TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 52754594b6729c8bc6d1c25a2335949e74b81ed4^! / . / programs
commit52754594b6729c8bc6d1c25a2335949e74b81ed4[log] [tgz]
authorSimon Butcher <simon.butcher@arm.com>Thu Sep 03 13:06:01 2015 +0100
committerSimon Butcher <simon.butcher@arm.com>Thu Sep 03 13:06:01 2015 +0100
tree0588ac8644420617fb26b7f1e42b706ec5e106b8
parentb2beb84be6837ab88a94b6ac5f54eb8a17e3349e [diff]
Merging iotssl-457-badtail with development branch

diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 10b9b7a..2909d1d 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c

@@ -75,7 +75,7 @@
 
     unsigned char *p, *end;
     unsigned char buf[2048];
-    unsigned char hash[20];
+    unsigned char hash[32];
     const char *pers = "dh_client";
 
     mbedtls_entropy_context entropy;

diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 6ce1da2..53a299a 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c

@@ -74,7 +74,7 @@
     mbedtls_net_context listen_fd, client_fd;
 
     unsigned char buf[2048];
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf2[2];
     const char *pers = "dh_server";
 

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index bcfb2c6..2ccbf3b 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c

@@ -151,8 +151,11 @@
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-    mbedtls_printf( "  !  Last error was: %s\n", buf );
+    if( ret != 0 )
+    {
+        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_printf( "  !  Last error was: %s\n", buf );
+    }
 #endif
 
 #if defined(_WIN32)

diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 300cb77..fe84aee 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c

@@ -151,8 +151,11 @@
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-    mbedtls_printf( "  !  Last error was: %s\n", buf );
+    if( ret != 0 )
+    {
+        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_printf( "  !  Last error was: %s\n", buf );
+    }
 #endif
 
 #if defined(_WIN32)

diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 9efa897..ce25209 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c

@@ -64,7 +64,7 @@
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     char filename[512];
     const char *pers = "mbedtls_pk_sign";
@@ -129,7 +129,7 @@
     }
 
     /*
-     * Write the signature into <filename>-sig.txt
+     * Write the signature into <filename>.sig
      */
     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
 
@@ -156,8 +156,11 @@
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-    mbedtls_printf( "  !  Last error was: %s\n", buf );
+    if( ret != 0 )
+    {
+        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_printf( "  !  Last error was: %s\n", buf );
+    }
 #endif
 
 #if defined(_WIN32)

diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 8ab5c93..a1a2389 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c

@@ -59,7 +59,7 @@
     int ret = 1;
     size_t i;
     mbedtls_pk_context pk;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     char filename[512];
 
@@ -86,7 +86,7 @@
     }
 
     /*
-     * Extract the signature from the text file
+     * Extract the signature from the file
      */
     ret = 1;
     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
@@ -103,8 +103,8 @@
     fclose( f );
 
     /*
-     * Compute the SHA-256 hash of the input file and compare
-     * it with the hash decrypted from the signature.
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
      */
     mbedtls_printf( "\n  . Verifying the SHA-256 signature" );
     fflush( stdout );
@@ -124,7 +124,7 @@
         goto exit;
     }
 
-    mbedtls_printf( "\n  . OK (the decrypted SHA-256 hash matches)\n\n" );
+    mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
     ret = 0;
 
@@ -132,8 +132,11 @@
     mbedtls_pk_free( &pk );
 
 #if defined(MBEDTLS_ERROR_C)
-    mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
-    mbedtls_printf( "  !  Last error was: %s\n", buf );
+    if( ret != 0 )
+    {
+        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_printf( "  !  Last error was: %s\n", buf );
+    }
 #endif
 
 #if defined(_WIN32)

diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index d0b1f4d..f691871 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c

@@ -46,7 +46,7 @@
 #include <string.h>
 #endif
 
-#define KEY_SIZE 1024
+#define KEY_SIZE 2048
 #define EXPONENT 65537
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \

diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index d86fe3a..54f60c5 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c

@@ -32,6 +32,7 @@
 #include <stdio.h>
 #define mbedtls_fprintf    fprintf
 #define mbedtls_printf     printf
+#define mbedtls_snprintf   snprintf
 #endif
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
@@ -58,8 +59,9 @@
     int ret;
     size_t i;
     mbedtls_rsa_context rsa;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
 
     ret = 1;
 
@@ -135,11 +137,11 @@
     }
 
     /*
-     * Write the signature into <filename>-sig.txt
+     * Write the signature into <filename>.sig
      */
-    memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
+    mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
 
-    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+    if( ( f = fopen( filename, "wb+" ) ) == NULL )
     {
         ret = 1;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", argv[1] );
@@ -152,7 +154,7 @@
 
     fclose( f );
 
-    mbedtls_printf( "\n  . Done (created \"%s\")\n\n", argv[1] );
+    mbedtls_printf( "\n  . Done (created \"%s\")\n\n", filename );
 
 exit:
 

diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 0b3cfbb..2b358c1 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c

@@ -65,7 +65,7 @@
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     char filename[512];
     const char *pers = "rsa_sign_pss";
@@ -140,7 +140,7 @@
     }
 
     /*
-     * Write the signature into <filename>-sig.txt
+     * Write the signature into <filename>.sig
      */
     mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
 

diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index fefc6e0..85892fe 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c

@@ -31,6 +31,7 @@
 #else
 #include <stdio.h>
 #define mbedtls_printf     printf
+#define mbedtls_snprintf   snprintf
 #endif
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
@@ -57,8 +58,9 @@
     int ret, c;
     size_t i;
     mbedtls_rsa_context rsa;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
 
     ret = 1;
     if( argc != 2 )
@@ -99,17 +101,15 @@
      * Extract the RSA signature from the text file
      */
     ret = 1;
-    i = strlen( argv[1] );
-    memcpy( argv[1] + i, ".sig", 5 );
+    mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
 
-    if( ( f = fopen( argv[1], "rb" ) ) == NULL )
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
     {
-        mbedtls_printf( "\n  ! Could not open %s\n\n", argv[1] );
+        mbedtls_printf( "\n  ! Could not open %s\n\n", filename );
         goto exit;
     }
 
-    argv[1][i] = '\0', i = 0;
-
+    i = 0;
     while( fscanf( f, "%02X", &c ) > 0 &&
            i < (int) sizeof( buf ) )
         buf[i++] = (unsigned char) c;
@@ -123,8 +123,8 @@
     }
 
     /*
-     * Compute the SHA-256 hash of the input file and compare
-     * it with the hash decrypted from the RSA signature.
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
      */
     mbedtls_printf( "\n  . Verifying the RSA/SHA-256 signature" );
     fflush( stdout );
@@ -144,7 +144,7 @@
         goto exit;
     }
 
-    mbedtls_printf( "\n  . OK (the decrypted SHA-256 hash matches)\n\n" );
+    mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
     ret = 0;
 

diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 50d333b..0d51be5 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c

@@ -63,7 +63,7 @@
     int ret = 1;
     size_t i;
     mbedtls_pk_context pk;
-    unsigned char hash[20];
+    unsigned char hash[32];
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     char filename[512];
 
@@ -100,7 +100,7 @@
     mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
 
     /*
-     * Extract the RSA signature from the text file
+     * Extract the RSA signature from the file
      */
     ret = 1;
     mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
@@ -117,8 +117,8 @@
     fclose( f );
 
     /*
-     * Compute the SHA-256 hash of the input file and compare
-     * it with the hash decrypted from the RSA signature.
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
      */
     mbedtls_printf( "\n  . Verifying the RSA/SHA-256 signature" );
     fflush( stdout );
@@ -138,7 +138,7 @@
         goto exit;
     }
 
-    mbedtls_printf( "\n  . OK (the decrypted SHA-256 hash matches)\n\n" );
+    mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
     ret = 0;
 

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2e0ac1e..c60e710 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -1240,6 +1240,11 @@
     else
         mbedtls_printf( "    [ Record expansion is unknown (compression) ]\n" );
 
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    mbedtls_printf( "    [ Maximum fragment length is %u ]\n",
+                    (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
     if( opt.alpn_string != NULL )
     {

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3aa05d5..86b744e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -1925,7 +1925,7 @@
         if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
         {
             char vrfy_buf[512];
-            uint32_t flags = mbedtls_ssl_get_verify_result( &ssl );
+            flags = mbedtls_ssl_get_verify_result( &ssl );
 
             mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", flags );
 
@@ -1946,6 +1946,11 @@
     else
         mbedtls_printf( "    [ Record expansion is unknown (compression) ]\n" );
 
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    mbedtls_printf( "    [ Maximum fragment length is %u ]\n",
+                    (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
     if( opt.alpn_string != NULL )
     {

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index a3c2568..3665df6 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c

@@ -108,31 +108,31 @@
 
 #define TIME_AND_TSC( TITLE, CODE )                                     \
 do {                                                                    \
-    unsigned long i, j, tsc;                                            \
+    unsigned long ii, jj, tsc;                                          \
                                                                         \
-    mbedtls_printf( HEADER_FORMAT, TITLE );                            \
+    mbedtls_printf( HEADER_FORMAT, TITLE );                             \
     fflush( stdout );                                                   \
                                                                         \
-    mbedtls_set_alarm( 1 );                                                     \
-    for( i = 1; ! mbedtls_timing_alarmed; i++ )                                        \
+    mbedtls_set_alarm( 1 );                                             \
+    for( ii = 1; ! mbedtls_timing_alarmed; ii++ )                       \
     {                                                                   \
         CODE;                                                           \
     }                                                                   \
                                                                         \
-    tsc = mbedtls_timing_hardclock();                                                  \
-    for( j = 0; j < 1024; j++ )                                         \
+    tsc = mbedtls_timing_hardclock();                                   \
+    for( jj = 0; jj < 1024; jj++ )                                      \
     {                                                                   \
         CODE;                                                           \
     }                                                                   \
                                                                         \
-    mbedtls_printf( "%9lu Kb/s,  %9lu cycles/byte\n",                  \
-                     i * BUFSIZE / 1024,                                \
-                     ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) );         \
+    mbedtls_printf( "%9lu Kb/s,  %9lu cycles/byte\n",                   \
+                     ii * BUFSIZE / 1024,                               \
+                     ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) );         \
 } while( 0 )
 
 #if defined(MBEDTLS_ERROR_C)
 #define PRINT_ERROR                                                     \
-        mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) );         \
+        mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) );          \
         mbedtls_printf( "FAILED: %s\n", tmp );
 #else
 #define PRINT_ERROR                                                     \
@@ -144,12 +144,12 @@
 #define MEMORY_MEASURE_INIT                                             \
     size_t max_used, max_blocks, max_bytes;                             \
     size_t prv_used, prv_blocks;                                        \
-    mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks );              \
+    mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks );      \
     mbedtls_memory_buffer_alloc_max_reset( );
 
 #define MEMORY_MEASURE_PRINT( title_len )                               \
-    mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks );              \
-    for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " );      \
+    mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks );      \
+    for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " );    \
     max_used -= prv_used;                                               \
     max_blocks -= prv_blocks;                                           \
     max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks;             \
@@ -162,16 +162,16 @@
 
 #define TIME_PUBLIC( TITLE, TYPE, CODE )                                \
 do {                                                                    \
-    unsigned long i;                                                    \
+    unsigned long ii;                                                   \
     int ret;                                                            \
     MEMORY_MEASURE_INIT;                                                \
                                                                         \
-    mbedtls_printf( HEADER_FORMAT, TITLE );                            \
+    mbedtls_printf( HEADER_FORMAT, TITLE );                             \
     fflush( stdout );                                                   \
-    mbedtls_set_alarm( 3 );                                                     \
+    mbedtls_set_alarm( 3 );                                             \
                                                                         \
     ret = 0;                                                            \
-    for( i = 1; ! mbedtls_timing_alarmed && ! ret ; i++ )                              \
+    for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ )             \
     {                                                                   \
         CODE;                                                           \
     }                                                                   \
@@ -182,9 +182,9 @@
     }                                                                   \
     else                                                                \
     {                                                                   \
-        mbedtls_printf( "%6lu " TYPE "/s", i / 3 );                    \
+        mbedtls_printf( "%6lu " TYPE "/s", ii / 3 );                    \
         MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 );                     \
-        mbedtls_printf( "\n" );                                        \
+        mbedtls_printf( "\n" );                                         \
     }                                                                   \
 } while( 0 )
 

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 645f94d..c49c46c 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c

@@ -389,7 +389,7 @@
 
     while( cur < end )
     {
-        size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
+        len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
 
         id = len % sizeof( dropped );
         ++dropped[id];