Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
Use link-time garbage collection in memory.sh
scripts/memory.sh only work on Linux
Add missing 'const' on selftest data
Use only headers for doxygen (no doc in C files)
Add missing extern "C" guard in aesni.h
Fix compile error with renego disabled
Remove slow PKCS5 test
Stop checking key-cert match systematically
Make tests/*.sh runnable from anywhere
Update visual C files
diff --git a/ChangeLog b/ChangeLog
index 03511e8..fe1ce5c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,8 +45,14 @@
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms.
* Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
+ * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
+ POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
+ in 1.3.10).
+ * Add missing extern "C" guard in aesni.h (reported by amir zamani).
Changes
+ * ssl_set_own_cert() now longers calls pk_check_pair() since the
+ performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
* Remove some unneeded inclusions of header files from the standard library
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index a31d9a5..2d9f66f 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -682,8 +682,7 @@
# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
# *.f90 *.f *.for *.vhd *.vhdl
-FILE_PATTERNS = *.c \
- *.h
+FILE_PATTERNS = *.h
# The RECURSIVE tag can be used to turn specify whether or not subdirectories
# should be searched for input files as well. Possible values are YES and NO.
@@ -697,9 +696,7 @@
# Note that relative paths are relative to the directory from which doxygen is
# run.
-EXCLUDE = tests/fct.h \
- programs \
- CMakeFiles
+EXCLUDE = configs
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index bb514ca..02419ed 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -37,6 +37,10 @@
#if defined(POLARSSL_HAVE_X86_64)
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief AES-NI features detection routine
*
@@ -99,6 +103,10 @@
const unsigned char *key,
size_t bits );
+#ifdef __cplusplus
+}
+#endif
+
#endif /* POLARSSL_HAVE_X86_64 */
#endif /* POLARSSL_AESNI_H */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 2d39c7a..c3f4b38 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -448,7 +448,7 @@
#if defined(POLARSSL_SELF_TEST)
-static unsigned char entropy_source_pr[96] =
+static const unsigned char entropy_source_pr[96] =
{ 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
@@ -462,7 +462,7 @@
0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
-static unsigned char entropy_source_nopr[64] =
+static const unsigned char entropy_source_nopr[64] =
{ 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
@@ -521,7 +521,7 @@
test_offset = 0;
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+ (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
@@ -538,7 +538,7 @@
test_offset = 0;
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+ (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
diff --git a/library/gcm.c b/library/gcm.c
index 1a49180..d46f97d 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -508,10 +508,10 @@
*/
#define MAX_TESTS 6
-static int key_index[MAX_TESTS] =
+static const int key_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-static unsigned char key[MAX_TESTS][32] =
+static const unsigned char key[MAX_TESTS][32] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -523,13 +523,13 @@
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
};
-static size_t iv_len[MAX_TESTS] =
+static const size_t iv_len[MAX_TESTS] =
{ 12, 12, 12, 12, 8, 60 };
-static int iv_index[MAX_TESTS] =
+static const int iv_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 2 };
-static unsigned char iv[MAX_TESTS][64] =
+static const unsigned char iv[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
@@ -545,13 +545,13 @@
0xa6, 0x37, 0xb3, 0x9b },
};
-static size_t add_len[MAX_TESTS] =
+static const size_t add_len[MAX_TESTS] =
{ 0, 0, 0, 20, 20, 20 };
-static int add_index[MAX_TESTS] =
+static const int add_index[MAX_TESTS] =
{ 0, 0, 0, 1, 1, 1 };
-static unsigned char additional[MAX_TESTS][64] =
+static const unsigned char additional[MAX_TESTS][64] =
{
{ 0x00 },
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
@@ -559,13 +559,13 @@
0xab, 0xad, 0xda, 0xd2 },
};
-static size_t pt_len[MAX_TESTS] =
+static const size_t pt_len[MAX_TESTS] =
{ 0, 16, 64, 60, 60, 60 };
-static int pt_index[MAX_TESTS] =
+static const int pt_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-static unsigned char pt[MAX_TESTS][64] =
+static const unsigned char pt[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
@@ -579,7 +579,7 @@
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
};
-static unsigned char ct[MAX_TESTS * 3][64] =
+static const unsigned char ct[MAX_TESTS * 3][64] =
{
{ 0x00 },
{ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
@@ -688,7 +688,7 @@
0x44, 0xae, 0x7e, 0x3f },
};
-static unsigned char tag[MAX_TESTS * 3][16] =
+static const unsigned char tag[MAX_TESTS * 3][16] =
{
{ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
@@ -939,8 +939,6 @@
return( 0 );
}
-
-
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#endif /* POLARSSL_GCM_C */
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index c3a673c..8b73dfd 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -396,7 +396,7 @@
#define OUTPUT_LEN 80
/* From a NIST PR=true test vector */
-static unsigned char entropy_pr[] = {
+static const unsigned char entropy_pr[] = {
0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
@@ -412,7 +412,7 @@
0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
/* From a NIST PR=false test vector */
-static unsigned char entropy_nopr[] = {
+static const unsigned char entropy_nopr[] = {
0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
@@ -461,7 +461,7 @@
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
- hmac_drbg_self_test_entropy, entropy_pr,
+ hmac_drbg_self_test_entropy, (void *) entropy_pr,
NULL, 0 ) );
hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
@@ -480,7 +480,7 @@
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
- hmac_drbg_self_test_entropy, entropy_nopr,
+ hmac_drbg_self_test_entropy, (void *) entropy_nopr,
NULL, 0 ) );
CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
diff --git a/library/md5.c b/library/md5.c
index 4f0c5c1..05651cb 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -443,7 +443,7 @@
/*
* RFC 1321 test vectors
*/
-static unsigned char md5_test_buf[7][81] =
+static const unsigned char md5_test_buf[7][81] =
{
{ "" },
{ "a" },
@@ -481,7 +481,7 @@
/*
* RFC 2202 test vectors
*/
-static unsigned char md5_hmac_test_key[7][26] =
+static const unsigned char md5_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" },
{ "Jefe" },
@@ -498,7 +498,7 @@
16, 4, 16, 25, 16, 80, 80
};
-static unsigned char md5_hmac_test_buf[7][74] =
+static const unsigned char md5_hmac_test_buf[7][74] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
diff --git a/library/pkcs5.c b/library/pkcs5.c
index dae5e41..12ec5ea 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -300,39 +300,37 @@
#define MAX_TESTS 6
-static size_t plen[MAX_TESTS] =
- { 8, 8, 8, 8, 24, 9 };
+static const size_t plen[MAX_TESTS] =
+ { 8, 8, 8, 24, 9 };
-static unsigned char password[MAX_TESTS][32] =
+static const unsigned char password[MAX_TESTS][32] =
{
"password",
"password",
"password",
- "password",
"passwordPASSWORDpassword",
"pass\0word",
};
-static size_t slen[MAX_TESTS] =
- { 4, 4, 4, 4, 36, 5 };
+static const size_t slen[MAX_TESTS] =
+ { 4, 4, 4, 36, 5 };
-static unsigned char salt[MAX_TESTS][40] =
+static const unsigned char salt[MAX_TESTS][40] =
{
"salt",
"salt",
"salt",
- "salt",
"saltSALTsaltSALTsaltSALTsaltSALTsalt",
"sa\0lt",
};
-static uint32_t it_cnt[MAX_TESTS] =
- { 1, 2, 4096, 16777216, 4096, 4096 };
+static const uint32_t it_cnt[MAX_TESTS] =
+ { 1, 2, 4096, 4096, 4096 };
-static uint32_t key_len[MAX_TESTS] =
- { 20, 20, 20, 20, 25, 16 };
+static const uint32_t key_len[MAX_TESTS] =
+ { 20, 20, 20, 25, 16 };
-static unsigned char result_key[MAX_TESTS][32] =
+static const unsigned char result_key[MAX_TESTS][32] =
{
{ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
@@ -343,9 +341,6 @@
{ 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
0x65, 0xa4, 0x29, 0xc1 },
- { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
- 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
- 0x26, 0x34, 0xe9, 0x84 },
{ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
@@ -376,9 +371,6 @@
goto exit;
}
- if( verbose != 0 )
- polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
-
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
diff --git a/library/sha1.c b/library/sha1.c
index 53f5f26..db9f2c1 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -476,7 +476,7 @@
/*
* FIPS-180-1 test vectors
*/
-static unsigned char sha1_test_buf[3][57] =
+static const unsigned char sha1_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -501,7 +501,7 @@
/*
* RFC 2202 test vectors
*/
-static unsigned char sha1_hmac_test_key[7][26] =
+static const unsigned char sha1_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -521,7 +521,7 @@
20, 4, 20, 25, 20, 80, 80
};
-static unsigned char sha1_hmac_test_buf[7][74] =
+static const unsigned char sha1_hmac_test_buf[7][74] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
diff --git a/library/sha256.c b/library/sha256.c
index 1b2d4b2..3f7add6 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -483,7 +483,7 @@
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha256_test_buf[3][57] =
+static const unsigned char sha256_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -533,7 +533,7 @@
/*
* RFC 4231 test vectors
*/
-static unsigned char sha256_hmac_test_key[7][26] =
+static const unsigned char sha256_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -553,7 +553,7 @@
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha256_hmac_test_buf[7][153] =
+static const unsigned char sha256_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
diff --git a/library/sha512.c b/library/sha512.c
index 1ef088f..560a83d 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -488,7 +488,7 @@
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha512_test_buf[3][113] =
+static const unsigned char sha512_test_buf[3][113] =
{
{ "abc" },
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
@@ -557,7 +557,7 @@
/*
* RFC 4231 test vectors
*/
-static unsigned char sha512_hmac_test_key[7][26] =
+static const unsigned char sha512_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -577,7 +577,7 @@
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha512_hmac_test_buf[7][153] =
+static const unsigned char sha512_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a20432b..25d7d25 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5390,7 +5390,7 @@
key_cert->cert = own_cert;
key_cert->key = pk_key;
- return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+ return( 0 );
}
#if defined(POLARSSL_RSA_C)
@@ -5419,7 +5419,7 @@
key_cert->cert = own_cert;
key_cert->key_own_alloc = 1;
- return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+ return( 0 );
}
#endif /* POLARSSL_RSA_C */
@@ -5448,7 +5448,7 @@
key_cert->cert = own_cert;
key_cert->key_own_alloc = 1;
- return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+ return( 0 );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
diff --git a/scripts/memory.sh b/scripts/memory.sh
index 2e56215..36626b8 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -12,7 +12,7 @@
CLIENT='mini_client'
-CFLAGS_EXEC=-fno-asynchronous-unwind-tables
+CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections'
CFLAGS_MEM=-g3
if [ -r $CONFIG_H ]; then :; else
@@ -25,6 +25,11 @@
exit 1
fi
+if [ $( uname ) != Linux ]; then
+ echo "Only work on Linux" >&2
+ exit 1
+fi
+
if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
echo "config.h not clean" >&2
exit 1
@@ -54,7 +59,7 @@
cd programs
CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null
strip ssl/$CLIENT
- stat -f '%z' ssl/$CLIENT
+ stat -c '%s' ssl/$CLIENT
cd ..
printf " Peak ram usage... "