, val );
*out++ = val;
*out++ = (char *)(int_params_store++);
}
@@ -554,7 +555,7 @@
*/
if( !option_verbose )
{
- stdout_fd = redirect_output( &stdout, "/dev/null" );
+ stdout_fd = redirect_output( stdout, "/dev/null" );
if( stdout_fd == -1 )
{
/* Redirection has failed with no stdout so exit */
@@ -574,7 +575,7 @@
}
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- if( !option_verbose && restore_output( &stdout, stdout_fd ) )
+ if( !option_verbose && restore_output( stdout, stdout_fd ) )
{
/* Redirection has failed with no stdout so exit */
exit( 1 );
@@ -666,10 +667,5 @@
mbedtls_memory_buffer_alloc_free();
#endif
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- if( stdout_fd != -1 )
- close_output( stdout );
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
return( total_errors != 0 );
}
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index bfc5279..f516d2c 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -15,10 +15,14 @@
* Test suite file : $test_case_file
* Test suite data : $test_case_data_file
*
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+#if !defined(_POSIX_C_SOURCE)
+#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
+#endif
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h>
#else
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index 89835d2..dce4e8d 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -75,7 +75,7 @@
c[1] = greentea_getc();
c[2] = '\0';
- TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 );
+ TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 );
return( byte );
}
@@ -101,7 +101,7 @@
};
const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2],
c_be[3], c_be[0], c_be[1], '\0' };
- TEST_HELPER_ASSERT( unhexify( (uint8_t*)&value, c ) != 8 );
+ TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 );
return( value );
}
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index da8c1e9..23bf83d 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -9,7 +9,7 @@
/* BEGIN_CASE */
void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -23,7 +23,7 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -33,7 +33,7 @@
/* BEGIN_CASE */
void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -47,7 +47,7 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -57,7 +57,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -72,7 +72,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -82,7 +83,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -96,7 +97,8 @@
if( cbc_result == 0)
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -228,7 +230,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -241,7 +243,7 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -250,7 +252,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -263,7 +265,7 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -272,7 +274,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -284,7 +286,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -293,7 +296,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -305,7 +308,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -313,51 +317,35 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
-void aes_encrypt_ofb( int fragment_size, char *hex_key_string,
- char *hex_iv_string, char *hex_src_string,
- char *hex_dst_string )
+void aes_encrypt_ofb( int fragment_size, data_t *key_str,
+ data_t *iv_str, data_t *src_str,
+ data_t *expected_output )
{
- unsigned char key_str[32];
- unsigned char iv_str[16];
- unsigned char src_str[64];
- unsigned char dst_str[64];
unsigned char output[32];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
int in_buffer_len;
unsigned char* src_str_next;
- int key_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aes_init( &ctx );
- TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) );
- TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) );
- TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) );
- TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) );
+ TEST_ASSERT( (size_t)fragment_size < sizeof( output ) );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- in_buffer_len = unhexify( src_str, hex_src_string );
-
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 );
- src_str_next = src_str;
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x,
+ key_str->len * 8 ) == 0 );
+ in_buffer_len = src_str->len;
+ src_str_next = src_str->x;
while( in_buffer_len > 0 )
{
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
- iv_str, src_str_next, output ) == 0 );
+ iv_str->x, src_str_next, output ) == 0 );
- hexify( dst_str, output, fragment_size );
- TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string,
- ( 2 * fragment_size ) ) == 0 );
+ TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 );
in_buffer_len -= fragment_size;
- hex_dst_string += ( fragment_size * 2 );
+ expected_output->x += fragment_size;
src_str_next += fragment_size;
if( in_buffer_len < fragment_size )
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index ae3b032..c1e2386 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,8 +8,7 @@
*/
/* BEGIN_CASE */
-void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str,
- data_t * hex_dst_string )
+void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst )
{
unsigned char dst_str[1000];
mbedtls_arc4_context ctx;
@@ -19,9 +18,11 @@
mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
- TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 );
+ TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len,
+ src_str->x, dst_str ) == 0 );
- TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_arc4_free( &ctx );
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 7e35f15..6d6a203 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -206,37 +206,28 @@
/* END_CASE */
/* BEGIN_CASE */
-void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void aria_encrypt_ecb( data_t *key_str, data_t *src_str,
+ data_t *expected_output, int setkey_result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- int key_len, data_len, i;
+ size_t i;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- data_len = unhexify( src_str, hex_src_string );
-
- TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 )
+ TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 )
== setkey_result );
if( setkey_result == 0 )
{
- for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE )
+ for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE )
{
- TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i )
- == 0 );
+ TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
+ output + i ) == 0 );
}
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -245,37 +236,28 @@
/* END_CASE */
/* BEGIN_CASE */
-void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void aria_decrypt_ecb( data_t *key_str, data_t *src_str,
+ data_t *expected_output, int setkey_result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- int key_len, data_len, i;
+ size_t i;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- data_len = unhexify( src_str, hex_src_string );
-
- TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 )
+ TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 )
== setkey_result );
if( setkey_result == 0 )
{
- for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE )
+ for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE )
{
- TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i )
- == 0 );
+ TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
+ output + i ) == 0 );
}
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -284,38 +266,24 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_encrypt_cbc( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int cbc_result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len,
- iv_str, src_str, output )
- == cbc_result );
+ mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT,
+ src_str->len, iv_str->x, src_str->x,
+ output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
-
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -324,38 +292,24 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_decrypt_cbc( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int cbc_result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len,
- iv_str, src_str, output )
- == cbc_result );
+ mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT,
+ src_str->len, iv_str->x, src_str->x,
+ output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
-
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -364,38 +318,25 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
+ mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT,
- data_len, &iv_offset, iv_str,
- src_str, output )
+ src_str->len, &iv_offset,
+ iv_str->x, src_str->x, output )
== result );
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -403,38 +344,25 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
+ mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT,
- data_len, &iv_offset, iv_str,
- src_str, output )
+ src_str->len, &iv_offset,
+ iv_str->x, src_str->x, output )
== result );
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -442,38 +370,25 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_encrypt_ctr( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str,
- blk, src_str, output )
+ mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
+ iv_str->x, blk, src_str->x, output )
== result );
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -481,38 +396,25 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aria_decrypt_ctr( data_t *key_str, data_t *iv_str,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char key_str[ARIA_MAX_KEY_STR];
- unsigned char iv_str[ARIA_BLOCK_STR];
- unsigned char src_str[ARIA_MAX_DATA_STR];
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- int key_len, data_len;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str,
- blk, src_str, output )
+ mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
+ iv_str->x, blk, src_str->x, output )
== result );
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index 7a93cd1..f89353c 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -167,7 +167,7 @@
/* BEGIN_CASE */
void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -181,7 +181,7 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
exit:
@@ -191,7 +191,7 @@
/* BEGIN_CASE */
void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -205,7 +205,7 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
exit:
@@ -215,7 +215,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -231,7 +231,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -241,7 +242,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -256,7 +257,8 @@
if( cbc_result == 0)
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -266,8 +268,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string
- )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -280,7 +281,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -289,8 +291,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string
- )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -303,7 +304,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -312,7 +314,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char stream_str[100];
unsigned char output[100];
@@ -327,7 +329,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 9408348..312495c 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -175,7 +175,7 @@
/* BEGIN_CASE */
void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -189,7 +189,7 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -199,7 +199,7 @@
/* BEGIN_CASE */
void camellia_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -213,7 +213,7 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -223,8 +223,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
- int cbc_result )
+ data_t * src_str, data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -238,7 +237,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -248,7 +248,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -263,7 +263,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -273,8 +274,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str,
- data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -287,7 +287,7 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
@@ -297,7 +297,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str,
data_t * src_str,
- data_t * hex_dst_string )
+ data_t * dst )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -310,7 +310,7 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 16f9f8e..1bba531 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -152,7 +152,7 @@
void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
data_t * msg, data_t * iv,
data_t * add, int tag_len, int result,
- data_t * hex_msg )
+ data_t * expected_msg )
{
unsigned char tag[16];
mbedtls_ccm_context ctx;
@@ -172,7 +172,7 @@
if( result == 0 )
{
- TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 );
+ TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 );
}
else
{
@@ -192,64 +192,51 @@
/* BEGIN_CASE */
void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
- char *key_hex, char *msg_hex,
- char *source_address_hex, char *frame_counter_hex,
- int sec_level, char *add_hex,
- char *result_hex, int output_ret )
+ data_t *key, data_t *msg,
+ data_t *source_address, data_t *frame_counter,
+ int sec_level, data_t *add,
+ data_t *expected_result, int output_ret )
{
- unsigned char key[32];
- unsigned char msg[50];
unsigned char iv[13];
- unsigned char add[32];
unsigned char result[50];
- unsigned char source_address[8];
- unsigned char frame_counter[4];
mbedtls_ccm_context ctx;
- size_t i, key_len, msg_len, iv_len, add_len, result_len, source_address_len, frame_counter_len, tag_len;
+ size_t i, iv_len, tag_len;
int ret;
mbedtls_ccm_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
- memset( add, 0x00, sizeof( add ) );
memset( result, 0x00, sizeof( result ) );
- memset( source_address, 0x00, sizeof( source_address ) );
- memset( frame_counter, 0x00, sizeof( frame_counter ) );
-
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- add_len = unhexify( add, add_hex );
- result_len = unhexify( result, result_hex );
- source_address_len = unhexify( source_address, source_address_hex );
- frame_counter_len = unhexify( frame_counter, frame_counter_hex );
if( sec_level % 4 == 0)
tag_len = 0;
else
tag_len = 1 << ( sec_level % 4 + 1);
- for( i = 0; i < source_address_len; i++ )
- iv[i] = source_address[i];
+ for( i = 0; i < source_address->len; i++ )
+ iv[i] = source_address->x[i];
- for( i = 0; i < frame_counter_len; i++ )
- iv[source_address_len + i] = frame_counter[i];
+ for( i = 0; i < frame_counter->len; i++ )
+ iv[source_address->len + i] = frame_counter->x[i];
- iv[source_address_len + frame_counter_len] = sec_level;
+ iv[source_address->len + frame_counter->len] = sec_level;
iv_len = sizeof( iv );
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id,
+ key->x, key->len * 8 ) == 0 );
- ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
- add, add_len, msg, msg, msg + msg_len, tag_len );
+ ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
+ add->x, add->len, msg->x,
+ result, result + msg->len, tag_len );
TEST_ASSERT( ret == output_ret );
- TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+ TEST_ASSERT( memcmp( result,
+ expected_result->x, expected_result->len ) == 0 );
/* Check we didn't write past the end */
- TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
+ TEST_ASSERT( result[expected_result->len] == 0 &&
+ result[expected_result->len + 1] == 0 );
exit:
mbedtls_ccm_free( &ctx );
@@ -258,69 +245,51 @@
/* BEGIN_CASE */
void mbedtls_ccm_star_auth_decrypt( int cipher_id,
- char *key_hex, char *msg_hex,
- char *source_address_hex, char *frame_counter_hex,
- int sec_level, char *add_hex,
- char *result_hex, int output_ret )
+ data_t *key, data_t *msg,
+ data_t *source_address, data_t *frame_counter,
+ int sec_level, data_t *add,
+ data_t *expected_result, int output_ret )
{
- unsigned char key[32];
- unsigned char msg[50];
unsigned char iv[13];
- unsigned char add[32];
- unsigned char tag[16];
unsigned char result[50];
- unsigned char source_address[8];
- unsigned char frame_counter[4];
mbedtls_ccm_context ctx;
- size_t i, key_len, msg_len, iv_len, add_len, tag_len, result_len, source_address_len, frame_counter_len;
+ size_t i, iv_len, tag_len;
int ret;
mbedtls_ccm_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
- memset( add, 0x00, sizeof( add ) );
- memset( result, 0x00, sizeof( result ) );
- memset( source_address, 0x00, sizeof( source_address ) );
- memset( frame_counter, 0x00, sizeof( frame_counter ) );
- memset( tag, 0x00, sizeof( tag ) );
-
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- add_len = unhexify( add, add_hex );
- result_len = unhexify( result, result_hex );
- source_address_len = unhexify( source_address, source_address_hex );
- frame_counter_len = unhexify( frame_counter, frame_counter_hex );
+ memset( result, '+', sizeof( result ) );
if( sec_level % 4 == 0)
tag_len = 0;
else
tag_len = 1 << ( sec_level % 4 + 1);
- for( i = 0; i < source_address_len; i++ )
- iv[i] = source_address[i];
+ for( i = 0; i < source_address->len; i++ )
+ iv[i] = source_address->x[i];
- for( i = 0; i < frame_counter_len; i++ )
- iv[source_address_len + i] = frame_counter[i];
+ for( i = 0; i < frame_counter->len; i++ )
+ iv[source_address->len + i] = frame_counter->x[i];
- iv[source_address_len + frame_counter_len] = sec_level;
+ iv[source_address->len + frame_counter->len] = sec_level;
iv_len = sizeof( iv );
- msg_len -= tag_len;
- memcpy( tag, msg + msg_len, tag_len );
+ TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
-
- ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len,
- add, add_len, msg, msg, msg + msg_len, tag_len );
+ ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len,
+ add->x, add->len, msg->x, result,
+ msg->x + msg->len - tag_len, tag_len );
TEST_ASSERT( ret == output_ret );
- TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+ TEST_ASSERT( memcmp( result, expected_result->x,
+ expected_result->len ) == 0 );
/* Check we didn't write past the end (where the original tag is) */
- TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
+ TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) );
+ TEST_ASSERT( result[msg->len] == '+' );
+ TEST_ASSERT( result[msg->len + 1] == '+' );
exit:
mbedtls_ccm_free( &ctx );
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 49b389c..67c8de2 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -8,60 +8,43 @@
*/
/* BEGIN_CASE */
-void chacha20_crypt( char *hex_key_string,
- char *hex_nonce_string,
+void chacha20_crypt( data_t *key_str,
+ data_t *nonce_str,
int counter,
- char *hex_src_string,
- char *hex_dst_string )
+ data_t *src_str,
+ data_t *expected_output_str )
{
- unsigned char key_str[32]; /* size set by the standard */
- unsigned char nonce_str[12]; /* size set by the standard */
- unsigned char src_str[375]; /* max size of binary input */
- unsigned char dst_str[751]; /* hex expansion of the above */
- unsigned char output[751];
- size_t key_len;
- size_t nonce_len;
- size_t src_len;
- size_t dst_len;
+ unsigned char output[375];
mbedtls_chacha20_context ctx;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( nonce_str, 0x00, sizeof( nonce_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
- memset( output, 0x00, sizeof( output ) );
+ memset( output, 0x00, sizeof( output ) );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- src_len = unhexify( src_str, hex_src_string );
- dst_len = unhexify( dst_str, hex_dst_string );
-
- TEST_ASSERT( src_len == dst_len );
- TEST_ASSERT( key_len == 32U );
- TEST_ASSERT( nonce_len == 12U );
+ TEST_ASSERT( src_str->len == expected_output_str->len );
+ TEST_ASSERT( key_str->len == 32U );
+ TEST_ASSERT( nonce_str->len == 12U );
/*
* Test the integrated API
*/
- TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 );
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
/*
* Test the streaming API
*/
mbedtls_chacha20_init( &ctx );
- TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str->x ) == 0 );
- TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 );
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
/*
* Test the streaming API again, piecewise
@@ -69,14 +52,15 @@
/* Don't free/init the context nor set the key again,
* in order to test that starts() does the right thing. */
- TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str->x, output ) == 0 );
+ TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1,
+ src_str->x + 1, output + 1 ) == 0 );
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
mbedtls_chacha20_free( &ctx );
}
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 8e56bf6..96128e4 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -8,53 +8,27 @@
*/
/* BEGIN_CASE */
-void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str )
{
- unsigned char key_str[32]; /* size set by the standard */
- unsigned char nonce_str[12]; /* size set by the standard */
- unsigned char aad_str[12]; /* max size of test data so far */
- unsigned char input_str[265]; /* max size of binary input/output so far */
- unsigned char output_str[265];
unsigned char output[265];
- unsigned char mac_str[16]; /* size set by the standard */
unsigned char mac[16]; /* size set by the standard */
- size_t input_len;
- size_t output_len;
- size_t aad_len;
- size_t key_len;
- size_t nonce_len;
- size_t mac_len;
mbedtls_chachapoly_context ctx;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( nonce_str, 0x00, sizeof( nonce_str ) );
- memset( aad_str, 0x00, sizeof( aad_str ) );
- memset( input_str, 0x00, sizeof( input_str ) );
- memset( output_str, 0x00, sizeof( output_str ) );
- memset( mac_str, 0x00, sizeof( mac_str ) );
-
- aad_len = unhexify( aad_str, hex_aad_string );
- input_len = unhexify( input_str, hex_input_string );
- output_len = unhexify( output_str, hex_output_string );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- mac_len = unhexify( mac_str, hex_mac_string );
-
- TEST_ASSERT( key_len == 32 );
- TEST_ASSERT( nonce_len == 12 );
- TEST_ASSERT( mac_len == 16 );
+ TEST_ASSERT( key_str->len == 32 );
+ TEST_ASSERT( nonce_str->len == 12 );
+ TEST_ASSERT( mac_str->len == 16 );
mbedtls_chachapoly_init( &ctx );
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
+ TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce_str,
- aad_str, aad_len,
- input_str, output, mac ) == 0 );
+ input_str->len, nonce_str->x,
+ aad_str->x, aad_str->len,
+ input_str->x, output, mac ) == 0 );
- TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
- TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
+ TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
+ TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 );
exit:
mbedtls_chachapoly_free( &ctx );
@@ -62,55 +36,29 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
+void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp )
{
- unsigned char key_str[32]; /* size set by the standard */
- unsigned char nonce_str[12]; /* size set by the standard */
- unsigned char aad_str[12]; /* max size of test data so far */
- unsigned char input_str[265]; /* max size of binary input/output so far */
- unsigned char output_str[265];
unsigned char output[265];
- unsigned char mac_str[16]; /* size set by the standard */
- size_t input_len;
- size_t output_len;
- size_t aad_len;
- size_t key_len;
- size_t nonce_len;
- size_t mac_len;
int ret;
mbedtls_chachapoly_context ctx;
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( nonce_str, 0x00, sizeof( nonce_str ) );
- memset( aad_str, 0x00, sizeof( aad_str ) );
- memset( input_str, 0x00, sizeof( input_str ) );
- memset( output_str, 0x00, sizeof( output_str ) );
- memset( mac_str, 0x00, sizeof( mac_str ) );
-
- aad_len = unhexify( aad_str, hex_aad_string );
- input_len = unhexify( input_str, hex_input_string );
- output_len = unhexify( output_str, hex_output_string );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- mac_len = unhexify( mac_str, hex_mac_string );
-
- TEST_ASSERT( key_len == 32 );
- TEST_ASSERT( nonce_len == 12 );
- TEST_ASSERT( mac_len == 16 );
+ TEST_ASSERT( key_str->len == 32 );
+ TEST_ASSERT( nonce_str->len == 12 );
+ TEST_ASSERT( mac_str->len == 16 );
mbedtls_chachapoly_init( &ctx );
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
+ TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
ret = mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce_str,
- aad_str, aad_len,
- mac_str, input_str, output );
+ input_str->len, nonce_str->x,
+ aad_str->x, aad_str->len,
+ mac_str->x, input_str->x, output );
TEST_ASSERT( ret == ret_exp );
if( ret_exp == 0 )
{
- TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
+ TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 02bf5f7..d57e408 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1062,48 +1062,33 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
-void test_vec_crypt( int cipher_id, int operation, char *hex_key,
- char *hex_iv, char *hex_input, char *hex_result,
- int finish_result )
+void test_vec_crypt( int cipher_id, int operation, data_t *key,
+ data_t *iv, data_t *input, data_t *result,
+ int finish_result )
{
- unsigned char key[50];
- unsigned char input[16];
- unsigned char result[16];
- unsigned char iv[16];
- size_t key_len, iv_len, inputlen, resultlen;
mbedtls_cipher_context_t ctx;
unsigned char output[32];
size_t outlen;
mbedtls_cipher_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( input, 0x00, sizeof( input ) );
- memset( result, 0x00, sizeof( result ) );
memset( output, 0x00, sizeof( output ) );
- memset( iv, 0x00, sizeof( iv ) );
/* Prepare context */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
mbedtls_cipher_info_from_type( cipher_id ) ) );
- key_len = unhexify( key, hex_key );
- inputlen = unhexify( input, hex_input );
- resultlen = unhexify( result, hex_result );
-
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
- iv_len = unhexify( iv, hex_iv );
-
- TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL,
- iv_len, input, inputlen,
+ TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL,
+ iv->len, input->x, input->len,
output, &outlen ) );
- TEST_ASSERT( resultlen == outlen );
+ TEST_ASSERT( result->len == outlen );
/* check plaintext only if everything went fine */
if( 0 == finish_result )
- TEST_ASSERT( 0 == memcmp( output, result, outlen ) );
+ TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) );
exit:
mbedtls_cipher_free( &ctx );
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index b5acb7b..5b24935 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -15,8 +15,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -28,7 +27,7 @@
mbedtls_des_setkey_enc( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -36,8 +35,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -49,7 +47,7 @@
mbedtls_des_setkey_dec( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -58,8 +56,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
- int cbc_result )
+ data_t * src_str, data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -73,7 +70,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -83,7 +81,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -98,7 +96,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -108,7 +107,7 @@
/* BEGIN_CASE */
void des3_encrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -126,7 +125,7 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -135,7 +134,7 @@
/* BEGIN_CASE */
void des3_decrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -153,7 +152,7 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -163,7 +162,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des3_encrypt_cbc( int key_count, data_t * key_str,
data_t * iv_str, data_t * src_str,
- data_t * hex_dst_string, int cbc_result )
+ data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -184,7 +183,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -195,7 +195,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des3_decrypt_cbc( int key_count, data_t * key_str,
data_t * iv_str, data_t * src_str,
- data_t * hex_dst_string, int cbc_result )
+ data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -216,7 +216,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 1a33d81..32d41e6 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -340,7 +340,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str,
+void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
int enable, int max_ops, int min_restart, int max_restart )
{
int ret;
@@ -348,10 +348,6 @@
unsigned char buf[1000];
const unsigned char *vbuf;
size_t len;
- unsigned char z[MBEDTLS_ECP_MAX_BYTES];
- size_t z_len;
- unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
- unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
rnd_buf_info rnd_info_A, rnd_info_B;
int cnt_restart;
mbedtls_ecp_group grp;
@@ -360,13 +356,11 @@
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
- z_len = unhexify( z, z_str );
+ rnd_info_A.buf = dA->x;
+ rnd_info_A.length = dA->len;
- rnd_info_A.buf = rnd_buf_A;
- rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
-
- rnd_info_B.buf = rnd_buf_B;
- rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
+ rnd_info_B.buf = dB->x;
+ rnd_info_B.length = dB->len;
/* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
* in every configuration, therefore we load it separately. */
@@ -436,8 +430,8 @@
TEST_ASSERT( cnt_restart >= min_restart );
TEST_ASSERT( cnt_restart <= max_restart );
- TEST_ASSERT( len == z_len );
- TEST_ASSERT( memcmp( buf, z, len ) == 0 );
+ TEST_ASSERT( len == z->len );
+ TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
/* client computes shared secret */
memset( buf, 0, sizeof( buf ) );
@@ -453,8 +447,8 @@
TEST_ASSERT( cnt_restart >= min_restart );
TEST_ASSERT( cnt_restart <= max_restart );
- TEST_ASSERT( len == z_len );
- TEST_ASSERT( memcmp( buf, z, len ) == 0 );
+ TEST_ASSERT( len == z->len );
+ TEST_ASSERT( memcmp( buf, z->x, len ) == 0 );
exit:
mbedtls_ecp_group_free( &grp );
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 2844bea..7b1718f 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -433,33 +433,26 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
-void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str,
+void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig,
int max_ops, int min_restart, int max_restart )
{
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_restart_ctx rs_ctx;
- unsigned char hash[64];
- unsigned char sig[200];
- unsigned char pk[65];
- size_t sig_len, hash_len, pk_len;
int ret, cnt_restart;
mbedtls_ecdsa_init( &ctx );
mbedtls_ecdsa_restart_init( &rs_ctx );
- hash_len = unhexify(hash, h_str);
- sig_len = unhexify(sig, s_str);
- pk_len = unhexify(pk, k_str);
-
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q,
+ pk->x, pk->len ) == 0 );
mbedtls_ecp_set_max_ops( max_ops );
cnt_restart = 0;
do {
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash, hash_len, sig, sig_len, &rs_ctx );
+ hash->x, hash->len, sig->x, sig->len, &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -467,29 +460,31 @@
TEST_ASSERT( cnt_restart <= max_restart );
/* try modifying r */
- sig[10]++;
+
+ TEST_ASSERT( sig->len > 10 );
+ sig->x[10]++;
do {
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash, hash_len, sig, sig_len, &rs_ctx );
+ hash->x, hash->len, sig->x, sig->len, &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- sig[10]--;
+ sig->x[10]--;
/* try modifying s */
- sig[sig_len - 1]++;
+ sig->x[sig->len - 1]++;
do {
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash, hash_len, sig, sig_len, &rs_ctx );
+ hash->x, hash->len, sig->x, sig->len, &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- sig[sig_len - 1]--;
+ sig->x[sig->len - 1]--;
/* Do we leak memory when aborting an operation?
* This test only makes sense when we actually restart */
if( min_restart > 0 )
{
ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
- hash, hash_len, sig, sig_len, &rs_ctx );
+ hash->x, hash->len, sig->x, sig->len, &rs_ctx );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
@@ -501,7 +496,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
void ecdsa_write_restart( int id, char *d_str, int md_alg,
- char *msg, char *sig_str,
+ char *msg, data_t *sig_check,
int max_ops, int min_restart, int max_restart )
{
int ret, cnt_restart;
@@ -509,19 +504,16 @@
mbedtls_ecdsa_context ctx;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
- unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
- size_t hlen, slen, slen_check;
+ size_t hlen, slen;
const mbedtls_md_info_t *md_info;
mbedtls_ecdsa_restart_init( &rs_ctx );
mbedtls_ecdsa_init( &ctx );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0, sizeof( sig ) );
- memset( sig_check, 0, sizeof( sig_check ) );
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
- slen_check = unhexify( sig_check, sig_str );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
@@ -541,8 +533,8 @@
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( slen == slen_check );
- TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
+ TEST_ASSERT( slen == sig_check->len );
+ TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
TEST_ASSERT( cnt_restart >= min_restart );
TEST_ASSERT( cnt_restart <= max_restart );
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 30d5ec6..2c25cd7 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -336,6 +336,14 @@
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07"
+ECP point multiplication rng fail secp256r1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_test_mul_rng:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF"
+
+ECP point multiplication rng fail Curve25519
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660"
+
ECP test vectors secp192k1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 0b2e029..e37a017 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -675,6 +675,31 @@
/* END_CASE */
/* BEGIN_CASE */
+void ecp_test_mul_rng( int id, data_t * d_hex)
+{
+ mbedtls_ecp_group grp;
+ mbedtls_mpi d;
+ mbedtls_ecp_point Q;
+
+ mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d );
+ mbedtls_ecp_point_init( &Q );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL )
+ == MBEDTLS_ERR_ECP_RANDOM_FAILED );
+
+exit:
+ mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d );
+ mbedtls_ecp_point_free( &Q );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void ecp_fast_mod( int id, char * N_str )
{
mbedtls_ecp_group grp;
@@ -731,7 +756,7 @@
if( ret == 0 )
{
- TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index cf19732..889d3bc 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "mbedtls/md.h"
#include "string.h"
/*
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 1fcb681..9b7b0ee 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -35,8 +35,8 @@
/* BEGIN_CASE */
void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
data_t * src_str, data_t * iv_str,
- data_t * add_str, data_t * hex_dst_string,
- int tag_len_bits, data_t * hex_tag_string,
+ data_t * add_str, data_t * dst,
+ int tag_len_bits, data_t * tag,
int init_result )
{
unsigned char output[128];
@@ -55,8 +55,10 @@
{
TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
- TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( tag_output, tag->x,
+ tag_len, tag->len ) == 0 );
}
exit:
@@ -94,7 +96,9 @@
{
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x,
+ src_str->len,
+ pt_result->len ) == 0 );
}
}
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 3e87207..af871e1 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -9,37 +9,23 @@
*/
/* BEGIN_CASE */
-void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
- char *hex_info_string, char *hex_okm_string )
+void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info,
+ data_t *expected_okm )
{
int ret;
- size_t ikm_len, salt_len, info_len, okm_len;
- unsigned char ikm[128] = { '\0' };
- unsigned char salt[128] = { '\0' };
- unsigned char info[128] = { '\0' };
- unsigned char expected_okm[128] = { '\0' };
unsigned char okm[128] = { '\0' };
- /*
- * okm_hex is the string representation of okm,
- * so its size is twice the size of okm, and an extra null-termination.
- */
- unsigned char okm_hex[257] = { '\0' };
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
- ikm_len = unhexify( ikm, hex_ikm_string );
- salt_len = unhexify( salt, hex_salt_string );
- info_len = unhexify( info, hex_info_string );
- okm_len = unhexify( expected_okm, hex_okm_string );
+ TEST_ASSERT( expected_okm->len <= sizeof( okm ) );
- ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm,
- okm_len);
+ ret = mbedtls_hkdf( md, salt->x, salt->len, ikm->x, ikm->len,
+ info->x, info->len, okm, expected_okm->len );
TEST_ASSERT( ret == 0 );
- // Run hexify on it so that it looks nicer if the assertion fails
- hexify( okm_hex, okm, okm_len );
- TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
+ ASSERT_COMPARE( okm , expected_okm->len,
+ expected_okm->x, expected_okm->len );
}
/* END_CASE */
@@ -63,12 +49,11 @@
ikm = unhexify_alloc( hex_ikm_string, &ikm_len );
salt = unhexify_alloc( hex_salt_string, &salt_len );
prk = unhexify_alloc( hex_prk_string, &prk_len );
- TEST_ASSERT( prk_len == output_prk_len );
ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( !memcmp( output_prk, prk, prk_len ) );
+ ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
exit:
mbedtls_free(ikm);
@@ -104,7 +89,7 @@
ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len,
output_okm, OKM_LEN );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( !memcmp( output_okm, okm, okm_len ) );
+ ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
exit:
mbedtls_free(info);
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 11cf88a..d918ce3 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -127,7 +127,7 @@
/* BEGIN_CASE */
void md_text( char * text_md_name, char * text_src_string,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char src_str[1000];
@@ -145,13 +145,14 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hex( char * text_md_name, data_t * src_str,
- data_t * hex_hash_string )
+void md_hex( char * text_md_name, data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -167,14 +168,15 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x,
- mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void md_text_multi( char * text_md_name, char * text_src_string,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char src_str[1000];
@@ -208,15 +210,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x,
- mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -225,8 +230,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_hex_multi( char * text_md_name, data_t * src_str,
- data_t * hex_hash_string )
+void md_hex_multi( char * text_md_name, data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -255,14 +259,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -273,7 +281,7 @@
/* BEGIN_CASE */
void mbedtls_md_hmac( char * text_md_name, int trunc_size,
data_t * key_str, data_t * src_str,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -289,13 +297,14 @@
TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str,
- data_t * src_str, data_t * hex_hash_string )
+ data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -321,7 +330,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
/* Test again, for reset() */
memset( output, 0x00, 100 );
@@ -331,7 +341,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -340,7 +351,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mbedtls_md_file( char * text_md_name, char * filename,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -355,6 +366,8 @@
TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ mbedtls_md_get_size( md_info ),
+ hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 02004ef..aa35c58 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, data_t * hex_hash_string )
+void md2_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -20,12 +20,13 @@
ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 ) ;
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, data_t * hex_hash_string )
+void md4_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -39,12 +40,13 @@
ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char * text_src_string, data_t * hex_hash_string )
+void md5_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -58,12 +60,13 @@
ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char * text_src_string, data_t * hex_hash_string )
+void ripemd160_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -77,7 +80,8 @@
ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index f2702f1..dcb0aaf 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -354,7 +354,8 @@
if( result == 0)
{
- TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
+ buflen, input_A->len ) == 0 );
}
exit:
@@ -388,7 +389,8 @@
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
- TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
+ buflen, input_A->len ) == 0 );
}
exit:
@@ -542,7 +544,7 @@
int size_Y, char * input_Y,
int input_ret, int input_err )
{
- unsigned ret;
+ unsigned ret = -1;
unsigned input_uret = input_ret;
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index 9c34ea6..6a81052 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -242,42 +242,31 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_nist_kw_wrap( int cipher_id, int mode,
- char *key_hex, char *msg_hex,
- char *result_hex )
+void mbedtls_nist_kw_wrap( int cipher_id, int mode, data_t *key, data_t *msg,
+ data_t *expected_result )
{
- unsigned char key[32];
- unsigned char msg[512];
unsigned char result[528];
- unsigned char expected_result[528];
mbedtls_nist_kw_context ctx;
- size_t key_len, msg_len, output_len, result_len, i, padlen;
+ size_t result_len, i, padlen;
mbedtls_nist_kw_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
memset( result, '+', sizeof( result ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- result_len = unhexify( expected_result, result_hex );
- output_len = sizeof( result );
-
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 )
- == 0 );
+ TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id,
+ key->x, key->len * 8, 1 ) == 0 );
/* Test with input == output */
- TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len,
- result, &output_len, sizeof( result ) ) == 0 );
+ TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg->x, msg->len,
+ result, &result_len, sizeof( result ) ) == 0 );
- TEST_ASSERT( output_len == result_len );
+ TEST_ASSERT( result_len == expected_result->len );
- TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
+ TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 );
- padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0;
+ padlen = ( msg->len % 8 != 0 ) ? 8 - (msg->len % 8 ) : 0;
/* Check that the function didn't write beyond the end of the buffer. */
- for( i = msg_len + 8 + padlen; i < sizeof( result ); i++ )
+ for( i = msg->len + 8 + padlen; i < sizeof( result ); i++ )
{
TEST_ASSERT( result[i] == '+' );
}
@@ -288,47 +277,35 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_nist_kw_unwrap( int cipher_id, int mode,
- char *key_hex, char *msg_hex,
- char *result_hex, int expected_ret )
+void mbedtls_nist_kw_unwrap( int cipher_id, int mode, data_t *key, data_t *msg,
+ data_t *expected_result, int expected_ret )
{
- unsigned char key[32];
- unsigned char msg[528];
unsigned char result[528];
- unsigned char expected_result[528];
mbedtls_nist_kw_context ctx;
- size_t key_len, msg_len, output_len, result_len, i;
+ size_t result_len, i;
mbedtls_nist_kw_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
memset( result, '+', sizeof( result ) );
- memset( expected_result, 0x00, sizeof( expected_result ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- result_len = unhexify( expected_result, result_hex );
- output_len = sizeof( result );
-
- TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 )
- == 0 );
+ TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id,
+ key->x, key->len * 8, 0 ) == 0 );
/* Test with input == output */
- TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len,
- result, &output_len, sizeof( result ) ) == expected_ret );
+ TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg->x, msg->len,
+ result, &result_len, sizeof( result ) ) == expected_ret );
if( expected_ret == 0 )
{
- TEST_ASSERT( output_len == result_len );
- TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
+ TEST_ASSERT( result_len == expected_result->len );
+ TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 );
}
else
{
- TEST_ASSERT( output_len == 0 );
+ TEST_ASSERT( result_len == 0 );
}
/* Check that the function didn't write beyond the end of the buffer. */
- for( i = msg_len - 8; i < sizeof( result ); i++ )
+ for( i = msg->len - 8; i < sizeof( result ); i++ )
{
TEST_ASSERT( result[i] == '+' );
}
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index b57fe19..18f5ef8 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -679,7 +679,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
char *QX_str, char *QY_str,
- int md_alg, char *msg, char *sig_str,
+ int md_alg, char *msg, data_t *sig_check,
int max_ops, int min_restart, int max_restart )
{
int ret, cnt_restart;
@@ -687,8 +687,7 @@
mbedtls_pk_context prv, pub;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
- unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
- size_t hlen, slen, slen_check;
+ size_t hlen, slen;
const mbedtls_md_info_t *md_info;
mbedtls_pk_restart_init( &rs_ctx );
@@ -696,7 +695,6 @@
mbedtls_pk_init( &pub );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0, sizeof( sig ) );
- memset( sig_check, 0, sizeof( sig_check ) );
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
@@ -706,8 +704,6 @@
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
- slen_check = unhexify( sig_check, sig_str );
-
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
@@ -726,8 +722,8 @@
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( slen == slen_check );
- TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
+ TEST_ASSERT( slen == sig_check->len );
+ TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 );
TEST_ASSERT( cnt_restart >= min_restart );
TEST_ASSERT( cnt_restart <= max_restart );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 08f590b..a1e11f7 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -12,7 +12,7 @@
void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
int radix_E, char * input_E, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[128];
mbedtls_rsa_context ctx;
@@ -36,8 +36,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
if( result == 0 )
{
-
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -50,7 +50,7 @@
void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int hash, data_t * result_hex_str,
+ int hash, data_t * result_str,
char * seed, data_t * message_str,
int result )
{
@@ -78,12 +78,12 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
-
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
if( result == 0 )
{
-
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ output_len,
+ result_str->len) == 0 );
}
exit:
@@ -246,7 +246,7 @@
char * input_Q, int radix_N, char * input_N,
int radix_E, char * input_E, int digest, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[128];
@@ -282,7 +282,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 3cd3903..a4119a2 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -12,7 +12,7 @@
void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
int radix_E, char * input_E, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -36,8 +36,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
if( result == 0 )
{
-
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -50,7 +50,7 @@
void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int hash, data_t * result_hex_str,
+ int hash, data_t * result_str,
char * seed, data_t * message_str,
int result )
{
@@ -85,7 +85,9 @@
sizeof( output ) ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ output_len,
+ result_str->len ) == 0 );
}
exit:
@@ -100,7 +102,7 @@
char * input_Q, int radix_N, char * input_N,
int radix_E, char * input_E, int digest, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
@@ -137,7 +139,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 26f1d33..a525282 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -24,7 +24,8 @@
TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
it_cnt, key_len, key ) == 0 );
- TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x,
+ key_len, result_key_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 066bb39..4b8995b 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -9,44 +9,35 @@
*/
/* BEGIN_CASE */
-void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string )
+void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str )
{
- unsigned char src_str[375]; /* max size of binary input */
- unsigned char key[32]; /* size set by the standard */
unsigned char mac[16]; /* size set by the standard */
- unsigned char mac_str[33]; /* hex expansion of the above */
- size_t src_len;
mbedtls_poly1305_context ctx;
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( mac_str, 0x00, sizeof( mac_str ) );
- memset( key, 0x00, sizeof( key ) );
- memset( mac, 0x00, sizeof( mac ) );
-
- src_len = unhexify( src_str, hex_src_string );
- unhexify( key, hex_key_string );
+ memset( mac, 0x00, sizeof( mac ) );
/*
* Test the integrated API
*/
- TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x,
+ src_str->len, mac ) == 0 );
- hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
/*
* Test the streaming API
*/
mbedtls_poly1305_init( &ctx );
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, src_len ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, src_str->len ) == 0 );
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
/*
* Test the streaming API again, piecewise
@@ -54,34 +45,34 @@
/* Don't free/init the context, in order to test that starts() does the
* right thing. */
- if( src_len >= 1 )
+ if( src_str->len >= 1 )
{
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1 ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, src_str->len - 1 ) == 0 );
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
}
/*
* Again with more pieces
*/
- if( src_len >= 2 )
+ if( src_str->len >= 2 )
{
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, 1 ) == 0 );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 2, src_len - 2 ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 2, src_str->len - 2 ) == 0 );
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
}
mbedtls_poly1305_free( &ctx );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index d4acc2d..f8a2dad 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -470,7 +470,7 @@
int digest, int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
@@ -506,7 +506,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -555,7 +556,7 @@
int padding_mode, int mod, int radix_P,
char * input_P, int radix_Q, char * input_Q,
int radix_N, char * input_N, int radix_E,
- char * input_E, data_t * result_hex_str )
+ char * input_E, data_t * result_str )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -586,7 +587,8 @@
output ) == 0 );
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -608,7 +610,9 @@
if( res == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len,
+ result_str->len ) == 0 );
}
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -686,7 +690,7 @@
void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
int mod, int radix_N, char * input_N,
int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -714,7 +718,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -727,7 +732,7 @@
void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
int mod, int radix_N, char * input_N,
int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -752,7 +757,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -766,7 +772,7 @@
int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int max_output, data_t * result_hex_str,
+ int max_output, data_t * result_str,
int result )
{
unsigned char output[32];
@@ -800,7 +806,9 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ output_len,
+ result_str->len ) == 0 );
}
exit:
@@ -813,7 +821,7 @@
/* BEGIN_CASE */
void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
char * input_N, int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -837,7 +845,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
/* And now with the copy */
@@ -852,7 +861,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -866,7 +876,7 @@
void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
char * input_P, int radix_Q, char * input_Q,
int radix_N, char * input_N, int radix_E,
- char * input_E, data_t * result_hex_str,
+ char * input_E, data_t * result_str,
int result )
{
unsigned char output[256];
@@ -902,7 +912,9 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len,
+ result_str->len ) == 0 );
}
}
@@ -919,7 +931,9 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx2.len,
+ result_str->len ) == 0 );
}
exit:
@@ -1506,7 +1520,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void mbedtls_rsa_validate_params( int radix_N, char *input_N,
int radix_P, char *input_P,
int radix_Q, char *input_Q,
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index e621f49..f3477ec 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -52,7 +52,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha1( data_t * src_str, data_t * hash )
{
unsigned char output[41];
@@ -61,7 +61,7 @@
TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 );
}
/* END_CASE */
@@ -122,7 +122,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224( data_t * src_str, data_t * hex_hash_string )
+void sha224( data_t * src_str, data_t * hash )
{
unsigned char output[57];
@@ -131,12 +131,12 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha256( data_t * src_str, data_t * hash )
{
unsigned char output[65];
@@ -145,7 +145,7 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
}
/* END_CASE */
@@ -206,7 +206,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384( data_t * src_str, data_t * hex_hash_string )
+void sha384( data_t * src_str, data_t * hash )
{
unsigned char output[97];
@@ -215,12 +215,12 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha512( data_t * src_str, data_t * hash )
{
unsigned char output[129];
@@ -229,7 +229,7 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 1473507..66f6b84 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -57,3 +57,31 @@
SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
ssl_set_hostname_twice:"server0":"server1"
+
+Constant-flow HMAC: MD5
+depends_on:MBEDTLS_MD5_C
+ssl_cf_hmac:MBEDTLS_MD_MD5
+
+Constant-flow HMAC: SHA1
+depends_on:MBEDTLS_SHA1_C
+ssl_cf_hmac:MBEDTLS_MD_SHA1
+
+Constant-flow HMAC: SHA256
+depends_on:MBEDTLS_SHA256_C
+ssl_cf_hmac:MBEDTLS_MD_SHA256
+
+Constant-flow HMAC: SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_cf_hmac:MBEDTLS_MD_SHA384
+
+# these are the numbers we'd get with an empty plaintext and truncated HMAC
+Constant-flow memcpy from offset: small
+ssl_cf_memcpy_offset:0:5:10
+
+# we could get this with 255-bytes plaintext and untruncated SHA-256
+Constant-flow memcpy from offset: medium
+ssl_cf_memcpy_offset:0:255:32
+
+# we could get this with 355-bytes plaintext and untruncated SHA-384
+Constant-flow memcpy from offset: large
+ssl_cf_memcpy_offset:100:339:48
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 326f22d..c1f7d0d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -52,3 +52,128 @@
mbedtls_ssl_free( &ssl );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+void ssl_cf_hmac( int hash )
+{
+ /*
+ * Test the function mbedtls_ssl_cf_hmac() against a reference
+ * implementation.
+ */
+ mbedtls_md_context_t ctx, ref_ctx;
+ const mbedtls_md_info_t *md_info;
+ size_t out_len, block_size;
+ size_t min_in_len, in_len, max_in_len, i;
+ /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
+ unsigned char add_data[13];
+ unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+ unsigned char *data = NULL;
+ unsigned char *out = NULL;
+ unsigned char rec_num = 0;
+
+ mbedtls_md_init( &ctx );
+ mbedtls_md_init( &ref_ctx );
+
+ md_info = mbedtls_md_info_from_type( hash );
+ TEST_ASSERT( md_info != NULL );
+ out_len = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( out_len != 0 );
+ block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
+
+ /* Use allocated out buffer to catch overwrites */
+ out = mbedtls_calloc( 1, out_len );
+ TEST_ASSERT( out != NULL );
+
+ /* Set up contexts with the given hash and a dummy key */
+ TEST_ASSERT( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
+ TEST_ASSERT( 0 == mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
+ memset( ref_out, 42, sizeof( ref_out ) );
+ TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
+ TEST_ASSERT( 0 == mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
+ memset( ref_out, 0, sizeof( ref_out ) );
+
+ /*
+ * Test all possible lengths up to a point. The difference between
+ * max_in_len and min_in_len is at most 255, and make sure they both vary
+ * by at least one block size.
+ */
+ for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
+ {
+ /* Use allocated in buffer to catch overreads */
+ data = mbedtls_calloc( 1, max_in_len );
+ TEST_ASSERT( data != NULL || max_in_len == 0 );
+
+ min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
+ for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
+ {
+ /* Set up dummy data and add_data */
+ rec_num++;
+ memset( add_data, rec_num, sizeof( add_data ) );
+ for( i = 0; i < in_len; i++ )
+ data[i] = ( i & 0xff ) ^ rec_num;
+
+ /* Get the function's result */
+ TEST_CF_SECRET( &in_len, sizeof( in_len ) );
+ TEST_ASSERT( 0 == mbedtls_ssl_cf_hmac( &ctx, add_data, sizeof( add_data ),
+ data, in_len,
+ min_in_len, max_in_len,
+ out ) );
+ TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
+ TEST_CF_PUBLIC( out, out_len );
+
+ /* Compute the reference result */
+ TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, add_data,
+ sizeof( add_data ) ) );
+ TEST_ASSERT( 0 == mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
+ TEST_ASSERT( 0 == mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
+ TEST_ASSERT( 0 == mbedtls_md_hmac_reset( &ref_ctx ) );
+
+ /* Compare */
+ TEST_ASSERT( 0 == memcmp( out, ref_out, out_len ) );
+ }
+
+ mbedtls_free( data );
+ data = NULL;
+ }
+
+exit:
+ mbedtls_md_free( &ref_ctx );
+ mbedtls_md_free( &ctx );
+
+ mbedtls_free( data );
+ mbedtls_free( out );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
+{
+ unsigned char *dst = NULL;
+ unsigned char *src = NULL;
+ size_t src_len = offset_max + len;
+ size_t secret;
+
+ dst = mbedtls_calloc( 1, len );
+ TEST_ASSERT( dst != NULL );
+ src = mbedtls_calloc( 1, src_len );
+ TEST_ASSERT( src != NULL );
+
+ /* Fill src in a way that we can detect if we copied the right bytes */
+ rnd_std_rand( NULL, src, src_len );
+
+ for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
+ {
+ TEST_CF_SECRET( &secret, sizeof( secret ) );
+ mbedtls_ssl_cf_memcpy_offset( dst, src, secret,
+ offset_min, offset_max, len );
+ TEST_CF_PUBLIC( &secret, sizeof( secret ) );
+ TEST_CF_PUBLIC( dst, len );
+
+ TEST_ASSERT( memcmp( dst, src + secret, len ) == 0 );
+ }
+
+exit:
+ mbedtls_free( dst );
+ mbedtls_free( src );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 54c1220..cc907b6 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.16.6"
+check_compiletime_version:"2.16.8"
Check runtime library version
-check_runtime_version:"2.16.6"
+check_runtime_version:"2.16.8"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 2c52d08..fe84474 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -843,6 +843,22 @@
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
+X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
+
+X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
+
+X509 Certificate verification: domain identical to IPv4 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 Certificate verification: domain identical to IPv6 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
X509 Certificate verification callback: bad name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
@@ -1336,10 +1352,60 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+# 305c
+# 3047 tbsCertList TBSCertList
+# 020100 version INTEGER OPTIONAL
+# 300d signatureAlgorithm AlgorithmIdentifi
+# 06092a864886f70d01010e
+# 0500
+# 300f issuer Name
+# 310d300b0603550403130441424344
+# 170c303930313031303030303030 thisUpdate Time
+# 3014 revokedCertificates
+# 3012 entry 1
+# 8202abcd userCertificate CertificateSerialNum
+# 170c303831323331323335393539 revocationDate Time
+# 300d signatureAlgorithm AlgorithmIdentifi
+# 06092a864886f70d01010e
+# 0500
+# 03020001 signatureValue BIT STRING
+# The subsequent TBSCertList negative tests remove or modify some elements.
X509 CRL ASN1 (TBSCertList, sig present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
+X509 CRL ASN1 (TBSCertList, signatureValue missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, single empty entry at end)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, good entry then empty entry at end)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, missing time in entry)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, missing time in entry at end)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (TBSCertList, invalid tag for time in entry)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRL ASN1 (TBSCertList, invalid tag for serial)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
X509 CRL ASN1 (TBSCertList, no entries)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index e6b1b47..664aac7 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -804,21 +804,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( data_t * params, int params_tag,
int ref_msg_md, int ref_mgf_md,
int ref_salt_len, int ref_ret )
{
int my_ret;
- mbedtls_x509_buf params;
+ mbedtls_x509_buf buf;
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
- params.p = hex_params->x;
- params.len = hex_params->len;
- params.tag = params_tag;
+ buf.p = params->x;
+ buf.len = params->len;
+ buf.tag = params_tag;
- my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
- &my_salt_len );
+ my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md,
+ &my_salt_len );
TEST_ASSERT( my_ret == ref_ret );
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index a24a420..1d5b29b 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -9,7 +9,7 @@
/* BEGIN_CASE */
void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+ data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -20,13 +20,12 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void xtea_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -37,13 +36,13 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -55,13 +54,14 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -73,7 +73,8 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
/* END_CASE */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index d50821c..3eeea8c 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -45,7 +45,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">