Merge remote-tracking branch 'peterdettman/perf-ecp-double-jac' into mbedtls-1.3
* peterdettman/perf-ecp-double-jac:
Perf: rewrite of ecp_double_jac
diff --git a/.gitignore b/.gitignore
index fdd50b2..fee2a31 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,20 @@
Coverage
*.gcno
*.gcda
-library/polarssl.info
+
+# generated by scripts/memory.sh
+massif-*
+
+# MSVC files generated by CMake:
+/*.sln
+/*.vcxproj
+/*.filters
+
+# MSVC build artifacts:
+*.exe
+*.pdb
+*.ilk
+*.lib
+
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
diff --git a/.travis.yml b/.travis.yml
index 161f726..24c7667 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,7 +3,7 @@
- clang
- gcc
before_install: sudo apt-get update
-install: sudo apt-get install gnutls-bin valgrind perl
+install: sudo apt-get install valgrind perl
script:
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
- make
@@ -13,14 +13,14 @@
- tests/scripts/test-ref-configs.pl
env:
global:
- secure: LidFb8vsR72MKTVpaZ8IYHR1xeVnff47/+ckEge5F9gcwf7QmfSI3+gBLZZciNdyrWzOFhlQ5Q2z/pqVeRtEkKrlcporoMMcHRIbyIA+lfRE1HnYHw7jITScfN9ZmK4msU1ElRlAk6U7ND6MPTH8QfWwchNafDk9d3AoHL4/RrQ=
+ secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons:
coverity_scan:
project:
- name: "polarssl/polarssl"
- description: "PolarSSL Open Source SSL Library"
+ name: "ARMmbed/mbedtls"
+ description: "mbed TLS Open Source SSL Library"
notification_email: p.j.bakker@polarssl.org
build_command_prepend:
build_command: make
- branch_pattern: development
+ branch_pattern: coverity_scan
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9e1158c..72c81b1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,29 +1,33 @@
cmake_minimum_required(VERSION 2.6)
-project(POLARSSL C)
+project(MBEDTLS C)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "-Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings")
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
- set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
- set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
- set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wlogical-op")
+ set(CMAKE_C_FLAGS_RELEASE "-O2")
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
+ set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
+ set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
+ set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code")
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
- set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
- set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith")
+ set(CMAKE_C_FLAGS_RELEASE "-O2")
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
+ set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
+ set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
+ set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
+ set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
+ set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
endif(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
- CACHE STRING "Choose the type of build: None Debug Release Coverage ASan Check CheckFull"
+ CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
FORCE)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
@@ -35,11 +39,11 @@
endif(CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
+option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
-option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
-option(ENABLE_PROGRAMS "Build PolarSSL programs." ON)
-option(ENABLE_TESTING "Build PolarSSL tests." ON)
+option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
+option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_TESTING "Build mbed TLS tests." ON)
if(ENABLE_TESTING)
enable_testing()
@@ -77,7 +81,7 @@
endif()
ADD_CUSTOM_TARGET(apidoc
- COMMAND doxygen doxygen/polarssl.doxyfile
+ COMMAND doxygen doxygen/mbedtls.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
if(ENABLE_TESTING)
@@ -94,18 +98,20 @@
ADD_CUSTOM_TARGET(lcov
COMMAND rm -rf Coverage
- COMMAND lcov --capture --initial --directory library/CMakeFiles/polarssl.dir -o files.info
- COMMAND lcov --capture --directory library/CMakeFiles/polarssl.dir -o tests.info
+ COMMAND lcov --capture --initial --directory library/CMakeFiles/mbedtls.dir -o files.info
+ COMMAND lcov --capture --directory library/CMakeFiles/mbedtls.dir -o tests.info
COMMAND lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
COMMAND lcov --remove all.info -o final.info '*.h'
COMMAND gendesc tests/Descriptions.txt -o descriptions
- COMMAND genhtml --title PolarSSL --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
+ COMMAND genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
COMMAND rm -f files.info tests.info all.info final.info descriptions
)
ADD_CUSTOM_TARGET(memcheck
+ COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
COMMAND rm -f memcheck.log
+ COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
endif()
diff --git a/ChangeLog b/ChangeLog
index bef1abe..e904eb8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,165 @@
-PolarSSL ChangeLog (Sorted per branch, date)
+mbed TLS ChangeLog (Sorted per branch, date)
+
+= mbed TLS 1.3 branch
+
+Security
+ * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
+ extendedKeyUsage on the leaf certificate was lost (results not accessible
+ via ssl_get_verify_results()).
+ * Add countermeasure against "Lucky 13 strikes back" cache-based attack,
+ https://dl.acm.org/citation.cfm?id=2714625
+
+Features
+ * Add x509_crt_verify_info() to display certificate verification results.
+ * Add support for reading DH parameters with privateValueLength included
+ (contributed by Daniel Kahn Gillmor).
+ * Add support for bit strings in X.509 names (request by Fredrik Axelsson).
+ * Add support for id-at-uniqueIdentifier in X.509 names.
+ * Add support for overriding snprintf() (except on Windows) and exit() in
+ the platform layer.
+ * Add an option to use macros instead of function pointers in the platform
+ layer (helps get rid of unwanted references).
+ * Improved Makefiles for Windows targets by fixing library targets and making
+ cross-compilation easier (thanks to Alon Bar-Lev).
+ * The benchmark program also prints heap usage for public-key primitives
+ if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined.
+ * New script ecc-heap.sh helps measuring the impact of ECC parameters on
+ speed and RAM (heap only for now) usage.
+ * New script memory.sh helps measuring the ROM and RAM requirements of two
+ reduced configurations (PSK-CCM and NSA suite B).
+ * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
+ warnings on use of deprecated functions (with GCC and Clang only).
+ * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
+ errors on use of deprecated functions.
+
+Bugfix
+ * Fix bug in ssl_mail_client when password is longer that username (found
+ by Bruno Pape).
+ * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
+ (detected by Clang's 3.6 UBSan).
+ * mpi_size() and mpi_msb() would segfault when called on an mpi that is
+ initialized but not set (found by pravic).
+ * Fix detection of support for getrandom() on Linux (reported by syzzer) by
+ doing it at runtime (using uname) rather that compile time.
+ * Fix handling of symlinks by "make install" (found by Gaël PORTAY).
+ * Fix potential NULL pointer dereference (not trigerrable remotely) when
+ ssl_write() is called before the handshake is finished (introduced in
+ 1.3.10) (first reported by Martin Blumenstingl).
+ * Fix bug in pk_parse_key() that caused some valid private EC keys to be
+ rejected.
+ * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
+ * Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
+ * Fix hardclock() (only used in the benchmarking program) with some
+ versions of mingw64 (found by kxjhlele).
+ * Fix warnings from mingw64 in timing.c (found by kxjklele).
+ * Fix potential unintended sign extension in asn1_get_len() on 64-bit
+ platforms.
+ * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
+ * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
+ POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
+ in 1.3.10).
+ * Add missing extern "C" guard in aesni.h (reported by amir zamani).
+ * Add missing dependency on SHA-256 in some x509 programs (reported by
+ Gergely Budai).
+ * Fix bug related to ssl_set_curves(): the client didn't check that the
+ curve picked by the server was actually allowed.
+
+Changes
+ * Remove bias in mpi_gen_prime (contributed by Pascal Junod).
+ * Remove potential sources of timing variations (some contributed by Pascal
+ Junod).
+ * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
+ * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
+ * compat-1.2.h and openssl.h are deprecated.
+ * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
+ more flexible (warning: OFLAGS is not used any more) (see the README)
+ (contributed by Alon Bar-Lev).
+ * ssl_set_own_cert() no longer calls pk_check_pair() since the
+ performance impact was bad for some users (this was introduced in 1.3.10).
+ * Move from SHA-1 to SHA-256 in example programs using signatures
+ (suggested by Thorsten Mühlfelder).
+ * Remove some unneeded inclusions of header files from the standard library
+ "minimize" others (eg use stddef.h if only size_t is needed).
+ * Change #include lines in test files to use double quotes instead of angle
+ brackets for uniformity with the rest of the code.
+ * Remove dependency on sscanf() in X.509 parsing modules.
+
+= mbed TLS 1.3.10 released 2015-02-09
+Security
+ * NULL pointer dereference in the buffer-based allocator when the buffer is
+ full and polarssl_free() is called (found by Mark Hasemeyer)
+ (only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
+ not by default).
+ * Fix remotely-triggerable uninitialised pointer dereference caused by
+ crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
+ client certificate) (found using Codenomicon Defensics).
+ * Fix remotely-triggerable memory leak caused by crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ (found using Codenomicon Defensics).
+ * Fix potential stack overflow while parsing crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ (found using Codenomicon Defensics).
+ * Fix timing difference that could theoretically lead to a
+ Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
+ (reported by Sebastian Schinzel).
+
+Features
+ * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
+ * Add support for Extended Master Secret (draft-ietf-tls-session-hash).
+ * Add support for Encrypt-then-MAC (RFC 7366).
+ * Add function pk_check_pair() to test if public and private keys match.
+ * Add x509_crl_parse_der().
+ * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+ length of an X.509 verification chain.
+ * Support for renegotiation can now be disabled at compile-time
+ * Support for 1/n-1 record splitting, a countermeasure against BEAST.
+ * Certificate selection based on signature hash, preferring SHA-1 over SHA-2
+ for pre-1.2 clients when multiple certificates are available.
+ * Add support for getrandom() syscall on recent Linux kernels with Glibc or
+ a compatible enough libc (eg uClibc).
+ * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
+ while using the default ciphersuite list.
+ * Added new error codes and debug messages about selection of
+ ciphersuite/certificate.
+
+Bugfix
+ * Stack buffer overflow if ctr_drbg_update() is called with too large
+ add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+ * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
+ if memory_buffer_alloc_init() was called with buf not aligned and len not
+ a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
+ * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
+ by Julian Ospald).
+ * Fix potential undefined behaviour in Camellia.
+ * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
+ multiple of 8 (found by Gergely Budai).
+ * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
+ Peter Vaskovic).
+ * Fix assembly selection for MIPS64 (thanks to James Cowgill).
+ * ssl_get_verify_result() now works even if the handshake was aborted due
+ to a failed verification (found by Fredrik Axelsson).
+ * Skip writing and parsing signature_algorithm extension if none of the
+ key exchanges enabled needs certificates. This fixes a possible interop
+ issue with some servers when a zero-length extension was sent. (Reported
+ by Peter Dettman.)
+ * On a 0-length input, base64_encode() did not correctly set output length
+ (found by Hendrik van den Boogaard).
+
+Changes
+ * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
+ switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
+ * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
+ * ssl_set_own_cert() now returns an error on key-certificate mismatch.
+ * Forbid repeated extensions in X.509 certificates.
+ * debug_print_buf() now prints a text view in addition to hexadecimal.
+ * A specific error is now returned when there are ciphersuites in common
+ but none of them is usable due to external factors such as no certificate
+ with a suitable (extended)KeyUsage or curve or no PSK set.
+ * It is now possible to disable negotiation of truncated HMAC server-side
+ at runtime with ssl_set_truncated_hmac().
+ * Example programs for SSL client and server now disable SSLv3 by default.
+ * Example programs for SSL client and server now disable RC4 by default.
+ * Use platform.h in all test suites and programs.
= PolarSSL 1.3.9 released 2014-10-20
Security
@@ -427,6 +588,94 @@
* RSA blinding on CRT operations to counter timing attacks
(found by Cyril Arnaud and Pierre-Alain Fouque)
+
+= Version 1.2.14 released 2015-05-??
+
+Security
+ * Fix potential invalid memory read in the server, that allows a client to
+ crash it remotely (found by Caj Larsson).
+ * Fix potential invalid memory read in certificate parsing, that allows a
+ client to crash the server remotely if client authentication is enabled
+ (found using Codenomicon Defensics).
+ * Add countermeasure against "Lucky 13 strikes back" cache-based attack,
+ https://dl.acm.org/citation.cfm?id=2714625
+
+Bugfix
+ * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
+ * Fix hardclock() (only used in the benchmarking program) with some
+ versions of mingw64 (found by kxjhlele).
+ * Fix warnings from mingw64 in timing.c (found by kxjklele).
+ * Fix potential unintended sign extension in asn1_get_len() on 64-bit
+ platforms (found with Coverity Scan).
+
+= Version 1.2.13 released 2015-02-16
+Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
+ this will be made in the 1.2 branch at this point.
+
+Security
+ * Fix remotely-triggerable uninitialised pointer dereference caused by
+ crafted X.509 certificate (TLS server is not affected if it doesn't ask
+ for a client certificate) (found using Codenomicon Defensics).
+ * Fix remotely-triggerable memory leak caused by crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ (found using Codenomicon Defensics).
+ * Fix potential stack overflow while parsing crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ found using Codenomicon Defensics).
+ * Fix buffer overread of size 1 when parsing crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate).
+
+Bugfix
+ * Fix potential undefined behaviour in Camellia.
+ * Fix memory leaks in PKCS#5 and PKCS#12.
+ * Stack buffer overflow if ctr_drbg_update() is called with too large
+ add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+ * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
+ in 1.2.12).
+ * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
+ Peter Vaskovic).
+ * Fix assembly selection for MIPS64 (thanks to James Cowgill).
+ * ssl_get_verify_result() now works even if the handshake was aborted due
+ to a failed verification (found by Fredrik Axelsson).
+ * Skip writing and parsing signature_algorithm extension if none of the
+ key exchanges enabled needs certificates. This fixes a possible interop
+ issue with some servers when a zero-length extension was sent. (Reported
+ by Peter Dettman.)
+ * On a 0-length input, base64_encode() did not correctly set output length
+ (found by Hendrik van den Boogaard).
+
+Changes
+ * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
+ * Forbid repeated extensions in X.509 certificates.
+ * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+ length of an X.509 verification chain (default = 8).
+= Version 1.2.12 released 2014-10-24
+
+Security
+ * Remotely-triggerable memory leak when parsing some X.509 certificates
+ (server is not affected if it doesn't ask for a client certificate).
+ (Found using Codenomicon Defensics.)
+
+Bugfix
+ * Fix potential bad read in parsing ServerHello (found by Adrien
+ Vialletelle).
+ * ssl_close_notify() could send more than one message in some circumstances
+ with non-blocking I/O.
+ * x509_crt_parse() did not increase total_failed on PEM error
+ * Fix compiler warnings on iOS (found by Sander Niemeijer).
+ * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
+ * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
+ * ssl_read() could return non-application data records on server while
+ renegotation was pending, and on client when a HelloRequest was received.
+ * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
+
+Changes
+ * X.509 certificates with more than one AttributeTypeAndValue per
+ RelativeDistinguishedName are not accepted any more.
+ * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
+ POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
+ * Accept spaces at end of line or end of buffer in base64_decode().
+
= Version 1.2.11 released 2014-07-11
Features
* Entropy module now supports seed writing and reading
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index da4c741..dfa0f07 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: PolarSSL-test
+BuildName: mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/Makefile b/Makefile
index 0807e8d..441d1f9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,57 +1,64 @@
DESTDIR=/usr/local
-PREFIX=polarssl_
+PREFIX=mbedtls_
+OLDPREFIX=polarssl_
.SILENT:
-all:
- cd library && $(MAKE) all && cd ..
- cd programs && $(MAKE) all && cd ..
- cd tests && $(MAKE) all && cd ..
+all: programs tests
-no_test:
- cd library && $(MAKE) all && cd ..
- cd programs && $(MAKE) all && cd ..
+no_test: programs
+
+programs: lib
+ $(MAKE) -C programs
lib:
- cd library && $(MAKE) all && cd ..
+ $(MAKE) -C library
+
+tests: lib
+ $(MAKE) -C tests
install:
mkdir -p $(DESTDIR)/include/polarssl
cp -r include/polarssl $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
- cp library/libpolarssl.* $(DESTDIR)/lib
+ cp -RP library/libpolarssl.* library/libmbedtls.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
+ o=$(OLDPREFIX)`basename $$p` ; \
cp $$p $(DESTDIR)/bin/$$f ; \
+ ln -sf $$f $(DESTDIR)/bin/$$o ; \
fi \
done
uninstall:
rm -rf $(DESTDIR)/include/polarssl
rm -f $(DESTDIR)/lib/libpolarssl.*
+ rm -f $(DESTDIR)/lib/libmbedtls.*
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
+ o=$(OLDPREFIX)`basename $$p` ; \
rm -f $(DESTDIR)/bin/$$f ; \
+ rm -f $(DESTDIR)/bin/$$o ; \
fi \
done
clean:
- cd library && $(MAKE) clean && cd ..
- cd programs && $(MAKE) clean && cd ..
- cd tests && $(MAKE) clean && cd ..
+ $(MAKE) -C library clean
+ $(MAKE) -C programs clean
+ $(MAKE) -C tests clean
find . \( -name \*.gcno -o -name \*.gcda -o -name *.info \) -exec rm {} +
-check: lib
- ( cd tests && $(MAKE) && $(MAKE) check )
+check: tests
+ $(MAKE) -C tests check
test-ref-configs:
tests/scripts/test-ref-configs.pl
@@ -71,12 +78,12 @@
lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
lcov --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions
- genhtml --title PolarSSL --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
+ genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
rm -f files.info tests.info all.info final.info descriptions
apidoc:
mkdir -p apidoc
- doxygen doxygen/polarssl.doxyfile
+ doxygen doxygen/mbedtls.doxyfile
apidoc_clean:
if [ -d apidoc ] ; \
diff --git a/README.rst b/README.rst
index 8dd823c..59ca2c6 100644
--- a/README.rst
+++ b/README.rst
@@ -1,11 +1,20 @@
===================
-README for PolarSSL
+README for mbed TLS
===================
+Configuration
+=============
+
+mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file *include/polarssl/config.h*, which is also the place where features can be selected.
+This file can be edited manually, or in a more programmatic way using the Perl
+script *scripts/config.pl* (use *--help* for usage instructions).
+
+Compiler options can be set using standard variables such as *CC* and *CFLAGS* when using the Make and CMake build system (see below).
+
Compiling
=========
-There are currently three active build systems within the PolarSSL releases:
+There are currently three active build systems within the mbed TLS releases:
- Make
- CMake
@@ -26,7 +35,11 @@
make check
-Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the PolarSSL Knowledge Base <https://polarssl.org/kb>`_ for articles on your platform or issue.
+In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (eg when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell.
+
+Setting the variable SHARED in your environment will build a shared library in addition to the static library. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
+
+Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://tls.mbed.org/kb>`_ for articles on your platform or issue.
In case you find that you need to do something else as well, please let us know what, so we can add it to the KB.
@@ -39,7 +52,7 @@
make
-There are 5 different active build modes specified within the CMake buildsystem:
+There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
- Release.
This generates the default code without any unnecessary information in the binary files.
@@ -49,13 +62,30 @@
This generates code coverage information in addition to debug information.
- ASan.
This instruments the code with AddressSanitizer to check for memory errors.
+ (This includes LeakSanitizer, with recent version of gcc and clang.)
+ (With recent version of clang, this mode also instruments the code with
+ UndefinedSanitizer to check for undefined behaviour.)
+- ASanDbg.
+ Same as ASan but slower, with debug information and better stack traces.
+- MemSan.
+ This instruments the code with MemorySanitizer to check for uninitialised
+ memory reads. Experimental, needs recent clang on Linux/x86_64.
+- MemSanDbg.
+ Same as ASan but slower, with debug information, better stack traces and
+ origin tracking.
- Check.
- This activates more compiler warnings and treats them as errors.
+ This activates the compiler warnings that depend on optimization and treats
+ all warnings as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line:
cmake -D CMAKE_BUILD_TYPE:String="Debug" .
+Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
+
+ find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
+ CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
+
In order to run the tests, enter::
make test
@@ -75,7 +105,14 @@
Tests
=====
-PolarSSL includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
+mbed TLS includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
+
+For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
+
+- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
+- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
+- *tests/scripts/test-ref-configs.pl* test builds in various reduced configurations.
+- *tests/scripts/all.sh* runs a combination of the above tests with various build options (eg ASan).
Configurations
==============
@@ -93,10 +130,10 @@
Process
-------
-#. `Check for open issues <https://github.com/polarssl/polarssl/issues>`_ or
- `start a discussion <https://polarssl.org/discussions>`_ around a feature
+#. `Check for open issues <https://github.com/ARMmbed/mbedtls/issues>`_ or
+ `start a discussion <https://tls.mbed.org/discussions>`_ around a feature
idea or a bug.
-#. Fork the `PolarSSL repository on Github <https://github.com/polarssl/polarssl>`_
+#. Fork the `mbed TLS repository on Github <https://github.com/ARMmbed/mbedtls>`_
to start making your changes.
#. Write a test which shows that the bug was fixed or that the feature works
as expected.
diff --git a/configs/README.txt b/configs/README.txt
index bab500d..4a0074c 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -18,9 +18,9 @@
Or, using cmake:
- rm CMakeCache.txt
+ find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE='<foo.h>'" cmake .
make
Note that the second method also works if you want to keep your custom
-configuration file outside the PolarSSL tree.
+configuration file outside the mbed TLS tree.
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 1da9f6a..4a3ebb1 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -12,15 +12,16 @@
#define POLARSSL_CONFIG_H
/* System support */
-//#define POLARSSL_HAVE_IPV6 /* Optional */
+#define POLARSSL_HAVE_IPV6 /* Now mandatory for NET_C */
//#define POLARSSL_HAVE_TIME /* Optionally used in Hello messages */
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
-/* PolarSSL feature support */
+/* mbed TLS feature support */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
#define POLARSSL_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION
-/* PolarSSL modules */
+/* mbed TLS modules */
#define POLARSSL_AES_C
#define POLARSSL_CCM_C
#define POLARSSL_CIPHER_C
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 338fecf..3bd1b1f 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -13,13 +13,14 @@
#define POLARSSL_HAVE_TIME
#define POLARSSL_HAVE_IPV6
-/* PolarSSL feature support */
+/* mbed TLS feature support */
#define POLARSSL_CIPHER_MODE_CBC
#define POLARSSL_PKCS1_V15
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
#define POLARSSL_SSL_PROTO_TLS1_1
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION
-/* PolarSSL modules */
+/* mbed TLS modules */
#define POLARSSL_AES_C
#define POLARSSL_ASN1_PARSE_C
#define POLARSSL_ASN1_WRITE_C
diff --git a/configs/config-picocoin.h b/configs/config-picocoin.h
index eeac5d0..57b8005 100644
--- a/configs/config-picocoin.h
+++ b/configs/config-picocoin.h
@@ -18,7 +18,7 @@
#define POLARSSL_HAVE_TIME
#define POLARSSL_HAVE_IPV6
-/* PolarSSL feature support */
+/* mbed TLS feature support */
#define POLARSSL_CIPHER_MODE_CBC
#define POLARSSL_CIPHER_PADDING_PKCS7
#define POLARSSL_ECP_DP_SECP256K1_ENABLED
@@ -27,7 +27,7 @@
#define POLARSSL_ERROR_STRERROR_DUMMY
#define POLARSSL_FS_IO
-/* PolarSSL modules */
+/* mbed TLS modules */
#define POLARSSL_AESNI_C
#define POLARSSL_AES_C
#define POLARSSL_ASN1_PARSE_C
diff --git a/configs/config-psk-rc4-tls1_0.h b/configs/config-psk-rc4-tls1_0.h
index c967b4c..2f557c1 100644
--- a/configs/config-psk-rc4-tls1_0.h
+++ b/configs/config-psk-rc4-tls1_0.h
@@ -12,15 +12,16 @@
#define POLARSSL_CONFIG_H
/* System support */
-//#define POLARSSL_HAVE_IPV6 /* Optional */
+#define POLARSSL_HAVE_IPV6 /* Now mandatory for NET_C */
//#define POLARSSL_HAVE_TIME /* Optionnaly used in Hello messages */
/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
-/* PolarSSL feature support */
+/* mbed TLS feature support */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
#define POLARSSL_SSL_PROTO_TLS1
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION
-/* PolarSSL modules */
+/* mbed TLS modules */
#define POLARSSL_AES_C
#define POLARSSL_ARC4_C
#define POLARSSL_CIPHER_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index cd38f33..3e8f153 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -20,13 +20,14 @@
#define POLARSSL_HAVE_TIME
#define POLARSSL_HAVE_IPV6
-/* PolarSSL feature support */
+/* mbed TLS feature support */
#define POLARSSL_ECP_DP_SECP256R1_ENABLED
#define POLARSSL_ECP_DP_SECP384R1_ENABLED
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define POLARSSL_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION
-/* PolarSSL modules */
+/* mbed TLS modules */
#define POLARSSL_AES_C
#define POLARSSL_ASN1_PARSE_C
#define POLARSSL_ASN1_WRITE_C
@@ -67,8 +68,8 @@
#define POLARSSL_ECP_WINDOW_SIZE 2
#define POLARSSL_ECP_FIXED_POINT_OPTIM 0
-/* Uncomment for a significant speed benefit at the expense of some ROM */
-//#define POLARSSL_ECP_NIST_OPTIM
+/* Significant speed benefit at the expense of some ROM */
+#define POLARSSL_ECP_NIST_OPTIM
/*
* You should adjust this to the exact number of sources you're using: default
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 426c1f3..b41e36e 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -4,23 +4,23 @@
*/
/**
- * @mainpage PolarSSL v1.3.9 source code documentation
+ * @mainpage mbed TLS v1.3.10 source code documentation
*
- * This documentation describes the internal structure of PolarSSL. It was
+ * This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
- * PolarSSL's source code using Doxygen. (See
+ * mbed TLS's source code using Doxygen. (See
* http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
*
- * PolarSSL has a simple setup: it provides the ingredients for an SSL/TLS
+ * mbed TLS has a simple setup: it provides the ingredients for an SSL/TLS
* implementation. These ingredients are listed as modules in the
* \ref mainpage_modules "Modules section". This "Modules section" introduces
* the high-level module concepts used throughout this documentation.\n
- * Some examples of PolarSSL usage can be found in the \ref mainpage_examples
+ * Some examples of mbed TLS usage can be found in the \ref mainpage_examples
* "Examples section".
*
* @section mainpage_modules Modules
*
- * PolarSSL supports SSLv3 up to TLSv1.2 communication by providing the
+ * mbed TLS supports SSLv3 up to TLSv1.2 communication by providing the
* following:
* - TCP/IP communication functions: listen, connect, accept, read/write.
* - SSL/TLS communication functions: init, handshake, read/write.
@@ -34,7 +34,7 @@
* into an SSL server/client solution that utilises a X.509 PKI. Examples of
* such implementations are amply provided with the source code.
*
- * Note that PolarSSL does not provide a control channel or (multiple) session
+ * Note that mbed TLS does not provide a control channel or (multiple) session
* handling without additional work from the developer.
*
* @section mainpage_examples Examples
diff --git a/doxygen/polarssl.doxyfile b/doxygen/mbedtls.doxyfile
similarity index 99%
rename from doxygen/polarssl.doxyfile
rename to doxygen/mbedtls.doxyfile
index 374197c..49c81c3 100644
--- a/doxygen/polarssl.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "PolarSSL v1.3.9"
+PROJECT_NAME = "mbed TLS v1.3.10"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
@@ -682,8 +682,7 @@
# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
# *.f90 *.f *.for *.vhd *.vhdl
-FILE_PATTERNS = *.c \
- *.h
+FILE_PATTERNS = *.h
# The RECURSIVE tag can be used to turn specify whether or not subdirectories
# should be searched for input files as well. Possible values are YES and NO.
@@ -697,9 +696,7 @@
# Note that relative paths are relative to the directory from which doxygen is
# run.
-EXCLUDE = tests/fct.h \
- programs \
- CMakeFiles
+EXCLUDE = configs
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
diff --git a/include/.gitignore b/include/.gitignore
index f3c7a7c..53a36d4 100644
--- a/include/.gitignore
+++ b/include/.gitignore
@@ -1 +1,4 @@
Makefile
+*.sln
+*.vcxproj
+polarssl/check_config
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 8468871..2c56858 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,6 +1,6 @@
-option(INSTALL_POLARSSL_HEADERS "Install PolarSSL headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
-if(INSTALL_POLARSSL_HEADERS)
+if(INSTALL_MBEDTLS_HEADERS)
file(GLOB headers "polarssl/*.h")
@@ -8,4 +8,4 @@
DESTINATION include/polarssl
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-endif(INSTALL_POLARSSL_HEADERS)
+endif(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 2e9092f..8bcc039 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -3,12 +3,9 @@
*
* \brief AES block cipher
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
@@ -132,6 +129,14 @@
* Length should be a multiple of the block
* size (16 bytes)
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
@@ -157,6 +162,14 @@
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
@@ -182,6 +195,14 @@
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
diff --git a/include/polarssl/aesni.h b/include/polarssl/aesni.h
index 92b23cd..02419ed 100644
--- a/include/polarssl/aesni.h
+++ b/include/polarssl/aesni.h
@@ -3,12 +3,9 @@
*
* \brief AES-NI for hardware AES acceleration on some Intel processors
*
- * Copyright (C) 2013, Brainspark B.V.
+ * Copyright (C) 2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,6 +37,10 @@
#if defined(POLARSSL_HAVE_X86_64)
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief AES-NI features detection routine
*
@@ -102,6 +103,10 @@
const unsigned char *key,
size_t bits );
+#ifdef __cplusplus
+}
+#endif
+
#endif /* POLARSSL_HAVE_X86_64 */
#endif /* POLARSSL_AESNI_H */
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index 555f54f..9de0577 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -3,12 +3,9 @@
*
* \brief The ARCFOUR stream cipher
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if !defined(POLARSSL_ARC4_ALT)
// Regular implementation
diff --git a/include/polarssl/asn1.h b/include/polarssl/asn1.h
index eacdd08..0bfa929 100644
--- a/include/polarssl/asn1.h
+++ b/include/polarssl/asn1.h
@@ -3,12 +3,9 @@
*
* \brief Generic ASN.1 parsing
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,12 +30,12 @@
#include POLARSSL_CONFIG_FILE
#endif
+#include <stddef.h>
+
#if defined(POLARSSL_BIGNUM_C)
#include "bignum.h"
#endif
-#include <string.h>
-
/**
* \addtogroup asn1_module
* \{
@@ -158,6 +155,7 @@
asn1_buf oid; /**< The object identifier. */
asn1_buf val; /**< The named value. */
struct _asn1_named_data *next; /**< The next entry in the sequence. */
+ unsigned char next_merged; /**< Merge next item into the current one? */
}
asn1_named_data;
diff --git a/include/polarssl/asn1write.h b/include/polarssl/asn1write.h
index 7a7fbf7..154a6ba 100644
--- a/include/polarssl/asn1write.h
+++ b/include/polarssl/asn1write.h
@@ -3,12 +3,9 @@
*
* \brief ASN.1 buffer writing functionality
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/base64.h b/include/polarssl/base64.h
index d041493..0f1e854 100644
--- a/include/polarssl/base64.h
+++ b/include/polarssl/base64.h
@@ -3,12 +3,9 @@
*
* \brief RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +24,7 @@
#ifndef POLARSSL_BASE64_H
#define POLARSSL_BASE64_H
-#include <string.h>
+#include <stddef.h>
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 992ed8e..8e1687b 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -3,12 +3,9 @@
*
* \brief Multi-precision integer library
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,15 +24,18 @@
#ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H
-#include <stdio.h>
-#include <string.h>
-
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
+#include <stddef.h>
+
+#if defined(POLARSSL_FS_IO)
+#include <stdio.h>
+#endif
+
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
#if (_MSC_VER <= 1200)
@@ -148,7 +148,7 @@
defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) || \
(defined(__sparc__) && defined(__arch64__)) || \
- defined(__s390x__) ) )
+ defined(__s390x__) || defined(__mips64) ) )
#define POLARSSL_HAVE_INT64
typedef int64_t t_sint;
typedef uint64_t t_uint;
@@ -188,7 +188,9 @@
mpi;
/**
- * \brief Initialize one MPI
+ * \brief Initialize one MPI (make internal references valid)
+ * This just makes it ready to be set or freed,
+ * but does not define a value for the MPI.
*
* \param X One MPI to initialize.
*/
diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h
index c652b46..21ba7d4 100644
--- a/include/polarssl/blowfish.h
+++ b/include/polarssl/blowfish.h
@@ -3,12 +3,9 @@
*
* \brief Blowfish block cipher
*
- * Copyright (C) 2012-2014, Brainspark B.V.
+ * Copyright (C) 2012-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
@@ -117,6 +114,14 @@
* Length should be a multiple of the block
* size (8 bytes)
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx Blowfish context
* \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
* \param length length of the input data
@@ -139,6 +144,14 @@
/**
* \brief Blowfish CFB buffer encryption/decryption.
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx Blowfish context
* \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
* \param length length of the input data
diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h
index a8f0d22..aa940a9 100644
--- a/include/polarssl/bn_mul.h
+++ b/include/polarssl/bn_mul.h
@@ -3,12 +3,9 @@
*
* \brief Multi-precision integer library
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -683,7 +680,7 @@
);
#endif /* Alpha */
-#if defined(__mips__) && !defined(__mips64__)
+#if defined(__mips__) && !defined(__mips64)
#define MULADDC_INIT \
asm( \
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index 8488d1d..03218d1 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -3,12 +3,9 @@
*
* \brief Camellia block cipher
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
@@ -125,6 +122,14 @@
* Length should be a multiple of the block
* size (16 bytes)
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data
@@ -151,6 +156,14 @@
* both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data
diff --git a/include/polarssl/ccm.h b/include/polarssl/ccm.h
index 439152f..f1f24bd 100644
--- a/include/polarssl/ccm.h
+++ b/include/polarssl/ccm.h
@@ -3,12 +3,9 @@
*
* \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
*
- * Copyright (C) 2014, Brainspark B.V.
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h
index ba7c028..d221660 100644
--- a/include/polarssl/certs.h
+++ b/include/polarssl/certs.h
@@ -3,12 +3,9 @@
*
* \brief Sample certificates and DHM parameters for testing
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h
index 328b881..f0d83c8 100644
--- a/include/polarssl/check_config.h
+++ b/include/polarssl/check_config.h
@@ -3,12 +3,9 @@
*
* \brief Consistency checks for configuration options
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,20 @@
#ifndef POLARSSL_CHECK_CONFIG_H
#define POLARSSL_CHECK_CONFIG_H
+#if defined(POLARSSL_DEPRECATED_WARNING) && \
+ !defined(__GNUC__) && !defined(__clang__)
+#error "POLARSSL_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+#if defined(POLARSSL_NET_C) && !defined(POLARSSL_HAVE_IPV6)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#warning "Using POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated"
+#endif
+#if defined(POLARSSL_DEPRECATED_REMOVED)
+#define POLARSSL_HAVE_IPV6
+#endif
+#endif /* POLARSSL_NET_C && !POLARSSL_HAVE_IPV6 */
+
#if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM)
#error "POLARSSL_AESNI_C defined, but not all prerequisites"
#endif
@@ -148,17 +159,21 @@
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
- ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
+ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
- ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
+ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_MEMORY_C defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && \
( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
@@ -180,6 +195,11 @@
#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_PK_C) && \
+ ( !defined(POLARSSL_RSA_C) && !defined(POLARSSL_ECP_C) )
+#error "POLARSSL_PK_C defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
#endif
@@ -192,6 +212,136 @@
#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_PLATFORM_EXIT_ALT) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_EXIT_MACRO) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_EXIT_MACRO) &&\
+ ( defined(POLARSSL_PLATFORM_STD_EXIT) ||\
+ defined(POLARSSL_PLATFORM_EXIT_ALT) )
+#error "POLARSSL_PLATFORM_EXIT_MACRO and POLARSSL_PLATFORM_STD_EXIT/POLARSSL_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) &&\
+ ( defined(POLARSSL_PLATFORM_STD_FPRINTF) ||\
+ defined(POLARSSL_PLATFORM_FPRINTF_ALT) )
+#error "POLARSSL_PLATFORM_FPRINTF_MACRO and POLARSSL_PLATFORM_STD_FPRINTF/POLARSSL_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\
+ ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
+#error "POLARSSL_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\
+ defined(POLARSSL_PLATFORM_STD_FREE)
+#error "POLARSSL_PLATFORM_FREE_MACRO and POLARSSL_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_FREE_MACRO) && !defined(POLARSSL_PLATFORM_MALLOC_MACRO)
+#error "POLARSSL_PLATFORM_MALLOC_MACRO must be defined if POLARSSL_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\
+ ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
+#error "POLARSSL_PLATFORM_MALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\
+ defined(POLARSSL_PLATFORM_STD_MALLOC)
+#error "POLARSSL_PLATFORM_MALLOC_MACRO and POLARSSL_PLATFORM_STD_MALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) && !defined(POLARSSL_PLATFORM_FREE_MACRO)
+#error "POLARSSL_PLATFORM_FREE_MACRO must be defined if POLARSSL_PLATFORM_MALLOC_MACRO is"
+#endif
+
+#if defined(POLARSSL_PLATFORM_MEMORY) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_PRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) &&\
+ ( defined(POLARSSL_PLATFORM_STD_PRINTF) ||\
+ defined(POLARSSL_PLATFORM_PRINTF_ALT) )
+#error "POLARSSL_PLATFORM_PRINTF_MACRO and POLARSSL_PLATFORM_STD_PRINTF/POLARSSL_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && ( defined(_WIN32)\
+ && !defined(EFIX64) && !defined(EFI32) )
+#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined but not available on Windows"
+#endif
+
+#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
+#error "POLARSSL_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) &&\
+ ( defined(POLARSSL_PLATFORM_STD_SNPRINTF) ||\
+ defined(POLARSSL_PLATFORM_SNPRINTF_ALT) )
+#error "POLARSSL_PLATFORM_SNPRINTF_MACRO and POLARSSL_PLATFORM_STD_SNPRINTF/POLARSSL_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_MEM_HDR) &&\
+ !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
+#error "POLARSSL_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY)
+#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY)
+#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_FREE) && !defined(POLARSSL_PLATFORM_MEMORY)
+#error "POLARSSL_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_EXIT) &&\
+ !defined(POLARSSL_PLATFORM_EXIT_ALT)
+#error "POLARSSL_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_FPRINTF) &&\
+ !defined(POLARSSL_PLATFORM_FPRINTF_ALT)
+#error "POLARSSL_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_PRINTF) &&\
+ !defined(POLARSSL_PLATFORM_PRINTF_ALT)
+#error "POLARSSL_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(POLARSSL_PLATFORM_STD_SNPRINTF) &&\
+ !defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
+#error "POLARSSL_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) )
#error "POLARSSL_RSA_C defined, but not all prerequisites"
@@ -257,12 +407,31 @@
#error "Illegal protocol selection"
#endif
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1_2)
+#error "POLARSSL_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
+ !defined(POLARSSL_SSL_PROTO_TLS1_2)
+#error "POLARSSL_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_CIPHER_MODE_CBC) )
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) && \
+ !defined(POLARSSL_SSL_PROTO_SSL3) && !defined(POLARSSL_SSL_PROTO_TLS1)
+#error "POLARSSL_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && \
!defined(POLARSSL_X509_CRT_PARSE_C)
#error "POLARSSL_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index 087e590..ef8d281 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -36,6 +33,8 @@
#include POLARSSL_CONFIG_FILE
#endif
+#include <stddef.h>
+
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
#define POLARSSL_CIPHER_MODE_AEAD
#endif
@@ -44,7 +43,9 @@
#define POLARSSL_CIPHER_MODE_WITH_PADDING
#endif
-#include <string.h>
+#if defined(POLARSSL_ARC4_C)
+#define POLARSSL_CIPHER_MODE_STREAM
+#endif
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
@@ -185,24 +186,32 @@
int (*ecb_func)( void *ctx, operation_t mode,
const unsigned char *input, unsigned char *output );
+#if defined(POLARSSL_CIPHER_MODE_CBC)
/** Encrypt using CBC */
int (*cbc_func)( void *ctx, operation_t mode, size_t length,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
/** Encrypt using CFB (Full length) */
int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
/** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output );
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
/** Encrypt using STREAM */
int (*stream_func)( void *ctx, size_t length,
const unsigned char *input, unsigned char *output );
+#endif
/** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key,
@@ -265,9 +274,11 @@
/** Operation that the context's key has been initialised for */
operation_t operation;
+#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for cipher mode */
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+#endif
/** Buffer for data that hasn't been encrypted yet */
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH];
@@ -361,17 +372,25 @@
*/
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
/**
* \brief Free the cipher-specific context of ctx. Freeing ctx
* itself remains the responsibility of the caller.
*
- * \note Deprecated: Redirects to cipher_free()
+ * \deprecated Use cipher_free() instead
*
* \param ctx Free the cipher-specific context
*
* \returns 0
*/
-int cipher_free_ctx( cipher_context_t *ctx );
+int cipher_free_ctx( cipher_context_t *ctx ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
/**
* \brief Returns the block size of the given cipher.
@@ -466,7 +485,7 @@
* POLARSSL_KEY_LENGTH_NONE if ctx has not been
* initialised.
*/
-static inline int cipher_get_key_size ( const cipher_context_t *ctx )
+static inline int cipher_get_key_size( const cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_KEY_LENGTH_NONE;
diff --git a/include/polarssl/cipher_wrap.h b/include/polarssl/cipher_wrap.h
index 46bc757..3e685b1 100644
--- a/include/polarssl/cipher_wrap.h
+++ b/include/polarssl/cipher_wrap.h
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,6 +31,7 @@
#else
#include POLARSSL_CONFIG_FILE
#endif
+
#include "cipher.h"
#ifdef __cplusplus
diff --git a/include/polarssl/compat-1.2.h b/include/polarssl/compat-1.2.h
index 15b5aa1..d694015 100644
--- a/include/polarssl/compat-1.2.h
+++ b/include/polarssl/compat-1.2.h
@@ -3,12 +3,11 @@
*
* \brief Backwards compatibility header for PolarSSL-1.2 from PolarSSL-1.3
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * \deprecated Use native PolarSSL 1.3 functions instead.
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,6 +23,12 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#warning "Including compat-1.2.h is deprecated"
+#endif
+
#ifndef POLARSSL_COMPAT_1_2_H
#define POLARSSL_COMPAT_1_2_H
@@ -387,3 +392,4 @@
}
#endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */
#endif /* compat-1.2.h */
+#endif /* POLARSSL_DEPRECATED_REMOVED */
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 50b4e33..6bfa705 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -3,12 +3,9 @@
*
* \brief Configuration options (set of defines)
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -47,6 +44,10 @@
*
* The system uses 8-bit wide native integers.
*
+ * \deprecated The compiler should be able to generate code for 32-bit
+ * arithmetic (required by C89). This code is likely to be at least as
+ * efficient as ours.
+ *
* Uncomment if native integers are 8-bit wide.
*/
//#define POLARSSL_HAVE_INT8
@@ -56,6 +57,10 @@
*
* The system uses 16-bit wide native integers.
*
+ * \deprecated The compiler should be able to generate code for 32-bit
+ * arithmetic (required by C89). This code is likely to be at least as
+ * efficient as ours.
+ *
* Uncomment if native integers are 16-bit wide.
*/
//#define POLARSSL_HAVE_INT16
@@ -110,6 +115,9 @@
*
* Note: on Windows/MingW, XP or higher is required.
*
+ * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is
+ * defined, is deprecated. The alternative legacy code will be removed in 2.0.
+ *
* Comment if your system does not support the IPv6 socket interface
*/
#define POLARSSL_HAVE_IPV6
@@ -119,12 +127,18 @@
*
* Enable the memory allocation layer.
*
- * By default PolarSSL uses the system-provided malloc() and free().
+ * By default mbed TLS uses the system-provided malloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
- * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()"
- * to allow you to set an alternative malloc() and free() function pointer.
+ * Enabling POLARSSL_PLATFORM_MEMORY without the
+ * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide
+ * "platform_set_malloc_free()" allowing you to set an alternative malloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling POLARSSL_PLATFORM_MEMORY and specifying
+ * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
*
* Requires: POLARSSL_PLATFORM_C
*
@@ -141,7 +155,8 @@
* This makes sure there are no linking errors on platforms that do not support
* these functions. You will HAVE to provide alternatives, either at runtime
* via the platform_set_xxx() functions or at compile time by setting
- * the POLARSSL_PLATFORM_STD_XXX defines.
+ * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a
+ * POLARSSL_PLATFORM_XXX_MACRO.
*
* Requires: POLARSSL_PLATFORM_C
*
@@ -153,24 +168,60 @@
/**
* \def POLARSSL_PLATFORM_XXX_ALT
*
- * Uncomment a macro to let PolarSSL support the function in the platform
+ * Uncomment a macro to let mbed TLS support the function in the platform
* abstraction layer.
*
- * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will
+ * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will
* provide a function "platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
* All these define require POLARSSL_PLATFORM_C to be defined!
*
+ * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows
+ * for compatibility reasons.
+ *
+ * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * POLARSSL_PLATFORM_XXX_MACRO!
+ *
* Uncomment a macro to enable alternate implementation of specific base
* platform function
*/
-//#define POLARSSL_PLATFORM_PRINTF_ALT
+//#define POLARSSL_PLATFORM_EXIT_ALT
//#define POLARSSL_PLATFORM_FPRINTF_ALT
+//#define POLARSSL_PLATFORM_PRINTF_ALT
+//#define POLARSSL_PLATFORM_SNPRINTF_ALT
+
+/**
+ * \def POLARSSL_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use POLARSSL_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define POLARSSL_DEPRECATED_WARNING
+
+/**
+ * \def POLARSSL_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define POLARSSL_DEPRECATED_REMOVED
+
/* \} name SECTION: System support */
/**
- * \name SECTION: PolarSSL feature support
+ * \name SECTION: mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -193,12 +244,12 @@
/**
* \def POLARSSL_XXX_ALT
*
- * Uncomment a macro to let PolarSSL use your alternate core implementation of
+ * Uncomment a macro to let mbed TLS use your alternate core implementation of
* a symmetric or hash algorithm (e.g. platform specific assembly optimized
* implementations). Keep in mind that the function prototypes should remain
* the same.
*
- * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
+ * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer
* provide the "struct aes_context" definition and omit the base function
* declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -226,11 +277,19 @@
* Store the AES tables in ROM.
*
* Uncomment this macro to store the AES tables in ROM.
- *
*/
//#define POLARSSL_AES_ROM_TABLES
/**
+ * \def POLARSSL_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define POLARSSL_CAMELLIA_SMALL_MEMORY
+
+/**
* \def POLARSSL_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
@@ -638,11 +697,9 @@
* Make available the backward compatible error_strerror() next to the
* current polarssl_strerror().
*
- * For new code, it is recommended to use polarssl_strerror() instead and
- * disable this.
+ * \deprecated Do not define this and use polarssl_strerror() instead
*
- * Disable if you run into name conflicts and want to really remove the
- * error_strerror()
+ * Disable if you want to really remove the error_strerror() name
*/
#define POLARSSL_ERROR_STRERROR_BC
@@ -782,10 +839,22 @@
#define POLARSSL_SELF_TEST
/**
+ * \def POLARSSL_SSL_AEAD_RANDOM_IV
+ *
+ * Generate a random IV rather than using the record sequence number as a
+ * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
+ *
+ * Using the sequence number is generally recommended.
+ *
+ * Uncomment this macro to always use random IVs with AEAD ciphersuites.
+ */
+//#define POLARSSL_SSL_AEAD_RANDOM_IV
+
+/**
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, PolarSSL can still communicate
+ * If you choose not to send the alert messages, mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -811,6 +880,59 @@
*/
//#define POLARSSL_SSL_DEBUG_ALL
+/** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: POLARSSL_SSL_PROTO_TLS1 or
+ * POLARSSL_SSL_PROTO_TLS1_1 or
+ * POLARSSL_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC
+
+/** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: POLARSSL_SSL_PROTO_TLS1 or
+ * POLARSSL_SSL_PROTO_TLS1_1 or
+ * POLARSSL_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define POLARSSL_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def POLARSSL_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define POLARSSL_SSL_FALLBACK_SCSV
+
/**
* \def POLARSSL_SSL_HW_RECORD_ACCEL
*
@@ -822,6 +944,36 @@
//#define POLARSSL_SSL_HW_RECORD_ACCEL
/**
+ * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Warning: in the next stable branch, this switch will be replaced by
+ * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation.
+ *
+ * Uncomment this to disable support for renegotiation.
+ */
+//#define POLARSSL_SSL_DISABLE_RENEGOTIATION
+
+/**
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
*
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
@@ -901,8 +1053,7 @@
/**
* \def POLARSSL_SSL_ALPN
*
- * Enable support for Application Layer Protocol Negotiation.
- * draft-ietf-tls-applayerprotoneg-05
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
*
* Comment this macro to disable support for ALPN.
*/
@@ -926,6 +1077,8 @@
*
* Enable support for RFC 6066 server name indication (SNI) in SSL.
*
+ * Requires: POLARSSL_X509_CRT_PARSE_C
+ *
* Comment this macro to disable support for server name indication in SSL
*/
#define POLARSSL_SSL_SERVER_NAME_INDICATION
@@ -1064,12 +1217,12 @@
* Uncomment to enable use of ZLIB
*/
//#define POLARSSL_ZLIB_SUPPORT
-/* \} name SECTION: PolarSSL feature support */
+/* \} name SECTION: mbed TLS feature support */
/**
- * \name SECTION: PolarSSL modules
+ * \name SECTION: mbed TLS modules
*
- * This section enables or disables entire modules in PolarSSL
+ * This section enables or disables entire modules in mbed TLS
* \{
*/
@@ -1587,7 +1740,10 @@
/**
* \def POLARSSL_MEMORY_C
- * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
+ *
+ * \deprecated Use POLARSSL_PLATFORM_MEMORY instead.
+ *
+ * Depends on: POLARSSL_PLATFORM_C
*/
//#define POLARSSL_MEMORY_C
@@ -1601,7 +1757,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: POLARSSL_PLATFORM_C
- * POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL)
+ * POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -1612,6 +1768,9 @@
*
* Enable the TCP/IP networking routines.
*
+ * \warning As of 1.3.11, it is deprecated to enable this module without
+ * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0.
+ *
* Module: library/net.c
*
* This module provides TCP/IP networking routines.
@@ -1659,7 +1818,8 @@
* \def POLARSSL_PBKDF2_C
*
* Enable PKCS#5 PBKDF2 key derivation function.
- * DEPRECATED: Use POLARSSL_PKCS5_C instead
+ *
+ * \deprecated Use POLARSSL_PKCS5_C instead
*
* Module: library/pbkdf2.c
*
@@ -1796,7 +1956,11 @@
* \def POLARSSL_PLATFORM_C
*
* Enable the platform abstraction layer that allows you to re-assign
- * functions like malloc(), free(), printf(), fprintf()
+ * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit()
+ *
+ * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT
+ * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
*
* Module: library/platform.c
* Caller: Most other .c files
@@ -1944,7 +2108,7 @@
* \def POLARSSL_THREADING_C
*
* Enable the threading abstraction layer.
- * By default PolarSSL assumes it is used in a non-threaded environment or that
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions.
@@ -1957,7 +2121,7 @@
* You will have to enable either POLARSSL_THREADING_ALT or
* POLARSSL_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within PolarSSL
+ * Enable this layer to allow use of mutexes within mbed TLS
*/
//#define POLARSSL_THREADING_C
@@ -2094,7 +2258,7 @@
*/
#define POLARSSL_XTEA_C
-/* \} name SECTION: PolarSSL modules */
+/* \} name SECTION: mbed TLS modules */
/**
* \name SECTION: Module configuration options
@@ -2141,11 +2305,22 @@
//#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
/* Platform options */
-//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
+//#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
+
+/* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */
+/* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */
+//#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */
+//#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
+//#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
+//#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
+//#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
/* SSL Cache options */
//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
@@ -2173,6 +2348,9 @@
/* Debug options */
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
+/* X509 options */
+//#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+
/* \} name SECTION: Module configuration options */
#include "check_config.h"
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index bebbfe9..ebab55f 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -3,12 +3,9 @@
*
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,8 +24,6 @@
#ifndef POLARSSL_CTR_DRBG_H
#define POLARSSL_CTR_DRBG_H
-#include <string.h>
-
#include "aes.h"
#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
@@ -188,6 +183,10 @@
* \param ctx CTR_DRBG context
* \param additional Additional data to update state with
* \param add_len Length of additional data
+ *
+ * \note If add_len is greater than CTR_DRBG_MAX_SEED_INPUT,
+ * only the first CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ * the remaining ones are silently discarded.
*/
void ctr_drbg_update( ctr_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index 0dd79d5..fcf1490 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -3,12 +3,9 @@
*
* \brief Debug functions
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,7 +29,9 @@
#else
#include POLARSSL_CONFIG_FILE
#endif
+
#include "ssl.h"
+
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
#endif
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index 89bb394..3f7236c 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -3,12 +3,9 @@
*
* \brief DES block cipher
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
@@ -217,6 +214,14 @@
/**
* \brief DES-CBC buffer encryption/decryption
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx DES context
* \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data
@@ -249,6 +254,14 @@
/**
* \brief 3DES-CBC buffer encryption/decryption
*
+ * \note Upon exit, the content of the IV is updated so that you can
+ * call the function same function again on the following
+ * block(s) of data and get the same result as if it was
+ * encrypted in one call. This allows a "streaming" usage.
+ * If on the other hand you need to retain the contents of the
+ * IV, you should either save it manually or use the cipher
+ * module instead.
+ *
* \param ctx 3DES context
* \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 064472f..8d64a5f 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -3,12 +3,9 @@
*
* \brief Diffie-Hellman-Merkle key exchange
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/ecdh.h b/include/polarssl/ecdh.h
index 525cade..60f913d 100644
--- a/include/polarssl/ecdh.h
+++ b/include/polarssl/ecdh.h
@@ -3,12 +3,9 @@
*
* \brief Elliptic curve Diffie-Hellman
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/ecdsa.h b/include/polarssl/ecdsa.h
index d99a17a..5eb83d9 100644
--- a/include/polarssl/ecdsa.h
+++ b/include/polarssl/ecdsa.h
@@ -3,12 +3,9 @@
*
* \brief Elliptic curve DSA
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -28,10 +25,7 @@
#define POLARSSL_ECDSA_H
#include "ecp.h"
-
-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
#include "md.h"
-#endif
/**
* \brief ECDSA context structure
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index 7192f1e..ef99351 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -3,12 +3,9 @@
*
* \brief Elliptic curves over GF(p)
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -413,6 +410,8 @@
* \param buf $(Start of input buffer)
* \param len Buffer length
*
+ * \note buf is updated to point right after the ECPoint on exit
+ *
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
@@ -479,6 +478,8 @@
* \param buf &(Start of input buffer)
* \param len Buffer length
*
+ * \note buf is updated to point right after ECParameters on exit
+ *
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
@@ -635,6 +636,18 @@
int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+/**
+ * \brief Check a public-private key pair
+ *
+ * \param pub Keypair structure holding a public key
+ * \param prv Keypair structure holding a private (plus public) key
+ *
+ * \return 0 if successful (keys are valid and match), or
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA, or
+ * a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code.
+ */
+int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv );
+
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h
index f5fa928..aa23a03 100644
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@@ -3,12 +3,9 @@
*
* \brief Entropy accumulator implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,14 +24,14 @@
#ifndef POLARSSL_ENTROPY_H
#define POLARSSL_ENTROPY_H
-#include <string.h>
-
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
+#include <stddef.h>
+
#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
#include "sha512.h"
#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
diff --git a/include/polarssl/entropy_poll.h b/include/polarssl/entropy_poll.h
index 92efa00..94b5a6e 100644
--- a/include/polarssl/entropy_poll.h
+++ b/include/polarssl/entropy_poll.h
@@ -3,12 +3,9 @@
*
* \brief Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,14 +24,14 @@
#ifndef POLARSSL_ENTROPY_POLL_H
#define POLARSSL_ENTROPY_POLL_H
-#include <string.h>
-
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
+#include <stddef.h>
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 7ce2828..3041155 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -3,12 +3,9 @@
*
* \brief Error to string translation
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +24,7 @@
#ifndef POLARSSL_ERROR_H
#define POLARSSL_ERROR_H
-#include <string.h>
+#include <stddef.h>
/**
* Error code layout.
@@ -91,7 +88,7 @@
* ECP 4 8 (Started from top)
* MD 5 4
* CIPHER 6 6
- * SSL 6 10 (Started from top)
+ * SSL 6 11 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
@@ -102,7 +99,7 @@
#endif
/**
- * \brief Translate a PolarSSL error code into a string representation,
+ * \brief Translate a mbed TLS error code into a string representation,
* Result is truncated if necessary and always includes a terminating
* null byte.
*
diff --git a/include/polarssl/gcm.h b/include/polarssl/gcm.h
index c2829a0..5a94722 100644
--- a/include/polarssl/gcm.h
+++ b/include/polarssl/gcm.h
@@ -3,12 +3,9 @@
*
* \brief Galois/Counter mode for 128-bit block ciphers
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h
index 536eb08..825a1da 100644
--- a/include/polarssl/havege.h
+++ b/include/polarssl/havege.h
@@ -3,12 +3,9 @@
*
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +24,7 @@
#ifndef POLARSSL_HAVEGE_H
#define POLARSSL_HAVEGE_H
-#include <string.h>
+#include <stddef.h>
#define COLLECT_SIZE 1024
diff --git a/include/polarssl/hmac_drbg.h b/include/polarssl/hmac_drbg.h
index 2d765d5..0fe7b03 100644
--- a/include/polarssl/hmac_drbg.h
+++ b/include/polarssl/hmac_drbg.h
@@ -3,12 +3,9 @@
*
* \brief HMAC_DRBG (NIST SP 800-90A)
*
- * Copyright (C) 2014, Brainspark B.V.
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index 81d8a2e..303aee8 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,7 +26,7 @@
#ifndef POLARSSL_MD_H
#define POLARSSL_MD_H
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
@@ -203,17 +200,25 @@
*/
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
/**
* \brief Free the message-specific context of ctx. Freeing ctx itself
* remains the responsibility of the caller.
*
- * \note Deprecated: Redirects to md_free()
+ * \deprecated Use md_free() instead
*
* \param ctx Free the message-specific context
*
* \returns 0
*/
-int md_free_ctx( md_context_t *ctx );
+int md_free_ctx( md_context_t *ctx ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
/**
* \brief Returns the size of the message digest output.
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 952b0bf..53c85f8 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -3,12 +3,9 @@
*
* \brief MD2 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index fc5a5cd..68ac6c1 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -3,12 +3,9 @@
*
* \brief MD4 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h
index 2f378f6..d5ce136 100644
--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -3,12 +3,9 @@
*
* \brief MD5 message digest algorithm (hash function)
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/include/polarssl/md_wrap.h b/include/polarssl/md_wrap.h
index eb1db0f..dd5fd6c 100644
--- a/include/polarssl/md_wrap.h
+++ b/include/polarssl/md_wrap.h
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,6 +31,7 @@
#else
#include POLARSSL_CONFIG_FILE
#endif
+
#include "md.h"
#ifdef __cplusplus
diff --git a/include/polarssl/memory.h b/include/polarssl/memory.h
index 3af3951..8b8ac5d 100644
--- a/include/polarssl/memory.h
+++ b/include/polarssl/memory.h
@@ -1,14 +1,13 @@
/**
* \file memory.h
*
- * \brief Memory allocation layer (Deprecated to platform layer)
+ * \brief Memory allocation layer
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * \deprecated Use the platform layer instead
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -35,18 +34,29 @@
#include <stdlib.h>
-#if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_MEMORY)
-#define POLARSSL_PLATFORM_MEMORY
-#endif
-
#include "platform.h"
#include "memory_buffer_alloc.h"
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
+/**
+ * \brief Set malloc() / free() callback
+ *
+ * \deprecated Use platform_set_malloc_free instead
+ */
+int memory_set_own( void * (*malloc_func)( size_t ),
+ void (*free_func)( void * ) ) DEPRECATED;
int memory_set_own( void * (*malloc_func)( size_t ),
void (*free_func)( void * ) )
{
return platform_set_malloc_free( malloc_func, free_func );
}
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#endif /* memory.h */
diff --git a/include/polarssl/memory_buffer_alloc.h b/include/polarssl/memory_buffer_alloc.h
index c449752..19abe55 100644
--- a/include/polarssl/memory_buffer_alloc.h
+++ b/include/polarssl/memory_buffer_alloc.h
@@ -3,12 +3,9 @@
*
* \brief Buffer-based memory allocator
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <stdlib.h>
+#include <stddef.h>
/**
* \name SECTION: Module settings
@@ -100,6 +97,27 @@
* trace if POLARSSL_MEMORY_BACKTRACE is defined.
*/
void memory_buffer_alloc_status( void );
+
+/**
+ * \brief Get the peak heap usage so far
+ *
+ * \param max_used Peak number of bytes reauested by the application
+ * \param max_blocks Peak number of blocks reauested by the application
+ */
+void memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+
+/**
+ * \brief Reset peak statistics
+ */
+void memory_buffer_alloc_max_reset( void );
+
+/**
+ * \brief Get the current heap usage
+ *
+ * \param cur_used Number of bytes reauested by the application
+ * \param cur_blocks Number of blocks reauested by the application
+ */
+void memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
#endif /* POLARSSL_MEMORY_DEBUG */
/**
@@ -115,6 +133,15 @@
*/
int memory_buffer_alloc_verify( void );
+#if defined(POLARSSL_SELF_TEST)
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if a test failed
+ */
+int memory_buffer_alloc_self_test( int verbose );
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/net.h b/include/polarssl/net.h
index 22698b4..d70639d 100644
--- a/include/polarssl/net.h
+++ b/include/polarssl/net.h
@@ -3,12 +3,9 @@
*
* \brief Network communication functions
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +24,7 @@
#ifndef POLARSSL_NET_H
#define POLARSSL_NET_H
-#include <string.h>
+#include <stddef.h>
#define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0056 /**< Failed to get an IP address for the given hostname. */
#define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index c4d5c3f..31a7d2b 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -3,12 +3,9 @@
*
* \brief Object Identifier (OID) database
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,14 +24,17 @@
#ifndef POLARSSL_OID_H
#define POLARSSL_OID_H
-#include <string.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
+
#include "asn1.h"
#include "pk.h"
+
+#include <stddef.h>
+
#if defined(POLARSSL_CIPHER_C)
#include "cipher.h"
#endif
@@ -122,6 +122,7 @@
#define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define OID_AT_UNIQUE_IDENTIFIER OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
#define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
diff --git a/include/polarssl/openssl.h b/include/polarssl/openssl.h
index b77e7da..233a093 100644
--- a/include/polarssl/openssl.h
+++ b/include/polarssl/openssl.h
@@ -3,12 +3,11 @@
*
* \brief OpenSSL wrapper (definitions, inline functions).
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * \deprecated Use native mbed TLS functions instead
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ * Copyright (C) 2006-2010, ARM Limited, All Rights Reserved
*
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,9 +23,17 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+
/*
* OpenSSL wrapper contributed by David Barett
*/
+
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#warning "Including openssl.h is deprecated"
+#endif
+
#ifndef POLARSSL_OPENSSL_H
#define POLARSSL_OPENSSL_H
@@ -138,3 +145,4 @@
#endif
#endif /* openssl.h */
+#endif /* POLARSSL_DEPRECATED_REMOVED */
diff --git a/include/polarssl/padlock.h b/include/polarssl/padlock.h
index 3c5f725..55a0395 100644
--- a/include/polarssl/padlock.h
+++ b/include/polarssl/padlock.h
@@ -4,12 +4,9 @@
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -45,7 +42,6 @@
#include <inttypes.h>
#endif
-
#define PADLOCK_RNG 0x000C
#define PADLOCK_ACE 0x00C0
#define PADLOCK_PHE 0x0C00
diff --git a/include/polarssl/pbkdf2.h b/include/polarssl/pbkdf2.h
index 5ccb2fa..28987b3 100644
--- a/include/polarssl/pbkdf2.h
+++ b/include/polarssl/pbkdf2.h
@@ -2,16 +2,14 @@
* \file pbkdf2.h
*
* \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- * DEPRECATED: use pkcs5.h instead.
+ *
+ * \deprecated Use pkcs5.h instead.
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,10 +28,10 @@
#ifndef POLARSSL_PBKDF2_H
#define POLARSSL_PBKDF2_H
-#include <string.h>
-
#include "md.h"
+#include <stddef.h>
+
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -47,9 +45,16 @@
extern "C" {
#endif
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
/**
* \brief PKCS#5 PBKDF2 using HMAC
- * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead!
+ *
+ * \deprecated Use pkcs5_pbkdf2_hmac() instead
*
* \param ctx Generic HMAC context
* \param password Password to use when generating key
@@ -60,20 +65,23 @@
* \param key_length Length of generated key
* \param output Generated key. Must be at least as big as key_length
*
- * \returns 0 on success, or a PolarSSL error code if verification fails.
+ * \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails.
*/
int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
- uint32_t key_length, unsigned char *output );
+ uint32_t key_length, unsigned char *output ) DEPRECATED;
/**
* \brief Checkup routine
- * DEPRECATED: Use pkcs5_self_test() instead!
+ *
+ * \deprecated Use pkcs5_self_test() instead
*
* \return 0 if successful, or 1 if the test failed
*/
-int pbkdf2_self_test( int verbose );
+int pbkdf2_self_test( int verbose ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
diff --git a/include/polarssl/pem.h b/include/polarssl/pem.h
index e606cf0..b47e0e9 100644
--- a/include/polarssl/pem.h
+++ b/include/polarssl/pem.h
@@ -3,12 +3,9 @@
*
* \brief Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,7 +24,7 @@
#ifndef POLARSSL_PEM_H
#define POLARSSL_PEM_H
-#include <string.h>
+#include <stddef.h>
/**
* \name PEM Error codes
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 754dda2..8d9407c 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -3,12 +3,9 @@
*
* \brief Public Key abstraction layer
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -177,6 +174,9 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+ /** Check public-private key pair */
+ int (*check_pair_func)( const void *pub, const void *prv );
+
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
@@ -427,6 +427,16 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
+ * \brief Check if a public-private pair of keys matches.
+ *
+ * \param pub Context holding a public key.
+ * \param prv Context holding a private (and public) key.
+ *
+ * \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+ */
+int pk_check_pair( const pk_context *pub, const pk_context *prv );
+
+/**
* \brief Export debug information
*
* \param ctx Context to use
@@ -625,6 +635,14 @@
const pk_context *key );
#endif /* POLARSSL_PK_WRITE_C */
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+#if defined(POLARSSL_FS_IO)
+int pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/pk_wrap.h b/include/polarssl/pk_wrap.h
index 7baafb9..3677250 100644
--- a/include/polarssl/pk_wrap.h
+++ b/include/polarssl/pk_wrap.h
@@ -3,12 +3,9 @@
*
* \brief Public Key abstraction layer: wrapper functions
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/pkcs11.h b/include/polarssl/pkcs11.h
index 84f862d..18c3370 100644
--- a/include/polarssl/pkcs11.h
+++ b/include/polarssl/pkcs11.h
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -62,7 +59,7 @@
} pkcs11_context;
/**
- * Fill in a PolarSSL certificate, based on the given PKCS11 helper certificate.
+ * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
*
* \param cert X.509 certificate to fill
* \param pkcs11h_cert PKCS #11 helper certificate
diff --git a/include/polarssl/pkcs12.h b/include/polarssl/pkcs12.h
index 4bd5018..cb53fe2 100644
--- a/include/polarssl/pkcs12.h
+++ b/include/polarssl/pkcs12.h
@@ -3,12 +3,9 @@
*
* \brief PKCS#12 Personal Information Exchange Syntax
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,12 +24,12 @@
#ifndef POLARSSL_PKCS12_H
#define POLARSSL_PKCS12_H
-#include <string.h>
-
#include "md.h"
#include "cipher.h"
#include "asn1.h"
+#include <stddef.h>
+
#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
@@ -61,7 +58,7 @@
* \param len data length
* \param output the output buffer
*
- * \return 0 if successful, or a PolarSSL error code
+ * \return 0 if successful, or a POLARSSL_ERR_xxx code
*/
int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
@@ -82,7 +79,7 @@
* \param len data length
* \param output the output buffer
*
- * \return 0 if successful, or a PolarSSL error code
+ * \return 0 if successful, or a POLARSSL_ERR_xxx code
*/
int pkcs12_pbe( asn1_buf *pbe_params, int mode,
cipher_type_t cipher_type, md_type_t md_type,
diff --git a/include/polarssl/pkcs5.h b/include/polarssl/pkcs5.h
index 34e824b..6a21af1 100644
--- a/include/polarssl/pkcs5.h
+++ b/include/polarssl/pkcs5.h
@@ -5,12 +5,9 @@
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,11 +26,11 @@
#ifndef POLARSSL_PKCS5_H
#define POLARSSL_PKCS5_H
-#include <string.h>
-
#include "asn1.h"
#include "md.h"
+#include <stddef.h>
+
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -64,7 +61,7 @@
* \param datalen length of data
* \param output output buffer
*
- * \returns 0 on success, or a PolarSSL error code if verification fails.
+ * \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails.
*/
int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
@@ -83,7 +80,7 @@
* \param key_length Length of generated key
* \param output Generated key. Must be at least as big as key_length
*
- * \returns 0 on success, or a PolarSSL error code if verification fails.
+ * \returns 0 on success, or a POLARSSL_ERR_xxx code if verification fails.
*/
int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
diff --git a/include/polarssl/platform.h b/include/polarssl/platform.h
index eae887a..9095203 100644
--- a/include/polarssl/platform.h
+++ b/include/polarssl/platform.h
@@ -1,14 +1,11 @@
/**
* \file platform.h
*
- * \brief PolarSSL Platform abstraction layer
+ * \brief mbed TLS Platform abstraction layer
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,10 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <stdio.h>
+/* Temporary compatibility hack for to keep MEMORY_C working */
+#if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_MEMORY)
+#define POLARSSL_PLATFORM_MEMORY
+#endif
#ifdef __cplusplus
extern "C" {
@@ -48,7 +48,11 @@
*/
#if !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
+#include <stdio.h>
#include <stdlib.h>
+#if !defined(POLARSSL_PLATFORM_STD_SNPRINTF)
+#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */
+#endif
#if !defined(POLARSSL_PLATFORM_STD_PRINTF)
#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use */
#endif
@@ -61,6 +65,9 @@
#if !defined(POLARSSL_PLATFORM_STD_FREE)
#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use */
#endif
+#if !defined(POLARSSL_PLATFORM_STD_EXIT)
+#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default free to use */
+#endif
#else /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
#if defined(POLARSSL_PLATFORM_STD_MEM_HDR)
#include POLARSSL_PLATFORM_STD_MEM_HDR
@@ -73,6 +80,11 @@
* The function pointers for malloc and free
*/
#if defined(POLARSSL_PLATFORM_MEMORY)
+#if defined(POLARSSL_PLATFORM_FREE_MACRO) && \
+ defined(POLARSSL_PLATFORM_MALLOC_MACRO)
+#define polarssl_free POLARSSL_PLATFORM_FREE_MACRO
+#define polarssl_malloc POLARSSL_PLATFORM_MALLOC_MACRO
+#else
extern void * (*polarssl_malloc)( size_t len );
extern void (*polarssl_free)( void *ptr );
@@ -86,10 +98,34 @@
*/
int platform_set_malloc_free( void * (*malloc_func)( size_t ),
void (*free_func)( void * ) );
-#else /* POLARSSL_PLATFORM_ENTROPY */
-#define polarssl_malloc malloc
+#endif /* POLARSSL_PLATFORM_FREE_MACRO && POLARSSL_PLATFORM_MALLOC_MACRO */
+#else /* !POLARSSL_PLATFORM_MEMORY */
#define polarssl_free free
-#endif /* POLARSSL_PLATFORM_ENTROPY */
+#define polarssl_malloc malloc
+#endif /* POLARSSL_PLATFORM_MEMORY && !POLARSSL_PLATFORM_{FREE,MALLOC}_MACRO */
+
+/*
+ * The function pointers for fprintf
+ */
+#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
+extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... );
+
+/**
+ * \brief Set your own fprintf function pointer
+ *
+ * \param fprintf_func the fprintf function implementation
+ *
+ * \return 0
+ */
+int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
+ ... ) );
+#else
+#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO)
+#define polarssl_fprintf POLARSSL_PLATFORM_FPRINTF_MACRO
+#else
+#define polarssl_fprintf fprintf
+#endif /* POLARSSL_PLATFORM_FPRINTF_MACRO */
+#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */
/*
* The function pointers for printf
@@ -105,21 +141,58 @@
* \return 0
*/
int platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* POLARSSL_PLATFORM_PRINTF_ALT */
+#else /* !POLARSSL_PLATFORM_PRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_PRINTF_MACRO)
+#define polarssl_printf POLARSSL_PLATFORM_PRINTF_MACRO
+#else
#define polarssl_printf printf
+#endif /* POLARSSL_PLATFORM_PRINTF_MACRO */
#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
/*
- * The function pointers for fprintf
+ * The function pointers for snprintf
*/
-#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
-extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... );
+#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
+extern int (*polarssl_snprintf)( char * s, size_t n, const char * format, ... );
-int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
- ... ) );
+/**
+ * \brief Set your own snprintf function pointer
+ *
+ * \param snprintf_func the snprintf function implementation
+ *
+ * \return 0
+ */
+int platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+ const char * format, ... ) );
+#else /* POLARSSL_PLATFORM_SNPRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO)
+#define polarssl_snprintf POLARSSL_PLATFORM_SNPRINTF_MACRO
#else
-#define polarssl_fprintf fprintf
-#endif
+#define polarssl_snprintf snprintf
+#endif /* POLARSSL_PLATFORM_SNPRINTF_MACRO */
+#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */
+
+/*
+ * The function pointers for exit
+ */
+#if defined(POLARSSL_PLATFORM_EXIT_ALT)
+extern void (*polarssl_exit)( int status );
+
+/**
+ * \brief Set your own exit function pointer
+ *
+ * \param exit_func the exit function implementation
+ *
+ * \return 0
+ */
+int platform_set_exit( void (*exit_func)( int status ) );
+#else
+#if defined(POLARSSL_PLATFORM_EXIT_MACRO)
+#define polarssl_exit POLARSSL_PLATFORM_EXIT_MACRO
+#else
+#define polarssl_exit exit
+#endif /* POLARSSL_PLATFORM_EXIT_MACRO */
+#endif /* POLARSSL_PLATFORM_EXIT_ALT */
#ifdef __cplusplus
}
diff --git a/include/polarssl/ripemd160.h b/include/polarssl/ripemd160.h
index e3b66c9..2555eb4 100644
--- a/include/polarssl/ripemd160.h
+++ b/include/polarssl/ripemd160.h
@@ -3,12 +3,9 @@
*
* \brief RIPE MD-160 message digest
*
- * Copyright (C) 2014-2014, Brainspark B.V.
+ * Copyright (C) 2014-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index c06c7d5..21109ed 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -3,12 +3,9 @@
*
* \brief The RSA public-key cryptosystem
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -99,10 +96,8 @@
mpi RP; /*!< cached R^2 mod P */
mpi RQ; /*!< cached R^2 mod Q */
-#if !defined(POLARSSL_RSA_NO_CRT)
mpi Vi; /*!< cached blinding value */
mpi Vf; /*!< cached un-blinding value */
-#endif
int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
RSA_PKCS_v21 for OAEP/PSS */
@@ -192,6 +187,17 @@
int rsa_check_privkey( const rsa_context *ctx );
/**
+ * \brief Check a public-private RSA key pair.
+ * Check each of the contexts, and make sure they match.
+ *
+ * \param pub RSA context holding the public key
+ * \param prv RSA context holding the private key
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ */
+int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv );
+
+/**
* \brief Do an RSA public key operation
*
* \param ctx RSA context
diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h
index cb0c436..e9e5a8e 100644
--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -3,12 +3,9 @@
*
* \brief SHA-1 cryptographic hash function
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/include/polarssl/sha256.h b/include/polarssl/sha256.h
index b143674..f8917ff 100644
--- a/include/polarssl/sha256.h
+++ b/include/polarssl/sha256.h
@@ -3,12 +3,9 @@
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/include/polarssl/sha512.h b/include/polarssl/sha512.h
index dfbae4a..15d266c 100644
--- a/include/polarssl/sha512.h
+++ b/include/polarssl/sha512.h
@@ -3,12 +3,9 @@
*
* \brief SHA-384 and SHA-512 cryptographic hash function
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,14 +30,12 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) || defined(__WATCOMC__)
- #define UL64(x) x##ui64
typedef unsigned __int64 uint64_t;
#else
#include <inttypes.h>
- #define UL64(x) x##ULL
#endif
#define POLARSSL_ERR_SHA512_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 194e944..54382e5 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -3,12 +3,9 @@
*
* \brief SSL/TLS functions.
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,6 +29,12 @@
#else
#include POLARSSL_CONFIG_FILE
#endif
+
+/* Temporary compatibility trick for the current stable branch */
+#if !defined(POLARSSL_SSL_DISABLE_RENEGOTIATION)
+#define POLARSSL_SSL_RENEGOTIATION
+#endif
+
#include "net.h"
#include "bignum.h"
#include "ecp.h"
@@ -114,7 +117,7 @@
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
#define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
-#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
@@ -146,6 +149,7 @@
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6A80 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
/*
* Various constants
@@ -206,6 +210,15 @@
#define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1
+#define SSL_IS_NOT_FALLBACK 0
+#define SSL_IS_FALLBACK 1
+
+#define SSL_EXTENDED_MS_DISABLED 0
+#define SSL_EXTENDED_MS_ENABLED 1
+
+#define SSL_ETM_DISABLED 0
+#define SSL_ETM_ENABLED 1
+
#define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1
@@ -238,6 +251,12 @@
#define SSL_SESSION_TICKETS_DISABLED 0
#define SSL_SESSION_TICKETS_ENABLED 1
+#define SSL_CBC_RECORD_SPLITTING_DISABLED -1
+#define SSL_CBC_RECORD_SPLITTING_ENABLED 0
+
+#define SSL_ARC4_ENABLED 0
+#define SSL_ARC4_DISABLED 1
+
/**
* \name SECTION: Module settings
*
@@ -305,9 +324,19 @@
)
/*
+ * Length of the verify data for secure renegotiation
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+#define SSL_VERIFY_DATA_MAX_LEN 36
+#else
+#define SSL_VERIFY_DATA_MAX_LEN 12
+#endif
+
+/*
* Signaling ciphersuite values (SCSV)
*/
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
+#define SSL_FALLBACK_SCSV 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
@@ -365,6 +394,7 @@
#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
#define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
+#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
#define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
@@ -401,6 +431,9 @@
#define TLS_EXT_ALPN 16
+#define TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
+#define TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
+
#define TLS_EXT_SESSION_TICKET 35
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
@@ -444,7 +477,7 @@
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
#endif
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
+ POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
#endif
@@ -538,6 +571,10 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation */
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac; /*!< flag for EtM activation */
+#endif
};
/*
@@ -652,6 +689,9 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ int extended_ms; /*!< use Extended Master Secret? */
+#endif
};
#if defined(POLARSSL_SSL_SESSION_TICKETS)
@@ -687,7 +727,9 @@
*/
int state; /*!< SSL handshake: current state */
int renegotiation; /*!< Initial or renegotiation */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int renego_records_seen; /*!< Records since renego request */
+#endif
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@@ -697,6 +739,17 @@
int min_major_ver; /*!< min. major version used */
int min_minor_ver; /*!< min. minor version used */
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+ char fallback; /*!< flag for fallback connections */
+#endif
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ char encrypt_then_mac; /*!< flag for encrypt-then-mac */
+#endif
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ char extended_ms; /*!< flag for extended master secret */
+#endif
+ char arc4_disabled; /*!< flag for disabling RC4 */
+
/*
* Callbacks (RNG, debug, I/O, verification)
*/
@@ -784,6 +837,10 @@
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ signed char split_done; /*!< flag for record splitting:
+ -1 disabled, 0 todo, 1 done */
+#endif
/*
* PKI layer
@@ -810,9 +867,13 @@
int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int disable_renegotiation; /*!< enable/disable renegotiation */
- int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
int renego_max_records; /*!< grace period for renegotiation */
+ unsigned char renego_period[8]; /*!< value of the record counters
+ that triggers renegotiation */
+#endif
+ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
#if defined(POLARSSL_SSL_SET_CURVES)
const ecp_group_id *curve_list; /*!< allowed curves */
@@ -861,9 +922,11 @@
*/
int secure_renegotiation; /*!< does peer support legacy or
secure renegotiation */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
size_t verify_data_len; /*!< length of verify data stored */
- char own_verify_data[36]; /*!< previous handshake verify data */
- char peer_verify_data[36]; /*!< previous handshake verify data */
+ char own_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ char peer_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+#endif
};
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
@@ -1024,9 +1087,11 @@
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
+#if defined(POLARSSL_SSL_SRV_C)
/**
* \brief Set the session cache callbacks (server-side only)
- * If not set, no session resuming is done.
+ * If not set, no session resuming is done (except if session
+ * tickets are enabled too).
*
* The session cache has the responsibility to check for stale
* entries based on timeout. See RFC 5246 for recommendations.
@@ -1064,7 +1129,9 @@
void ssl_set_session_cache( ssl_context *ssl,
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
+#endif /* POLARSSL_SSL_SRV_C */
+#if defined(POLARSSL_SSL_CLI_C)
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
@@ -1080,14 +1147,15 @@
* \sa ssl_get_session()
*/
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
+#endif /* POLARSSL_SSL_CLI_C */
/**
* \brief Set the list of allowed ciphersuites and the preference
* order. First in the list has the highest preference.
* (Overrides all version specific lists)
*
- * Note: The PolarSSL SSL server uses its own preferences
- * over the preference of the connection SSL client unless
+ * Note: The server uses its own preferences
+ * over the preference of the client unless
* POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
*
* \param ssl SSL context
@@ -1145,6 +1213,12 @@
int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
pk_context *pk_key );
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
#if defined(POLARSSL_RSA_C)
/**
* \brief Set own certificate chain and private RSA key
@@ -1153,8 +1227,7 @@
* up your certificate chain. The top certificate (self-signed)
* can be omitted.
*
- * \warning This backwards-compatibility function is deprecated!
- * Please use \c ssl_set_own_cert() instead.
+ * \deprecated Please use \c ssl_set_own_cert() instead.
*
* \param ssl SSL context
* \param own_cert own public certificate chain
@@ -1163,11 +1236,11 @@
* \return 0 on success, or a specific error code.
*/
int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
- rsa_context *rsa_key );
+ rsa_context *rsa_key ) DEPRECATED;
#endif /* POLARSSL_RSA_C */
/**
- * \brief Set own certificate and alternate non-PolarSSL RSA private
+ * \brief Set own certificate and external RSA private
* key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler.
* (see the respective RSA functions in rsa.h for documentation
@@ -1178,8 +1251,7 @@
* up your certificate chain. The top certificate (self-signed)
* can be omitted.
*
- * \warning This backwards-compatibility function is deprecated!
- * Please use \c pk_init_ctx_rsa_alt()
+ * \deprecated Please use \c pk_init_ctx_rsa_alt()
* and \c ssl_set_own_cert() instead.
*
* \param ssl SSL context
@@ -1195,7 +1267,9 @@
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
- rsa_key_len_func rsa_key_len );
+ rsa_key_len_func rsa_key_len ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -1367,13 +1441,14 @@
*/
void ssl_set_max_version( ssl_context *ssl, int major, int minor );
-
/**
* \brief Set the minimum accepted SSL/TLS protocol version
* (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
*
- * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
- * SSL_MIN_XXXXX_VERSION range is ignored.
+ * \note Input outside of the SSL_MAX_XXXXX_VERSION and
+ * SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \note SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
*
* \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
@@ -1383,6 +1458,74 @@
*/
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+/**
+ * \brief Set the fallback flag (client-side only).
+ * (Default: SSL_IS_NOT_FALLBACK).
+ *
+ * \note Set to SSL_IS_FALLBACK when preparing a fallback
+ * connection, that is a connection with max_version set to a
+ * lower value than the value you're willing to use. Such
+ * fallback connections are not recommended but are sometimes
+ * necessary to interoperate with buggy (version-intolerant)
+ * servers.
+ *
+ * \warning You should NOT set this to SSL_IS_FALLBACK for
+ * non-fallback connections! This would appear to work for a
+ * while, then cause failures when the server is upgraded to
+ * support a newer TLS version.
+ *
+ * \param ssl SSL context
+ * \param fallback SSL_IS_NOT_FALLBACK or SSL_IS_FALLBACK
+ */
+void ssl_set_fallback( ssl_context *ssl, char fallback );
+#endif /* POLARSSL_SSL_FALLBACK_SCSV && POLARSSL_SSL_CLI_C */
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+/**
+ * \brief Enable or disable Encrypt-then-MAC
+ * (Default: SSL_ETM_ENABLED)
+ *
+ * \note This should always be enabled, it is a security
+ * improvement, and should not cause any interoperability
+ * issue (used only if the peer supports it too).
+ *
+ * \param ssl SSL context
+ * \param etm SSL_ETM_ENABLED or SSL_ETM_DISABLED
+ */
+void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm );
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+/**
+ * \brief Enable or disable Extended Master Secret negotiation.
+ * (Default: SSL_EXTENDED_MS_ENABLED)
+ *
+ * \note This should always be enabled, it is a security fix to the
+ * protocol, and should not cause any interoperability issue
+ * (used only if the peer supports it too).
+ *
+ * \param ssl SSL context
+ * \param ems SSL_EXTENDED_MS_ENABLED or SSL_EXTENDED_MS_DISABLED
+ */
+void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
+/**
+ * \brief Disable or enable support for RC4
+ * (Default: SSL_ARC4_ENABLED)
+ *
+ * \note Though the default is RC4 for compatibility reasons in the
+ * 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
+ *
+ * \note This function will likely be removed in future versions as
+ * RC4 will then be disabled by default at compile time.
+ *
+ * \param ssl SSL context
+ * \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED
+ */
+void ssl_set_arc4_support( ssl_context *ssl, char arc4 );
+
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate
@@ -1404,19 +1547,34 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/**
- * \brief Activate negotiation of truncated HMAC (Client only)
- * (Default: SSL_TRUNC_HMAC_ENABLED)
+ * \brief Activate negotiation of truncated HMAC
+ * (Default: SSL_TRUNC_HMAC_DISABLED on client,
+ * SSL_TRUNC_HMAC_ENABLED on server.)
*
* \param ssl SSL context
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED)
*
- * \return O if successful,
- * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ * \return Always 0.
*/
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+/**
+ * \brief Enable / Disable 1/n-1 record splitting
+ * (Default: SSL_CBC_RECORD_SPLITTING_ENABLED)
+ *
+ * \note Only affects SSLv3 and TLS 1.0, not higher versions.
+ * Does not affect non-CBC ciphersuites in any version.
+ *
+ * \param ssl SSL context
+ * \param split SSL_CBC_RECORD_SPLITTING_ENABLED or
+ * SSL_CBC_RECORD_SPLITTING_DISABLED
+ */
+void ssl_set_cbc_record_splitting( ssl_context *ssl, char split );
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/**
* \brief Enable / Disable session tickets
@@ -1446,6 +1604,7 @@
void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
* \brief Enable / Disable renegotiation support for connection when
* initiated by peer
@@ -1460,6 +1619,7 @@
* SSL_RENEGOTIATION_DISABLED)
*/
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/**
* \brief Prevent or allow legacy renegotiation.
@@ -1490,8 +1650,9 @@
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
- * \brief Enforce server-requested renegotiation.
+ * \brief Enforce requested renegotiation.
* (Default: enforced, max_records = 16)
*
* When we request a renegotiation, the peer can comply or
@@ -1521,6 +1682,27 @@
void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
/**
+ * \brief Set record counter threshold for periodic renegotiation.
+ * (Default: 2^64 - 256.)
+ *
+ * Renegotiation is automatically triggered when a record
+ * counter (outgoing or ingoing) crosses the defined
+ * threshold. The default value is meant to prevent the
+ * connection from being closed when the counter is about to
+ * reached its maximal value (it is not allowed to wrap).
+ *
+ * Lower values can be used to enforce policies such as "keys
+ * must be refreshed every N packets with cipher X".
+ *
+ * \param ssl SSL context
+ * \param period The threshold value: a big-endian 64-bit number.
+ * Set to 2^64 - 1 to disable periodic renegotiation
+ */
+void ssl_set_renegotiation_period( ssl_context *ssl,
+ const unsigned char period[8] );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+
+/**
* \brief Return the number of data bytes available to read
*
* \param ssl SSL context
@@ -1534,11 +1716,11 @@
*
* \param ssl SSL context
*
- * \return 0 if successful, or a combination of:
- * BADCERT_EXPIRED
- * BADCERT_REVOKED
- * BADCERT_CN_MISMATCH
- * BADCERT_NOT_TRUSTED
+ * \return 0 if successful,
+ * -1 if result is not available (eg because the handshake was
+ * aborted too early), or
+ * a combination of BADCERT_xxx and BADCRL_xxx flags, see
+ * x509.h
*/
int ssl_get_verify_result( const ssl_context *ssl );
@@ -1578,6 +1760,7 @@
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_CRT_PARSE_C */
+#if defined(POLARSSL_SSL_CLI_C)
/**
* \brief Save session in order to resume it later (client-side only)
* Session data is copied to presented session structure.
@@ -1595,6 +1778,7 @@
* \sa ssl_set_session()
*/
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
+#endif /* POLARSSL_SSL_CLI_C */
/**
* \brief Perform the SSL handshake
@@ -1620,6 +1804,7 @@
*/
int ssl_handshake_step( ssl_context *ssl );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
* \brief Initiate an SSL renegotiation on the running connection.
* Client: perform the renegotiation right now.
@@ -1631,6 +1816,7 @@
* \return 0 if successful, or any ssl_handshake() return value.
*/
int ssl_renegotiate( ssl_context *ssl );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/**
* \brief Read at most 'len' application data bytes
@@ -1657,6 +1843,10 @@
* \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
* it must be called later with the *same* arguments,
* until it returns a positive value.
+ *
+ * \note This function may write less than the number of bytes
+ * requested if len is greater than the maximum record length.
+ * For arbitrary-sized messages, it should be called in a loop.
*/
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
@@ -1790,7 +1980,8 @@
*/
int ssl_check_cert_usage( const x509_crt *cert,
const ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint );
+ int cert_endpoint,
+ int *flags );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/* constant-time buffer comparison */
diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h
index 918fb60..063d7d7 100644
--- a/include/polarssl/ssl_cache.h
+++ b/include/polarssl/ssl_cache.h
@@ -3,12 +3,9 @@
*
* \brief SSL session cache implementation
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index c4f1ffe..1fcf4c7 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -1,14 +1,11 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for PolarSSL
+ * \brief SSL Ciphersuites for mbed TLS
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -233,7 +230,9 @@
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
-/* Reminder: update _ssl_premaster_secret when adding a new key exchange */
+/* Reminder: update _ssl_premaster_secret when adding a new key exchange.
+ * Reminder: update POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED below.
+ */
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
@@ -248,6 +247,17 @@
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
} key_exchange_type_t;
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED
+#endif
+
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
diff --git a/include/polarssl/threading.h b/include/polarssl/threading.h
index 1fc9f98..293da38 100644
--- a/include/polarssl/threading.h
+++ b/include/polarssl/threading.h
@@ -3,12 +3,9 @@
*
* \brief Threading abstraction layer
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/include/polarssl/timing.h b/include/polarssl/timing.h
index 383120e..2dae5d9 100644
--- a/include/polarssl/timing.h
+++ b/include/polarssl/timing.h
@@ -3,12 +3,9 @@
*
* \brief Portable interface to the CPU cycle counter
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -68,6 +65,10 @@
* \brief Setup an alarm clock
*
* \param seconds delay before the "alarmed" flag is set
+ *
+ * \warning Only one alarm at a time is supported. In a threaded
+ * context, this means one for the whole process, not one per
+ * thread.
*/
void set_alarm( int seconds );
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index b00687f..9ffba29 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h
@@ -3,12 +3,9 @@
*
* \brief Run-time version information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -26,7 +23,7 @@
*/
/*
* This set of compile-time defines and run-time variables can be used to
- * determine the version number of the PolarSSL library used.
+ * determine the version number of the mbed TLS library used.
*/
#ifndef POLARSSL_VERSION_H
#define POLARSSL_VERSION_H
@@ -43,16 +40,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3
-#define POLARSSL_VERSION_PATCH 9
+#define POLARSSL_VERSION_PATCH 10
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01030900
-#define POLARSSL_VERSION_STRING "1.3.9"
-#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.9"
+#define POLARSSL_VERSION_NUMBER 0x01030A00
+#define POLARSSL_VERSION_STRING "1.3.10"
+#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.10"
#if defined(POLARSSL_VERSION_C)
@@ -77,9 +74,9 @@
void version_get_string( char *string );
/**
- * Get the full version string ("PolarSSL x.y.z").
+ * Get the full version string ("mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The PolarSSL version
+ * \param string The string that will receive the value. The mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -89,12 +86,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * PolarSSL binary. This allows you to see at runtime if the
+ * mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* Note: only checks against defines in the sections "System
- * support", "PolarSSL modules" and "PolarSSL feature
+ * support", "mbed TLS modules" and "mbed TLS feature
* support" in config.h
*
* \param feature The string for the define to check (e.g. "POLARSSL_AES_C")
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 9b0bcb7..cd01539 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -3,12 +3,9 @@
*
* \brief X.509 generic defines and structures
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -45,6 +42,18 @@
* \{
*/
+#if !defined(POLARSSL_X509_MAX_INTERMEDIATE_CA)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8
+#endif
+
/**
* \name X509 Error codes
* \{
@@ -73,17 +82,21 @@
* \name X509 Verify codes
* \{
*/
+/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
-#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
-#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
+#define BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */
+#define BADCRL_EXPIRED 0x20 /**< The CRL is expired. */
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
#define BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
+#define BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
+#define BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
+#define BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
/* \} name */
/* \} addtogroup x509_module */
@@ -216,21 +229,30 @@
*/
int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
/**
* \brief Give an known OID, return its descriptive string.
- * (Deprecated. Use oid_get_extended_key_usage() instead.)
- * Warning: only works for extended_key_usage OIDs!
+ *
+ * \deprecated Use oid_get_extended_key_usage() instead.
+ *
+ * \warning Only works for extended_key_usage OIDs!
*
* \param oid buffer containing the oid
*
* \return Return a string if the OID is known,
* or NULL otherwise.
*/
-const char *x509_oid_get_description( x509_buf *oid );
+const char *x509_oid_get_description( x509_buf *oid ) DEPRECATED;
/**
* \brief Give an OID, return a string version of its OID number.
- * (Deprecated. Use oid_get_numeric_string() instead)
+ *
+ * \deprecated Use oid_get_numeric_string() instead.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
@@ -239,7 +261,9 @@
* \return Length of the string written (excluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
-int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
+int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
/**
* \brief Check a given x509_time against the system time and check
@@ -295,7 +319,6 @@
x509_buf *serial );
int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag );
-int x509_load_file( const char *path, unsigned char **buf, size_t *n );
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
pk_type_t pk_alg, md_type_t md_alg,
const void *sig_opts );
diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h
index 9f597a8..6f4b65d 100644
--- a/include/polarssl/x509_crl.h
+++ b/include/polarssl/x509_crl.h
@@ -3,12 +3,9 @@
*
* \brief X.509 certificate revocation list parsing
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -100,11 +97,23 @@
x509_crl;
/**
- * \brief Parse one or more CRLs and add them
- * to the chained list
+ * \brief Parse a DER-encoded CRL and append it to the chained list
*
* \param chain points to the start of the chain
- * \param buf buffer holding the CRL data
+ * \param buf buffer holding the CRL data in DER format
+ * \param buflen size of the buffer
+ *
+ * \return 0 if successful, or a specific X509 or PEM error code
+ */
+int x509_crl_parse_der( x509_crl *chain,
+ const unsigned char *buf, size_t buflen );
+/**
+ * \brief Parse one or more CRLs and append them to the chained list
+ *
+ * \note Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain points to the start of the chain
+ * \param buf buffer holding the CRL data in PEM or DER format
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
@@ -113,11 +122,12 @@
#if defined(POLARSSL_FS_IO)
/**
- * \brief Load one or more CRLs and add them
- * to the chained list
+ * \brief Load one or more CRLs and append them to the chained list
+ *
+ * \note Mutliple CRLs are accepted only if using PEM format
*
* \param chain points to the start of the chain
- * \param path filename to read the CRLs from
+ * \param path filename to read the CRLs from (in PEM or DER encoding)
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 4bf8e56..24f7c7a 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -3,12 +3,9 @@
*
* \brief X.509 certificate parsing and writing
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,7 +31,6 @@
#endif
#include "x509.h"
-
#include "x509_crl.h"
/**
@@ -207,6 +203,21 @@
const x509_crt *crt );
/**
+ * \brief Returns an informational string about the
+ * verification status of a certificate.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param flags Verification flags created by x509_crt_verify()
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+ int flags );
+
+/**
* \brief Verify the certificate signature
*
* The verify callback is a user-supplied callback that
@@ -223,6 +234,9 @@
* are also returned to the application. The function should
* return 0 for anything but a fatal error.
*
+ * \note In case verification failed, the results can be displayed
+ * using \c x509_crt_verify_info()
+ *
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
@@ -233,12 +247,8 @@
* \param p_vrfy verification parameter
*
* \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
- * in which case *flags will have one or more of
- * the following values set:
- * BADCERT_EXPIRED --
- * BADCERT_REVOKED --
- * BADCERT_CN_MISMATCH --
- * BADCERT_NOT_TRUSTED
+ * in which case *flags will have one or more BADCERT_XXX or
+ * BADCRL_XXX flags set,
* or another error in case of a fatal error encountered
* during the verification process.
*/
@@ -367,7 +377,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=NL,O=Offspark,CN=PolarSSL CA"
+ * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -382,7 +392,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
+ * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h
index 6591e38..34f527b 100644
--- a/include/polarssl/x509_csr.h
+++ b/include/polarssl/x509_csr.h
@@ -3,12 +3,9 @@
*
* \brief X.509 certificate signing request parsing and writing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -164,7 +161,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
+ * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h
index 794c5ef..02cd8d6 100644
--- a/include/polarssl/xtea.h
+++ b/include/polarssl/xtea.h
@@ -3,12 +3,9 @@
*
* \brief XTEA block cipher (32-bit)
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,7 +30,7 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#include <stddef.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
diff --git a/library/.gitignore b/library/.gitignore
index 9d80fa4..09d13d2 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -1,2 +1,5 @@
*.o
-libpolarssl*
+libpolarssl.*
+libmbedtls.*
+*.sln
+*.vcxproj
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 33d96b4..57ebf83 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,6 +1,6 @@
-option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
-option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link PolarSSL library to pthread." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
set(src
aes.c
@@ -78,59 +78,79 @@
endif(WIN32)
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
- set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG)
-if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
- message(FATAL_ERROR "Need to choose static or shared polarssl build!")
-endif(NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
+if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
+ message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
+endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
-if(USE_STATIC_POLARSSL_LIBRARY AND USE_SHARED_POLARSSL_LIBRARY)
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
# if we build both static an shared, then let
# tests and programs link to the shared lib target
- set(polarssl_static_target "polarssl_static")
-elseif(USE_STATIC_POLARSSL_LIBRARY)
- set(polarssl_static_target "polarssl")
+ set(mbedtls_static_target "mbedtls_static")
+elseif(USE_STATIC_MBEDTLS_LIBRARY)
+ set(mbedtls_static_target "mbedtls")
endif()
-if(USE_STATIC_POLARSSL_LIBRARY)
- add_library(${polarssl_static_target} STATIC ${src})
- set_target_properties(${polarssl_static_target} PROPERTIES OUTPUT_NAME polarssl)
- target_link_libraries(${polarssl_static_target} ${libs})
+if(USE_STATIC_MBEDTLS_LIBRARY)
+ add_library(${mbedtls_static_target} STATIC ${src})
+ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+ target_link_libraries(${mbedtls_static_target} ${libs})
if(ZLIB_FOUND)
- target_link_libraries(${polarssl_static_target} ${ZLIB_LIBRARIES})
+ target_link_libraries(${mbedtls_static_target} ${ZLIB_LIBRARIES})
endif(ZLIB_FOUND)
if(LINK_WITH_PTHREAD)
- target_link_libraries(${polarssl_static_target} pthread)
+ target_link_libraries(${mbedtls_static_target} pthread)
endif()
- install(TARGETS ${polarssl_static_target}
+ install(TARGETS ${mbedtls_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
endif()
-if(USE_SHARED_POLARSSL_LIBRARY)
- add_library(polarssl SHARED ${src})
- set_target_properties(polarssl PROPERTIES VERSION 1.3.9 SOVERSION 7)
+if(USE_SHARED_MBEDTLS_LIBRARY)
+ add_library(mbedtls SHARED ${src})
+ set_target_properties(mbedtls PROPERTIES VERSION 1.3.10 SOVERSION 8)
- target_link_libraries(polarssl ${libs})
+ target_link_libraries(mbedtls ${libs})
if(ZLIB_FOUND)
- target_link_libraries(polarssl ${ZLIB_LIBRARIES})
+ target_link_libraries(mbedtls ${ZLIB_LIBRARIES})
endif(ZLIB_FOUND)
if(LINK_WITH_PTHREAD)
- target_link_libraries(polarssl pthread)
+ target_link_libraries(mbedtls pthread)
endif()
- install(TARGETS polarssl
+ install(TARGETS mbedtls
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-endif(USE_SHARED_POLARSSL_LIBRARY)
+endif(USE_SHARED_MBEDTLS_LIBRARY)
+
+if(UNIX)
+ add_custom_target(polarssl
+ DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined
+ COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library
+ )
+
+ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+ add_dependencies(polarssl mbedtls_static)
+ endif()
+
+ add_custom_target(polarssl-clean
+ COMMAND make clean
+ COMMAND rm -f ${CMAKE_BINARY_DIR}/library/libpolarssl.*
+ )
+
+ add_custom_target(polarssl-install
+ COMMAND make install
+ COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${DESTDIR}/${CMAKE_INSTALL_PREFIX}/${LIB_INSTALL_DIR}
+ )
+endif(UNIX)
diff --git a/library/Makefile b/library/Makefile
index d637417..d099471 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -1,14 +1,15 @@
# Also see "include/polarssl/config.h"
-# To compile on MinGW: add "-lws2_32" to LDFLAGS or define WINDOWS in your
-# environment
-#
-CFLAGS += -I../include -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement
-OFLAGS = -O2
+CFLAGS ?= -O2
+WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+LDFLAGS ?=
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS =
ifdef DEBUG
-CFLAGS += -g3
+LOCAL_CFLAGS += -g3
endif
# MicroBlaze specific options:
@@ -17,21 +18,28 @@
# To compile on Plan9:
# CFLAGS += -D_BSD_EXTENSION
-# To compile as a shared library:
-ifdef SHARED
-CFLAGS += -fPIC
+# if were running on Windows build for Windows
+ifdef WINDOWS
+WINDOWS_BUILD=1
endif
-SONAME=libpolarssl.so.7
+# To compile as a shared library:
+ifdef SHARED
+# all code is position-indep with mingw, avoid warning about useless flag
+ifndef WINDOWS_BUILD
+LOCAL_CFLAGS += -fPIC -fpic
+endif
+endif
-DLEXT=so.7
+SOEXT=so.8
+
+DLEXT=so
# OSX shared library extension:
# DLEXT=dylib
# Windows shared library extension:
-ifdef WINDOWS
+ifdef WINDOWS_BUILD
DLEXT=dll
-LDFLAGS += -lws2_32
endif
OBJS= aes.o aesni.o arc4.o \
@@ -68,43 +76,66 @@
ifndef SHARED
all: static
else
-all: shared
+all: shared static
endif
static: libpolarssl.a
-shared: libpolarssl.$(DLEXT) libpolarssl.so
+shared: libpolarssl.$(DLEXT)
-libpolarssl.a: $(OBJS)
+libpolarssl.a: libmbedtls.a
+ echo " LN $@ -> $?"
+ifndef WINDOWS
+ ln -sf $? $@
+else
+ copy /y /b $? $@
+endif
+
+libmbedtls.a: $(OBJS)
echo " AR $@"
- $(AR) r $@ $(OBJS)
+ $(AR) rc $@ $(OBJS)
echo " RL $@"
$(AR) s $@
-libpolarssl.${DLEXT}: libpolarssl.a
- echo " LD $@"
- $(CC) ${LDFLAGS} -shared -Wl,-soname,$(SONAME) -o $@ $(OBJS)
+libpolarssl.$(DLEXT): libmbedtls.$(DLEXT)
+ echo " LN $@ -> $?"
+ifndef WINDOWS
+ ln -sf $? $@
+else
+ copy /y /b $? $@
+endif
+ifdef WINDOWS_BUILD
+ifndef WINDOWS
+ ln -sf $?.a $@.a
+else
+ copy /y /b $?.a $@.a
+endif
+endif
-libpolarssl.so: libpolarssl.${DLEXT}
- echo " LN $@ -> libpolarssl.${DLEXT}"
- ln -sf libpolarssl.${DLEXT} $@
-
-libpolarssl.dylib: libpolarssl.a
+libmbedtls.$(SOEXT): $(OBJS)
echo " LD $@"
- $(CC) ${LDFLAGS} -dynamiclib -o $@ $(OBJS)
+ $(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS)
-libpolarssl.dll: libpolarssl.a
+libmbedtls.so: libmbedtls.$(SOEXT)
+ echo " LN $@ -> libmbedtls.$(SOEXT)"
+ ln -sf libmbedtls.$(SOEXT) $@
+
+libmbedtls.dylib: $(OBJS)
echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32
+ $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS)
+
+libmbedtls.dll: $(OBJS)
+ echo " LD $@"
+ $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32 $(LOCAL_LDFLAGS) $(LDFLAGS)
.c.o:
echo " CC $<"
- $(CC) $(CFLAGS) $(OFLAGS) -c $<
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $<
clean:
ifndef WINDOWS
- rm -f *.o libpolarssl.*
+ rm -f *.o libpolarssl.* libmbedtls.*
endif
ifdef WINDOWS
- del /Q /F *.o libpolarssl.*
+ del /Q /F *.o libpolarssl.* libmbedtls.*
endif
diff --git a/library/aes.c b/library/aes.c
index f295747..9d96064 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1,12 +1,9 @@
/*
* FIPS-197 compliant AES implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -37,6 +34,8 @@
#if defined(POLARSSL_AES_C)
+#include <string.h>
+
#include "polarssl/aes.h"
#if defined(POLARSSL_PADLOCK_C)
#include "polarssl/padlock.h"
@@ -45,11 +44,14 @@
#include "polarssl/aesni.h"
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
#if !defined(POLARSSL_AES_ALT)
@@ -72,12 +74,12 @@
#endif
#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
+ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
+ (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
+ (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
@@ -929,7 +931,6 @@
/*
* AES-CFB8 buffer encryption/decryption
*/
-#include <stdio.h>
int aes_crypt_cfb8( aes_context *ctx,
int mode,
size_t length,
@@ -999,9 +1000,6 @@
#endif /* !POLARSSL_AES_ALT */
#if defined(POLARSSL_SELF_TEST)
-
-#include <stdio.h>
-
/*
* AES test vectors from:
*
diff --git a/library/aesni.c b/library/aesni.c
index 97f646e..5315aba 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -1,12 +1,9 @@
/*
* AES-NI support functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -37,7 +34,8 @@
#if defined(POLARSSL_AESNI_C)
#include "polarssl/aesni.h"
-#include <stdio.h>
+
+#include <string.h>
#if defined(POLARSSL_HAVE_X86_64)
diff --git a/library/arc4.c b/library/arc4.c
index 54e89ea..309d16a 100644
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -1,12 +1,9 @@
/*
* An implementation of the ARCFOUR algorithm
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,11 +35,16 @@
#include "polarssl/arc4.h"
+#include <string.h>
+
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
#if !defined(POLARSSL_ARC4_ALT)
@@ -129,10 +131,6 @@
#endif /* !POLARSSL_ARC4_ALT */
#if defined(POLARSSL_SELF_TEST)
-
-#include <string.h>
-#include <stdio.h>
-
/*
* ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
*
diff --git a/library/asn1parse.c b/library/asn1parse.c
index a3a2b56..e4f46eb 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -1,12 +1,9 @@
/*
* Generic ASN.1 parsing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,8 @@
#include "polarssl/asn1.h"
+#include <string.h>
+
#if defined(POLARSSL_BIGNUM_C)
#include "polarssl/bignum.h"
#endif
@@ -40,13 +39,11 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <string.h>
-#include <stdlib.h>
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -80,7 +77,7 @@
if( ( end - *p ) < 3 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
- *len = ( (*p)[1] << 8 ) | (*p)[2];
+ *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
(*p) += 3;
break;
@@ -88,7 +85,8 @@
if( ( end - *p ) < 4 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
- *len = ( (*p)[1] << 16 ) | ( (*p)[2] << 8 ) | (*p)[3];
+ *len = ( (size_t)(*p)[1] << 16 ) |
+ ( (size_t)(*p)[2] << 8 ) | (*p)[3];
(*p) += 4;
break;
@@ -96,8 +94,8 @@
if( ( end - *p ) < 5 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
- *len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) |
- (*p)[4];
+ *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
+ ( (size_t)(*p)[3] << 8 ) | (*p)[4];
(*p) += 5;
break;
@@ -272,12 +270,13 @@
/* Allocate and assign next pointer */
if( *p < end )
{
- cur->next = (asn1_sequence *) polarssl_malloc(
- sizeof( asn1_sequence ) );
+ cur->next = polarssl_malloc( sizeof( asn1_sequence ) );
if( cur->next == NULL )
return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ memset( cur->next, 0, sizeof( asn1_sequence ) );
+
cur = cur->next;
}
}
diff --git a/library/asn1write.c b/library/asn1write.c
index ebc0e97..df9442e 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -1,12 +1,9 @@
/*
* ASN.1 buffer writing functionality
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,8 @@
#include "polarssl/asn1write.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
@@ -327,6 +326,8 @@
return( NULL );
}
+ memcpy( cur->oid.p, oid, oid_len );
+
cur->val.len = val_len;
cur->val.p = polarssl_malloc( val_len );
if( cur->val.p == NULL )
@@ -336,8 +337,6 @@
return( NULL );
}
- memcpy( cur->oid.p, oid, oid_len );
-
cur->next = *head;
*head = cur;
}
diff --git a/library/base64.c b/library/base64.c
index e6c3569..ac922a4 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -1,12 +1,9 @@
/*
* RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,11 +37,15 @@
#include <inttypes.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
+#include <string.h>
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
static const unsigned char base64_enc_map[64] =
{
@@ -85,7 +86,10 @@
unsigned char *p;
if( slen == 0 )
+ {
+ *dlen = 0;
return( 0 );
+ }
n = ( slen << 3 ) / 6;
@@ -221,9 +225,6 @@
#if defined(POLARSSL_SELF_TEST)
-#include <string.h>
-#include <stdio.h>
-
static const unsigned char base64_test_dec[64] =
{
0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
diff --git a/library/bignum.c b/library/bignum.c
index 448e743..f479bc9 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1,12 +1,9 @@
/*
* Multi-precision integer library
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -41,16 +38,18 @@
#include "polarssl/bignum.h"
#include "polarssl/bn_mul.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
+#include <stdlib.h>
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -110,7 +109,7 @@
if( X->n < nblimbs )
{
- if( ( p = (t_uint *) polarssl_malloc( nblimbs * ciL ) ) == NULL )
+ if( ( p = polarssl_malloc( nblimbs * ciL ) ) == NULL )
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
memset( p, 0, nblimbs * ciL );
@@ -150,7 +149,7 @@
if( i < nblimbs )
i = nblimbs;
- if( ( p = (t_uint *) polarssl_malloc( i * ciL ) ) == NULL )
+ if( ( p = polarssl_malloc( i * ciL ) ) == NULL )
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
memset( p, 0, i * ciL );
@@ -224,8 +223,8 @@
int ret = 0;
size_t i;
- /* make sure assign is 0 or 1 */
- assign = ( assign != 0 );
+ /* make sure assign is 0 or 1 in a time-constant manner */
+ assign = (assign | (unsigned char)-assign) >> 7;
MPI_CHK( mpi_grow( X, Y->n ) );
@@ -256,8 +255,8 @@
if( X == Y )
return( 0 );
- /* make sure swap is 0 or 1 */
- swap = ( swap != 0 );
+ /* make sure swap is 0 or 1 in a time-constant manner */
+ swap = (swap | (unsigned char)-swap) >> 7;
MPI_CHK( mpi_grow( X, Y->n ) );
MPI_CHK( mpi_grow( Y, X->n ) );
@@ -357,6 +356,9 @@
{
size_t i, j;
+ if( X->n == 0 )
+ return( 0 );
+
for( i = X->n - 1; i > 0; i-- )
if( X->p[i] != 0 )
break;
@@ -1241,17 +1243,7 @@
Z.p[i - t - 1] = ~0;
else
{
- /*
- * The version of Clang shipped by Apple with Mavericks around
- * 2014-03 can't handle 128-bit division properly. Disable
- * 128-bits division for this version. Let's be optimistic and
- * assume it'll be fixed in the next minor version (next
- * patchlevel is probably a bit too optimistic).
- */
-#if defined(POLARSSL_HAVE_UDBL) && \
- ! ( defined(__x86_64__) && defined(__APPLE__) && \
- defined(__clang_major__) && __clang_major__ == 5 && \
- defined(__clang_minor__) && __clang_minor__ == 0 )
+#if defined(POLARSSL_HAVE_UDBL)
t_udbl r;
r = (t_udbl) X.p[i] << biL;
@@ -1969,8 +1961,8 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret;
- size_t i, j, n, s;
+ int ret, count;
+ size_t i, j, k, n, s;
mpi W, R, T, A, RR;
mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A );
@@ -1998,14 +1990,23 @@
/*
* pick a random A, 1 < A < |X| - 1
*/
- MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
- if( mpi_cmp_mpi( &A, &W ) >= 0 )
- {
- j = mpi_msb( &A ) - mpi_msb( &W );
- MPI_CHK( mpi_shift_r( &A, j + 1 ) );
- }
- A.p[0] |= 3;
+ count = 0;
+ do {
+ MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
+
+ j = mpi_msb( &A );
+ k = mpi_msb( &W );
+ if (j > k) {
+ MPI_CHK( mpi_shift_r( &A, j - k ) );
+ }
+
+ if (count++ > 30) {
+ return POLARSSL_ERR_MPI_NOT_ACCEPTABLE;
+ }
+
+ } while ( (mpi_cmp_mpi( &A, &W ) >= 0) ||
+ (mpi_cmp_int( &A, 1 ) <= 0) );
/*
* A = A^R mod |X|
@@ -2103,10 +2104,11 @@
MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
k = mpi_msb( X );
- if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) );
- if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits ) );
+ if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits + 1 ) );
- X->p[0] |= 3;
+ mpi_set_bit( X, nbits-1, 1 );
+
+ X->p[0] |= 1;
if( dh_flag == 0 )
{
@@ -2125,6 +2127,9 @@
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
* Make sure it is satisfied, while keeping X = 3 mod 4
*/
+
+ X->p[0] |= 2;
+
MPI_CHK( mpi_mod_int( &r, X, 3 ) );
if( r == 0 )
MPI_CHK( mpi_add_int( X, X, 8 ) );
diff --git a/library/blowfish.c b/library/blowfish.c
index 87396dc..77191e7 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -1,12 +1,9 @@
/*
* Blowfish implementation
*
- * Copyright (C) 2012-2014, Brainspark B.V.
+ * Copyright (C) 2012-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,6 +36,8 @@
#include "polarssl/blowfish.h"
+#include <string.h>
+
#if !defined(POLARSSL_BLOWFISH_ALT)
/* Implementation that should never be optimized out by the compiler */
diff --git a/library/camellia.c b/library/camellia.c
index a4968f4..d80f51f 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -1,12 +1,9 @@
/*
* Camellia implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,11 +36,15 @@
#include "polarssl/camellia.h"
+#if defined(POLARSSL_SELF_TEST)
+#include <string.h>
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
#if !defined(POLARSSL_CAMELLIA_ALT)
@@ -304,14 +305,14 @@
I0 = x[0] ^ k[0];
I1 = x[1] ^ k[1];
- I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
- (SBOX2((I0 >> 16) & 0xFF) << 16) |
- (SBOX3((I0 >> 8) & 0xFF) << 8) |
- (SBOX4((I0 ) & 0xFF) );
- I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
- (SBOX3((I1 >> 16) & 0xFF) << 16) |
- (SBOX4((I1 >> 8) & 0xFF) << 8) |
- (SBOX1((I1 ) & 0xFF) );
+ I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
+ ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
+ ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
+ ((uint32_t) SBOX4((I0 ) & 0xFF) );
+ I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
+ ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
+ ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
+ ((uint32_t) SBOX1((I1 ) & 0xFF) );
I0 ^= (I1 << 8) | (I1 >> 24);
I1 ^= (I0 << 16) | (I0 >> 16);
@@ -455,7 +456,7 @@
camellia_init( &cty );
/* Also checks keysize */
- if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
+ if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) != 0 )
goto exit;
ctx->nr = cty.nr;
@@ -692,8 +693,6 @@
#if defined(POLARSSL_SELF_TEST)
-#include <stdio.h>
-
/*
* Camellia test vectors from:
*
diff --git a/library/ccm.c b/library/ccm.c
index 72d766b..87f1886 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -1,12 +1,9 @@
/*
* NIST SP800-38C compliant CCM implementation
*
- * Copyright (C) 2014, Brainspark B.V.
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -42,6 +39,17 @@
#include "polarssl/ccm.h"
+#include <string.h>
+
+#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
+
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -336,14 +344,6 @@
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
-
-#if defined(POLARSSL_PLATFORM_C)
-#include "polarssl/platform.h"
-#else
-#include <stdio.h>
-#define polarssl_printf printf
-#endif
-
/*
* Examples 1 to 3 from SP800-38C Appendix C
*/
diff --git a/library/certs.c b/library/certs.c
index a782bc1..95fc8cc 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -1,12 +1,9 @@
/*
* X.509 test certificates
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/library/cipher.c b/library/cipher.c
index 5cd30f8..b69d331 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,16 +1,13 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for PolarSSL
+ * \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,6 +35,9 @@
#include "polarssl/cipher.h"
#include "polarssl/cipher_wrap.h"
+#include <stdlib.h>
+#include <string.h>
+
#if defined(POLARSSL_GCM_C)
#include "polarssl/gcm.h"
#endif
@@ -46,8 +46,6 @@
#include "polarssl/ccm.h"
#endif
-#include <stdlib.h>
-
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
#define POLARSSL_CIPHER_MODE_STREAM
#endif
@@ -167,13 +165,14 @@
return( 0 );
}
-/* Deprecated, redirects to cipher_free() */
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int cipher_free_ctx( cipher_context_t *ctx )
{
cipher_free( ctx );
return( 0 );
}
+#endif
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
int key_length, const operation_t operation )
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index ab2f9bc..4c170bc 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,16 +1,13 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for PolarSSL
+ * \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -65,15 +62,18 @@
#include "polarssl/ccm.h"
#endif
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+#include <string.h>
+#endif
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
#if defined(POLARSSL_GCM_C)
/* shared by all GCM ciphers */
static void *gcm_ctx_alloc( void )
@@ -110,63 +110,34 @@
return aes_crypt_ecb( (aes_context *) ctx, operation, input, output );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CBC)
return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input,
output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CFB)
static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CFB)
return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv,
input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CFB */
}
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+#if defined(POLARSSL_CIPHER_MODE_CTR)
static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CTR)
return aes_crypt_ctr( (aes_context *) ctx, length, nc_off, nonce_counter,
stream_block, input, output );
-#else
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
}
+#endif /* POLARSSL_CIPHER_MODE_CTR */
static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
@@ -182,7 +153,7 @@
static void * aes_ctx_alloc( void )
{
- aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) );
+ aes_context *aes = polarssl_malloc( sizeof( aes_context ) );
if( aes == NULL )
return( NULL );
@@ -198,20 +169,28 @@
polarssl_free( ctx );
}
-const cipher_base_t aes_info = {
+static const cipher_base_t aes_info = {
POLARSSL_CIPHER_ID_AES,
aes_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
aes_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
aes_crypt_cfb128_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
aes_crypt_ctr_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
aes_setkey_enc_wrap,
aes_setkey_dec_wrap,
aes_ctx_alloc,
aes_ctx_free
};
-const cipher_info_t aes_128_ecb_info = {
+static const cipher_info_t aes_128_ecb_info = {
POLARSSL_CIPHER_AES_128_ECB,
POLARSSL_MODE_ECB,
128,
@@ -222,7 +201,7 @@
&aes_info
};
-const cipher_info_t aes_192_ecb_info = {
+static const cipher_info_t aes_192_ecb_info = {
POLARSSL_CIPHER_AES_192_ECB,
POLARSSL_MODE_ECB,
192,
@@ -233,7 +212,7 @@
&aes_info
};
-const cipher_info_t aes_256_ecb_info = {
+static const cipher_info_t aes_256_ecb_info = {
POLARSSL_CIPHER_AES_256_ECB,
POLARSSL_MODE_ECB,
256,
@@ -245,7 +224,7 @@
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t aes_128_cbc_info = {
+static const cipher_info_t aes_128_cbc_info = {
POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_MODE_CBC,
128,
@@ -256,7 +235,7 @@
&aes_info
};
-const cipher_info_t aes_192_cbc_info = {
+static const cipher_info_t aes_192_cbc_info = {
POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_MODE_CBC,
192,
@@ -267,7 +246,7 @@
&aes_info
};
-const cipher_info_t aes_256_cbc_info = {
+static const cipher_info_t aes_256_cbc_info = {
POLARSSL_CIPHER_AES_256_CBC,
POLARSSL_MODE_CBC,
256,
@@ -280,7 +259,7 @@
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
-const cipher_info_t aes_128_cfb128_info = {
+static const cipher_info_t aes_128_cfb128_info = {
POLARSSL_CIPHER_AES_128_CFB128,
POLARSSL_MODE_CFB,
128,
@@ -291,7 +270,7 @@
&aes_info
};
-const cipher_info_t aes_192_cfb128_info = {
+static const cipher_info_t aes_192_cfb128_info = {
POLARSSL_CIPHER_AES_192_CFB128,
POLARSSL_MODE_CFB,
192,
@@ -302,7 +281,7 @@
&aes_info
};
-const cipher_info_t aes_256_cfb128_info = {
+static const cipher_info_t aes_256_cfb128_info = {
POLARSSL_CIPHER_AES_256_CFB128,
POLARSSL_MODE_CFB,
256,
@@ -315,7 +294,7 @@
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
-const cipher_info_t aes_128_ctr_info = {
+static const cipher_info_t aes_128_ctr_info = {
POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_MODE_CTR,
128,
@@ -326,7 +305,7 @@
&aes_info
};
-const cipher_info_t aes_192_ctr_info = {
+static const cipher_info_t aes_192_ctr_info = {
POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_MODE_CTR,
192,
@@ -337,7 +316,7 @@
&aes_info
};
-const cipher_info_t aes_256_ctr_info = {
+static const cipher_info_t aes_256_ctr_info = {
POLARSSL_CIPHER_AES_256_CTR,
POLARSSL_MODE_CTR,
256,
@@ -357,20 +336,28 @@
key, key_length );
}
-const cipher_base_t gcm_aes_info = {
+static const cipher_base_t gcm_aes_info = {
POLARSSL_CIPHER_ID_AES,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
gcm_aes_setkey_wrap,
gcm_aes_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
-const cipher_info_t aes_128_gcm_info = {
+static const cipher_info_t aes_128_gcm_info = {
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_MODE_GCM,
128,
@@ -381,7 +368,7 @@
&gcm_aes_info
};
-const cipher_info_t aes_192_gcm_info = {
+static const cipher_info_t aes_192_gcm_info = {
POLARSSL_CIPHER_AES_192_GCM,
POLARSSL_MODE_GCM,
192,
@@ -392,7 +379,7 @@
&gcm_aes_info
};
-const cipher_info_t aes_256_gcm_info = {
+static const cipher_info_t aes_256_gcm_info = {
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_MODE_GCM,
256,
@@ -412,20 +399,28 @@
key, key_length );
}
-const cipher_base_t ccm_aes_info = {
+static const cipher_base_t ccm_aes_info = {
POLARSSL_CIPHER_ID_AES,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
ccm_aes_setkey_wrap,
ccm_aes_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
-const cipher_info_t aes_128_ccm_info = {
+static const cipher_info_t aes_128_ccm_info = {
POLARSSL_CIPHER_AES_128_CCM,
POLARSSL_MODE_CCM,
128,
@@ -436,7 +431,7 @@
&ccm_aes_info
};
-const cipher_info_t aes_192_ccm_info = {
+static const cipher_info_t aes_192_ccm_info = {
POLARSSL_CIPHER_AES_192_CCM,
POLARSSL_MODE_CCM,
192,
@@ -447,7 +442,7 @@
&ccm_aes_info
};
-const cipher_info_t aes_256_ccm_info = {
+static const cipher_info_t aes_256_ccm_info = {
POLARSSL_CIPHER_AES_256_CCM,
POLARSSL_MODE_CCM,
256,
@@ -470,64 +465,35 @@
output );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CBC)
return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv,
input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CFB)
static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CFB)
return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length,
iv_off, iv, input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CFB */
}
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+#if defined(POLARSSL_CIPHER_MODE_CTR)
static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CTR)
return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
-#else
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
}
+#endif /* POLARSSL_CIPHER_MODE_CTR */
static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
@@ -544,7 +510,7 @@
static void * camellia_ctx_alloc( void )
{
camellia_context *ctx;
- ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) );
+ ctx = polarssl_malloc( sizeof( camellia_context ) );
if( ctx == NULL )
return( NULL );
@@ -560,20 +526,28 @@
polarssl_free( ctx );
}
-const cipher_base_t camellia_info = {
+static const cipher_base_t camellia_info = {
POLARSSL_CIPHER_ID_CAMELLIA,
camellia_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
camellia_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
camellia_crypt_cfb128_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
camellia_crypt_ctr_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
camellia_setkey_enc_wrap,
camellia_setkey_dec_wrap,
camellia_ctx_alloc,
camellia_ctx_free
};
-const cipher_info_t camellia_128_ecb_info = {
+static const cipher_info_t camellia_128_ecb_info = {
POLARSSL_CIPHER_CAMELLIA_128_ECB,
POLARSSL_MODE_ECB,
128,
@@ -584,7 +558,7 @@
&camellia_info
};
-const cipher_info_t camellia_192_ecb_info = {
+static const cipher_info_t camellia_192_ecb_info = {
POLARSSL_CIPHER_CAMELLIA_192_ECB,
POLARSSL_MODE_ECB,
192,
@@ -595,7 +569,7 @@
&camellia_info
};
-const cipher_info_t camellia_256_ecb_info = {
+static const cipher_info_t camellia_256_ecb_info = {
POLARSSL_CIPHER_CAMELLIA_256_ECB,
POLARSSL_MODE_ECB,
256,
@@ -607,7 +581,7 @@
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t camellia_128_cbc_info = {
+static const cipher_info_t camellia_128_cbc_info = {
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_MODE_CBC,
128,
@@ -618,7 +592,7 @@
&camellia_info
};
-const cipher_info_t camellia_192_cbc_info = {
+static const cipher_info_t camellia_192_cbc_info = {
POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_MODE_CBC,
192,
@@ -629,7 +603,7 @@
&camellia_info
};
-const cipher_info_t camellia_256_cbc_info = {
+static const cipher_info_t camellia_256_cbc_info = {
POLARSSL_CIPHER_CAMELLIA_256_CBC,
POLARSSL_MODE_CBC,
256,
@@ -642,7 +616,7 @@
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
-const cipher_info_t camellia_128_cfb128_info = {
+static const cipher_info_t camellia_128_cfb128_info = {
POLARSSL_CIPHER_CAMELLIA_128_CFB128,
POLARSSL_MODE_CFB,
128,
@@ -653,7 +627,7 @@
&camellia_info
};
-const cipher_info_t camellia_192_cfb128_info = {
+static const cipher_info_t camellia_192_cfb128_info = {
POLARSSL_CIPHER_CAMELLIA_192_CFB128,
POLARSSL_MODE_CFB,
192,
@@ -664,7 +638,7 @@
&camellia_info
};
-const cipher_info_t camellia_256_cfb128_info = {
+static const cipher_info_t camellia_256_cfb128_info = {
POLARSSL_CIPHER_CAMELLIA_256_CFB128,
POLARSSL_MODE_CFB,
256,
@@ -677,7 +651,7 @@
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
-const cipher_info_t camellia_128_ctr_info = {
+static const cipher_info_t camellia_128_ctr_info = {
POLARSSL_CIPHER_CAMELLIA_128_CTR,
POLARSSL_MODE_CTR,
128,
@@ -688,7 +662,7 @@
&camellia_info
};
-const cipher_info_t camellia_192_ctr_info = {
+static const cipher_info_t camellia_192_ctr_info = {
POLARSSL_CIPHER_CAMELLIA_192_CTR,
POLARSSL_MODE_CTR,
192,
@@ -699,7 +673,7 @@
&camellia_info
};
-const cipher_info_t camellia_256_ctr_info = {
+static const cipher_info_t camellia_256_ctr_info = {
POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_MODE_CTR,
256,
@@ -719,20 +693,28 @@
key, key_length );
}
-const cipher_base_t gcm_camellia_info = {
+static const cipher_base_t gcm_camellia_info = {
POLARSSL_CIPHER_ID_CAMELLIA,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
gcm_camellia_setkey_wrap,
gcm_camellia_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
-const cipher_info_t camellia_128_gcm_info = {
+static const cipher_info_t camellia_128_gcm_info = {
POLARSSL_CIPHER_CAMELLIA_128_GCM,
POLARSSL_MODE_GCM,
128,
@@ -743,7 +725,7 @@
&gcm_camellia_info
};
-const cipher_info_t camellia_192_gcm_info = {
+static const cipher_info_t camellia_192_gcm_info = {
POLARSSL_CIPHER_CAMELLIA_192_GCM,
POLARSSL_MODE_GCM,
192,
@@ -754,7 +736,7 @@
&gcm_camellia_info
};
-const cipher_info_t camellia_256_gcm_info = {
+static const cipher_info_t camellia_256_gcm_info = {
POLARSSL_CIPHER_CAMELLIA_256_GCM,
POLARSSL_MODE_GCM,
256,
@@ -774,20 +756,28 @@
key, key_length );
}
-const cipher_base_t ccm_camellia_info = {
+static const cipher_base_t ccm_camellia_info = {
POLARSSL_CIPHER_ID_CAMELLIA,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
ccm_camellia_setkey_wrap,
ccm_camellia_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
-const cipher_info_t camellia_128_ccm_info = {
+static const cipher_info_t camellia_128_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_128_CCM,
POLARSSL_MODE_CCM,
128,
@@ -798,7 +788,7 @@
&ccm_camellia_info
};
-const cipher_info_t camellia_192_ccm_info = {
+static const cipher_info_t camellia_192_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_192_CCM,
POLARSSL_MODE_CCM,
192,
@@ -809,7 +799,7 @@
&ccm_camellia_info
};
-const cipher_info_t camellia_256_ccm_info = {
+static const cipher_info_t camellia_256_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_256_CCM,
POLARSSL_MODE_CCM,
256,
@@ -839,41 +829,23 @@
return des3_crypt_ecb( (des3_context *) ctx, input, output );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CBC)
return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input,
output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CBC)
return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input,
output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
@@ -925,7 +897,7 @@
static void * des_ctx_alloc( void )
{
- des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) );
+ des_context *des = polarssl_malloc( sizeof( des_context ) );
if( des == NULL )
return( NULL );
@@ -944,7 +916,7 @@
static void * des3_ctx_alloc( void )
{
des3_context *des3;
- des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) );
+ des3 = polarssl_malloc( sizeof( des3_context ) );
if( des3 == NULL )
return( NULL );
@@ -960,20 +932,28 @@
polarssl_free( ctx );
}
-const cipher_base_t des_info = {
+static const cipher_base_t des_info = {
POLARSSL_CIPHER_ID_DES,
des_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
des_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
des_setkey_enc_wrap,
des_setkey_dec_wrap,
des_ctx_alloc,
des_ctx_free
};
-const cipher_info_t des_ecb_info = {
+static const cipher_info_t des_ecb_info = {
POLARSSL_CIPHER_DES_ECB,
POLARSSL_MODE_ECB,
POLARSSL_KEY_LENGTH_DES,
@@ -985,7 +965,7 @@
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t des_cbc_info = {
+static const cipher_info_t des_cbc_info = {
POLARSSL_CIPHER_DES_CBC,
POLARSSL_MODE_CBC,
POLARSSL_KEY_LENGTH_DES,
@@ -997,20 +977,28 @@
};
#endif /* POLARSSL_CIPHER_MODE_CBC */
-const cipher_base_t des_ede_info = {
+static const cipher_base_t des_ede_info = {
POLARSSL_CIPHER_ID_DES,
des3_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
des3_set2key_enc_wrap,
des3_set2key_dec_wrap,
des3_ctx_alloc,
des3_ctx_free
};
-const cipher_info_t des_ede_ecb_info = {
+static const cipher_info_t des_ede_ecb_info = {
POLARSSL_CIPHER_DES_EDE_ECB,
POLARSSL_MODE_ECB,
POLARSSL_KEY_LENGTH_DES_EDE,
@@ -1022,7 +1010,7 @@
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t des_ede_cbc_info = {
+static const cipher_info_t des_ede_cbc_info = {
POLARSSL_CIPHER_DES_EDE_CBC,
POLARSSL_MODE_CBC,
POLARSSL_KEY_LENGTH_DES_EDE,
@@ -1034,20 +1022,28 @@
};
#endif /* POLARSSL_CIPHER_MODE_CBC */
-const cipher_base_t des_ede3_info = {
+static const cipher_base_t des_ede3_info = {
POLARSSL_CIPHER_ID_DES,
des3_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
des3_set3key_enc_wrap,
des3_set3key_dec_wrap,
des3_ctx_alloc,
des3_ctx_free
};
-const cipher_info_t des_ede3_ecb_info = {
+static const cipher_info_t des_ede3_ecb_info = {
POLARSSL_CIPHER_DES_EDE3_ECB,
POLARSSL_MODE_ECB,
POLARSSL_KEY_LENGTH_DES_EDE3,
@@ -1058,7 +1054,7 @@
&des_ede3_info
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t des_ede3_cbc_info = {
+static const cipher_info_t des_ede3_cbc_info = {
POLARSSL_CIPHER_DES_EDE3_CBC,
POLARSSL_MODE_CBC,
POLARSSL_KEY_LENGTH_DES_EDE3,
@@ -1080,64 +1076,35 @@
output );
}
+#if defined(POLARSSL_CIPHER_MODE_CBC)
static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation,
size_t length, unsigned char *iv, const unsigned char *input,
unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CBC)
return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv,
input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
}
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CFB)
static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CFB)
return blowfish_crypt_cfb64( (blowfish_context *) ctx, operation, length,
iv_off, iv, input, output );
-#else
- ((void) ctx);
- ((void) operation);
- ((void) length);
- ((void) iv_off);
- ((void) iv);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CFB */
}
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+#if defined(POLARSSL_CIPHER_MODE_CTR)
static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
-#if defined(POLARSSL_CIPHER_MODE_CTR)
return blowfish_crypt_ctr( (blowfish_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
-#else
- ((void) ctx);
- ((void) length);
- ((void) nc_off);
- ((void) nonce_counter);
- ((void) stream_block);
- ((void) input);
- ((void) output);
-
- return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
}
+#endif /* POLARSSL_CIPHER_MODE_CTR */
static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
@@ -1148,7 +1115,7 @@
static void * blowfish_ctx_alloc( void )
{
blowfish_context *ctx;
- ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) );
+ ctx = polarssl_malloc( sizeof( blowfish_context ) );
if( ctx == NULL )
return( NULL );
@@ -1164,20 +1131,28 @@
polarssl_free( ctx );
}
-const cipher_base_t blowfish_info = {
+static const cipher_base_t blowfish_info = {
POLARSSL_CIPHER_ID_BLOWFISH,
blowfish_crypt_ecb_wrap,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
blowfish_crypt_cbc_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
blowfish_crypt_cfb64_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
blowfish_crypt_ctr_wrap,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
NULL,
+#endif
blowfish_setkey_wrap,
blowfish_setkey_wrap,
blowfish_ctx_alloc,
blowfish_ctx_free
};
-const cipher_info_t blowfish_ecb_info = {
+static const cipher_info_t blowfish_ecb_info = {
POLARSSL_CIPHER_BLOWFISH_ECB,
POLARSSL_MODE_ECB,
128,
@@ -1189,7 +1164,7 @@
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
-const cipher_info_t blowfish_cbc_info = {
+static const cipher_info_t blowfish_cbc_info = {
POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_MODE_CBC,
128,
@@ -1202,7 +1177,7 @@
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
-const cipher_info_t blowfish_cfb64_info = {
+static const cipher_info_t blowfish_cfb64_info = {
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_MODE_CFB,
128,
@@ -1215,7 +1190,7 @@
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
-const cipher_info_t blowfish_ctr_info = {
+static const cipher_info_t blowfish_ctr_info = {
POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_MODE_CTR,
128,
@@ -1250,7 +1225,7 @@
static void * arc4_ctx_alloc( void )
{
arc4_context *ctx;
- ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) );
+ ctx = polarssl_malloc( sizeof( arc4_context ) );
if( ctx == NULL )
return( NULL );
@@ -1266,20 +1241,28 @@
polarssl_free( ctx );
}
-const cipher_base_t arc4_base_info = {
+static const cipher_base_t arc4_base_info = {
POLARSSL_CIPHER_ID_ARC4,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
arc4_crypt_stream_wrap,
+#endif
arc4_setkey_wrap,
arc4_setkey_wrap,
arc4_ctx_alloc,
arc4_ctx_free
};
-const cipher_info_t arc4_128_info = {
+static const cipher_info_t arc4_128_info = {
POLARSSL_CIPHER_ARC4_128,
POLARSSL_MODE_STREAM,
128,
@@ -1321,20 +1304,28 @@
((void) ctx);
}
-const cipher_base_t null_base_info = {
+static const cipher_base_t null_base_info = {
POLARSSL_CIPHER_ID_NULL,
NULL,
+#if defined(POLARSSL_CIPHER_MODE_CBC)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CFB)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_CTR)
NULL,
+#endif
+#if defined(POLARSSL_CIPHER_MODE_STREAM)
null_crypt_stream,
+#endif
null_setkey,
null_setkey,
null_ctx_alloc,
null_ctx_free
};
-const cipher_info_t null_cipher_info = {
+static const cipher_info_t null_cipher_info = {
POLARSSL_CIPHER_NULL,
POLARSSL_MODE_STREAM,
0,
@@ -1442,7 +1433,7 @@
{ POLARSSL_CIPHER_NULL, &null_cipher_info },
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
- { 0, NULL }
+ { POLARSSL_CIPHER_NONE, NULL }
};
#define NUM_CIPHERS sizeof cipher_definitions / sizeof cipher_definitions[0]
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 96ee4f1..24adff0 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -1,12 +1,9 @@
/*
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,15 +35,20 @@
#include "polarssl/ctr_drbg.h"
+#include <string.h>
+
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -137,6 +139,9 @@
int i, j;
size_t buf_len, use_len;
+ if( data_len > CTR_DRBG_MAX_SEED_INPUT )
+ return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
+
memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 );
aes_init( &aes_ctx );
@@ -256,6 +261,11 @@
if( add_len > 0 )
{
+ /* MAX_INPUT would be more logical here, but we have to match
+ * block_cipher_df()'s limits since we can't propagate errors */
+ if( add_len > CTR_DRBG_MAX_SEED_INPUT )
+ add_len = CTR_DRBG_MAX_SEED_INPUT;
+
block_cipher_df( add_input, additional, add_len );
ctr_drbg_update_internal( ctx, add_input );
}
@@ -438,9 +448,7 @@
#if defined(POLARSSL_SELF_TEST)
-#include <stdio.h>
-
-static unsigned char entropy_source_pr[96] =
+static const unsigned char entropy_source_pr[96] =
{ 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
@@ -454,7 +462,7 @@
0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
-static unsigned char entropy_source_nopr[64] =
+static const unsigned char entropy_source_nopr[64] =
{ 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
@@ -513,7 +521,7 @@
test_offset = 0;
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+ (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
@@ -530,7 +538,7 @@
test_offset = 0;
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+ (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
diff --git a/library/debug.c b/library/debug.c
index a81f502..825cc94 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -1,12 +1,9 @@
/*
* Debugging routines
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,11 +31,8 @@
#include "polarssl/debug.h"
#include <stdarg.h>
-#include <stdlib.h>
-
-#if defined(EFIX64) || defined(EFI32)
#include <stdio.h>
-#endif
+#include <string.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#if !defined snprintf
@@ -50,6 +44,12 @@
#endif
#endif /* _MSC_VER */
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_snprintf snprintf
+#endif
+
static int debug_log_mode = POLARSSL_DEBUG_DFL_MODE;
static int debug_threshold = 0;
@@ -92,7 +92,7 @@
return;
}
- snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
+ polarssl_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
}
@@ -109,9 +109,9 @@
return;
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
- snprintf( str + idx, maxlen - idx, "%s() returned %d (-0x%04x)\n",
+ polarssl_snprintf( str + idx, maxlen - idx, "%s() returned %d (-0x%04x)\n",
text, ret, -ret );
str[maxlen] = '\0';
@@ -123,21 +123,23 @@
unsigned char *buf, size_t len )
{
char str[512];
+ char txt[17];
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
- snprintf( str + idx, maxlen - idx, "dumping '%s' (%u bytes)\n",
+ polarssl_snprintf( str + idx, maxlen - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
+ memset( txt, 0, sizeof( txt ) );
for( i = 0; i < len; i++ )
{
if( i >= 4096 )
@@ -147,26 +149,32 @@
{
if( i > 0 )
{
- snprintf( str + idx, maxlen - idx, "\n" );
+ polarssl_snprintf( str + idx, maxlen - idx, " %s\n", txt );
ssl->f_dbg( ssl->p_dbg, level, str );
+
idx = 0;
+ memset( txt, 0, sizeof( txt ) );
}
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
- idx += snprintf( str + idx, maxlen - idx, "%04x: ",
+ idx += polarssl_snprintf( str + idx, maxlen - idx, "%04x: ",
(unsigned int) i );
}
- idx += snprintf( str + idx, maxlen - idx, " %02x",
+ idx += polarssl_snprintf( str + idx, maxlen - idx, " %02x",
(unsigned int) buf[i] );
+ txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
}
if( len > 0 )
{
- snprintf( str + idx, maxlen - idx, "\n" );
+ for( /* i = i */; i % 16 != 0; i++ )
+ idx += polarssl_snprintf( str + idx, maxlen - idx, " " );
+
+ polarssl_snprintf( str + idx, maxlen - idx, " %s\n", txt );
ssl->f_dbg( ssl->p_dbg, level, str );
}
}
@@ -182,11 +190,11 @@
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
- snprintf( str, maxlen, "%s(X)", text );
+ polarssl_snprintf( str, maxlen, "%s(X)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->X );
- snprintf( str, maxlen, "%s(Y)", text );
+ polarssl_snprintf( str, maxlen, "%s(Y)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->Y );
}
@@ -213,9 +221,9 @@
break;
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
- snprintf( str + idx, maxlen - idx, "value of '%s' (%d bits) is:\n",
+ polarssl_snprintf( str + idx, maxlen - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) );
str[maxlen] = '\0';
@@ -238,16 +246,16 @@
{
if( j > 0 )
{
- snprintf( str + idx, maxlen - idx, "\n" );
+ polarssl_snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
}
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
}
- idx += snprintf( str + idx, maxlen - idx, " %02x", (unsigned int)
+ idx += polarssl_snprintf( str + idx, maxlen - idx, " %02x", (unsigned int)
( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
j++;
@@ -259,13 +267,13 @@
{
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
{
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
}
- idx += snprintf( str + idx, maxlen - idx, " 00" );
+ idx += polarssl_snprintf( str + idx, maxlen - idx, " 00" );
}
- snprintf( str + idx, maxlen - idx, "\n" );
+ polarssl_snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
}
#endif /* POLARSSL_BIGNUM_C */
@@ -292,7 +300,7 @@
if( items[i].type == POLARSSL_PK_DEBUG_NONE )
return;
- snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
+ polarssl_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
name[sizeof( name ) - 1] = '\0';
if( items[i].type == POLARSSL_PK_DEBUG_MPI )
@@ -319,7 +327,7 @@
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
{
- snprintf( prefix, maxlen, "%s(%04d): ", file, line );
+ polarssl_snprintf( prefix, maxlen, "%s(%04d): ", file, line );
prefix[maxlen] = '\0';
}
else
@@ -333,9 +341,9 @@
x509_crt_info( buf, sizeof( buf ) - 1, prefix, crt );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
- idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
+ idx = polarssl_snprintf( str, maxlen, "%s(%04d): ", file, line );
- snprintf( str + idx, maxlen - idx, "%s #%d:\n%s",
+ polarssl_snprintf( str + idx, maxlen - idx, "%s #%d:\n%s",
text, ++i, buf );
str[maxlen] = '\0';
diff --git a/library/des.c b/library/des.c
index 12fe4f4..080e113 100644
--- a/library/des.c
+++ b/library/des.c
@@ -1,12 +1,9 @@
/*
* FIPS-46-3 compliant Triple-DES implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,11 +36,16 @@
#include "polarssl/des.h"
+#include <string.h>
+
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
#if !defined(POLARSSL_DES_ALT)
@@ -805,9 +807,6 @@
#endif /* !POLARSSL_DES_ALT */
#if defined(POLARSSL_SELF_TEST)
-
-#include <stdio.h>
-
/*
* DES and 3DES test vectors from:
*
diff --git a/library/dhm.c b/library/dhm.c
index 089c11b..0a4f820 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -1,12 +1,9 @@
/*
* Diffie-Hellman-Merkle key exchange
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,6 +35,8 @@
#include "polarssl/dhm.h"
+#include <string.h>
+
#if defined(POLARSSL_PEM_PARSE_C)
#include "polarssl/pem.h"
#endif
@@ -50,6 +49,7 @@
#include "polarssl/platform.h"
#else
#include <stdlib.h>
+#include <stdio.h>
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
@@ -444,8 +444,9 @@
/*
* DHParams ::= SEQUENCE {
- * prime INTEGER, -- P
- * generator INTEGER, -- g
+ * prime INTEGER, -- P
+ * generator INTEGER, -- g
+ * privateValueLength INTEGER OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
@@ -466,9 +467,23 @@
if( p != end )
{
- ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
- goto exit;
+ /* this might be the optional privateValueLength; If so, we
+ can cleanly discard it; */
+ mpi rec;
+ mpi_init( &rec );
+ ret = asn1_get_mpi( &p, end, &rec );
+ mpi_free( &rec );
+ if ( ret != 0 )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
+ goto exit;
+ }
+ if ( p != end )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
+ goto exit;
+ }
}
ret = 0;
@@ -508,7 +523,7 @@
*n = (size_t) size;
if( *n + 1 == 0 ||
- ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
+ ( *buf = polarssl_malloc( *n + 1 ) ) == NULL )
{
fclose( f );
return( POLARSSL_ERR_DHM_MALLOC_FAILED );
diff --git a/library/ecdh.c b/library/ecdh.c
index b93d82e..82fff27 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -1,12 +1,9 @@
/*
* Elliptic curve Diffie-Hellman
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,6 +37,8 @@
#include "polarssl/ecdh.h"
+#include <string.h>
+
/*
* Generate public key: simple wrapper around ecp_gen_keypair
*/
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 5af7f6b..3f72d85 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -1,12 +1,9 @@
/*
* Elliptic curve DSA
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,6 +37,8 @@
#include "polarssl/ecdsa.h"
#include "polarssl/asn1write.h"
+#include <string.h>
+
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
#include "polarssl/hmac_drbg.h"
#endif
@@ -60,7 +59,7 @@
for( md_alg = md_list(); *md_alg != 0; md_alg++ )
{
- if( ( md_cur = md_info_from_type( *md_alg ) ) == NULL ||
+ if( ( md_cur = md_info_from_type( (md_type_t) *md_alg ) ) == NULL ||
(size_t) md_cur->size < min_size ||
( md_picked != NULL && md_cur->size > md_picked->size ) )
continue;
@@ -333,7 +332,7 @@
#if POLARSSL_ECP_MAX_BYTES > 124
#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
#endif
-#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
+#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
/*
* Convert a signature (given by context) to ASN.1
diff --git a/library/ecp.c b/library/ecp.c
index 2801db6..adef09e 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1,12 +1,9 @@
/*
* Elliptic curves over GF(p): generic functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -54,16 +51,18 @@
#include "polarssl/ecp.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
+#include <stdio.h>
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
!defined(EFI32)
#define strcasecmp _stricmp
@@ -815,7 +814,7 @@
if( t_len < 2 )
return( ecp_normalize_jac( grp, *T ) );
- if( ( c = (mpi *) polarssl_malloc( t_len * sizeof( mpi ) ) ) == NULL )
+ if( ( c = polarssl_malloc( t_len * sizeof( mpi ) ) ) == NULL )
return( POLARSSL_ERR_ECP_MALLOC_FAILED );
mpi_init( &u ); mpi_init( &Zi ); mpi_init( &ZZi );
@@ -1434,7 +1433,7 @@
if( T == NULL )
{
- T = (ecp_point *) polarssl_malloc( pre_len * sizeof( ecp_point ) );
+ T = polarssl_malloc( pre_len * sizeof( ecp_point ) );
if( T == NULL )
{
ret = POLARSSL_ERR_ECP_MALLOC_FAILED;
@@ -1913,6 +1912,48 @@
return( ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
}
+/*
+ * Check a public-private key pair
+ */
+int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv )
+{
+ int ret;
+ ecp_point Q;
+ ecp_group grp;
+
+ if( pub->grp.id == POLARSSL_ECP_DP_NONE ||
+ pub->grp.id != prv->grp.id ||
+ mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
+ mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
+ mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
+ {
+ return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+ ecp_point_init( &Q );
+ ecp_group_init( &grp );
+
+ /* ecp_mul() needs a non-const group... */
+ ecp_group_copy( &grp, &prv->grp );
+
+ /* Also checks d is valid */
+ MPI_CHK( ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
+
+ if( mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
+ mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
+ mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
+ {
+ ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+cleanup:
+ ecp_point_free( &Q );
+ ecp_group_free( &grp );
+
+ return( ret );
+}
+
#if defined(POLARSSL_SELF_TEST)
/*
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 4c0018c..3786356 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1,12 +1,9 @@
/*
* Elliptic curves over GF(p): curve-specific data and functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,8 @@
#include "polarssl/ecp.h"
+#include <string.h>
+
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
diff --git a/library/entropy.c b/library/entropy.c
index bc7fb0f..c90c7e4 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -1,12 +1,9 @@
/*
* Entropy accumulator implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,10 +31,21 @@
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
+#include <string.h>
+
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
+
#if defined(POLARSSL_HAVEGE_C)
#include "polarssl/havege.h"
#endif
@@ -381,14 +389,6 @@
#endif /* POLARSSL_FS_IO */
#if defined(POLARSSL_SELF_TEST)
-
-#if defined(POLARSSL_PLATFORM_C)
-#include "polarssl/platform.h"
-#else
-#include <stdio.h>
-#define polarssl_printf printf
-#endif
-
/*
* Dummy source function
*/
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 9ca9e95..e0f9ae2 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -1,12 +1,9 @@
/*
* Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -35,6 +32,7 @@
#include "polarssl/entropy_poll.h"
#if defined(POLARSSL_TIMING_C)
+#include <string.h>
#include "polarssl/timing.h"
#endif
#if defined(POLARSSL_HAVEGE_C)
@@ -73,6 +71,62 @@
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
+/*
+ * Test for Linux getrandom() support.
+ * Since there is no wrapper in the libc yet, use the generic syscall wrapper
+ * available in GNU libc and compatible libc's (eg uClibc).
+ */
+#if defined(__linux__) && defined(__GLIBC__)
+#include <linux/version.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#if defined(SYS_getrandom)
+#define HAVE_GETRANDOM
+static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+{
+ return( syscall( SYS_getrandom, buf, buflen, flags ) );
+}
+
+#include <sys/utsname.h>
+/* Check if version is at least 3.17.0 */
+static int check_version_3_17_plus( void )
+{
+ int minor;
+ struct utsname un;
+ const char *ver;
+
+ /* Get version information */
+ uname(&un);
+ ver = un.release;
+
+ /* Check major version; assume a single digit */
+ if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
+ return( -1 );
+
+ if( ver[0] - '0' > 3 )
+ return( 0 );
+
+ /* Ok, so now we know major == 3, check minor.
+ * Assume 1 or 2 digits. */
+ if( ver[2] < '0' || ver[2] > '9' )
+ return( -1 );
+
+ minor = ver[2] - '0';
+
+ if( ver[3] >= '0' && ver[3] <= '9' )
+ minor = 10 * minor + ver[3] - '0';
+ else if( ver [3] != '.' )
+ return( -1 );
+
+ if( minor < 17 )
+ return( -1 );
+
+ return( 0 );
+}
+static int has_getrandom = -1;
+#endif /* SYS_getrandom */
+#endif /* __linux__ */
+
#include <stdio.h>
int platform_entropy_poll( void *data,
@@ -82,6 +136,22 @@
size_t ret;
((void) data);
+#if defined(HAVE_GETRANDOM)
+ if( has_getrandom == -1 )
+ has_getrandom = ( check_version_3_17_plus() == 0 );
+
+ if( has_getrandom )
+ {
+ int ret;
+
+ if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
+ return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+
+ *olen = ret;
+ return( 0 );
+ }
+#endif /* HAVE_GETRANDOM */
+
*olen = 0;
file = fopen( "/dev/urandom", "rb" );
diff --git a/library/error.c b/library/error.c
index 73504d4..4d7b81c 100644
--- a/library/error.c
+++ b/library/error.c
@@ -1,12 +1,9 @@
/*
* Error message information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -31,10 +28,19 @@
#if defined(POLARSSL_ERROR_C) || defined(POLARSSL_ERROR_STRERROR_DUMMY)
#include "polarssl/error.h"
+#include <string.h>
+#endif
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_snprintf snprintf
#endif
#if defined(POLARSSL_ERROR_C)
+#include <stdio.h>
+
#if defined(POLARSSL_AES_C)
#include "polarssl/aes.h"
#endif
@@ -175,9 +181,6 @@
#include "polarssl/xtea.h"
#endif
-
-#include <string.h>
-
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#define snprintf _snprintf
@@ -207,295 +210,297 @@
// BEGIN generated code
#if defined(POLARSSL_CIPHER_C)
if( use_ret == -(POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
+ polarssl_snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
if( use_ret == -(POLARSSL_ERR_CIPHER_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "CIPHER - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_CIPHER_ALLOC_FAILED) )
- snprintf( buf, buflen, "CIPHER - Failed to allocate memory" );
+ polarssl_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" );
if( use_ret == -(POLARSSL_ERR_CIPHER_INVALID_PADDING) )
- snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" );
+ polarssl_snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" );
if( use_ret == -(POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED) )
- snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
+ polarssl_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
if( use_ret == -(POLARSSL_ERR_CIPHER_AUTH_FAILED) )
- snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
+ polarssl_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
#endif /* POLARSSL_CIPHER_C */
#if defined(POLARSSL_DHM_C)
if( use_ret == -(POLARSSL_ERR_DHM_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "DHM - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "DHM - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_DHM_READ_PARAMS_FAILED) )
- snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" );
if( use_ret == -(POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED) )
- snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" );
if( use_ret == -(POLARSSL_ERR_DHM_READ_PUBLIC_FAILED) )
- snprintf( buf, buflen, "DHM - Reading of the public values failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Reading of the public values failed" );
if( use_ret == -(POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED) )
- snprintf( buf, buflen, "DHM - Making of the public value failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Making of the public value failed" );
if( use_ret == -(POLARSSL_ERR_DHM_CALC_SECRET_FAILED) )
- snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
if( use_ret == -(POLARSSL_ERR_DHM_INVALID_FORMAT) )
- snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" );
+ polarssl_snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" );
if( use_ret == -(POLARSSL_ERR_DHM_MALLOC_FAILED) )
- snprintf( buf, buflen, "DHM - Allocation of memory failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Allocation of memory failed" );
if( use_ret == -(POLARSSL_ERR_DHM_FILE_IO_ERROR) )
- snprintf( buf, buflen, "DHM - Read/write of file failed" );
+ polarssl_snprintf( buf, buflen, "DHM - Read/write of file failed" );
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_ECP_C)
if( use_ret == -(POLARSSL_ERR_ECP_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "ECP - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "ECP - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_ECP_BUFFER_TOO_SMALL) )
- snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
+ polarssl_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
if( use_ret == -(POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "ECP - Requested curve not available" );
+ polarssl_snprintf( buf, buflen, "ECP - Requested curve not available" );
if( use_ret == -(POLARSSL_ERR_ECP_VERIFY_FAILED) )
- snprintf( buf, buflen, "ECP - The signature is not valid" );
+ polarssl_snprintf( buf, buflen, "ECP - The signature is not valid" );
if( use_ret == -(POLARSSL_ERR_ECP_MALLOC_FAILED) )
- snprintf( buf, buflen, "ECP - Memory allocation failed" );
+ polarssl_snprintf( buf, buflen, "ECP - Memory allocation failed" );
if( use_ret == -(POLARSSL_ERR_ECP_RANDOM_FAILED) )
- snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
+ polarssl_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) )
- snprintf( buf, buflen, "ECP - Invalid private or public key" );
+ polarssl_snprintf( buf, buflen, "ECP - Invalid private or public key" );
if( use_ret == -(POLARSSL_ERR_ECP_SIG_LEN_MISMATCH) )
- snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
+ polarssl_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_MD_C)
if( use_ret == -(POLARSSL_ERR_MD_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "MD - The selected feature is not available" );
+ polarssl_snprintf( buf, buflen, "MD - The selected feature is not available" );
if( use_ret == -(POLARSSL_ERR_MD_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "MD - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "MD - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_MD_ALLOC_FAILED) )
- snprintf( buf, buflen, "MD - Failed to allocate memory" );
+ polarssl_snprintf( buf, buflen, "MD - Failed to allocate memory" );
if( use_ret == -(POLARSSL_ERR_MD_FILE_IO_ERROR) )
- snprintf( buf, buflen, "MD - Opening or reading of file failed" );
+ polarssl_snprintf( buf, buflen, "MD - Opening or reading of file failed" );
#endif /* POLARSSL_MD_C */
#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
- snprintf( buf, buflen, "PEM - No PEM header or footer found" );
+ polarssl_snprintf( buf, buflen, "PEM - No PEM header or footer found" );
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
- snprintf( buf, buflen, "PEM - PEM string is not as expected" );
+ polarssl_snprintf( buf, buflen, "PEM - PEM string is not as expected" );
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
- snprintf( buf, buflen, "PEM - Failed to allocate memory" );
+ polarssl_snprintf( buf, buflen, "PEM - Failed to allocate memory" );
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_ENC_IV) )
- snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" );
+ polarssl_snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" );
if( use_ret == -(POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG) )
- snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" );
+ polarssl_snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" );
if( use_ret == -(POLARSSL_ERR_PEM_PASSWORD_REQUIRED) )
- snprintf( buf, buflen, "PEM - Private key password can't be empty" );
+ polarssl_snprintf( buf, buflen, "PEM - Private key password can't be empty" );
if( use_ret == -(POLARSSL_ERR_PEM_PASSWORD_MISMATCH) )
- snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
+ polarssl_snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
+ polarssl_snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "PEM - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "PEM - Bad input parameters to function" );
#endif /* POLARSSL_PEM_PARSE_C || POLARSSL_PEM_WRITE_C */
#if defined(POLARSSL_PK_C)
if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
- snprintf( buf, buflen, "PK - Memory alloation failed" );
+ polarssl_snprintf( buf, buflen, "PK - Memory alloation failed" );
if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
- snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
+ polarssl_snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "PK - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "PK - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_PK_FILE_IO_ERROR) )
- snprintf( buf, buflen, "PK - Read/write of file failed" );
+ polarssl_snprintf( buf, buflen, "PK - Read/write of file failed" );
if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_VERSION) )
- snprintf( buf, buflen, "PK - Unsupported key version" );
+ polarssl_snprintf( buf, buflen, "PK - Unsupported key version" );
if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_FORMAT) )
- snprintf( buf, buflen, "PK - Invalid key tag or value" );
+ polarssl_snprintf( buf, buflen, "PK - Invalid key tag or value" );
if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_PK_ALG) )
- snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
+ polarssl_snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_REQUIRED) )
- snprintf( buf, buflen, "PK - Private key password can't be empty" );
+ polarssl_snprintf( buf, buflen, "PK - Private key password can't be empty" );
if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_MISMATCH) )
- snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" );
+ polarssl_snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" );
if( use_ret == -(POLARSSL_ERR_PK_INVALID_PUBKEY) )
- snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
+ polarssl_snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
if( use_ret == -(POLARSSL_ERR_PK_INVALID_ALG) )
- snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE) )
- snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
+ polarssl_snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
if( use_ret == -(POLARSSL_ERR_PK_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
+ polarssl_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
if( use_ret == -(POLARSSL_ERR_PK_SIG_LEN_MISMATCH) )
- snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
+ polarssl_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
#endif /* POLARSSL_PK_C */
#if defined(POLARSSL_PKCS12_C)
if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
+ polarssl_snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) )
- snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
+ polarssl_snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
if( use_ret == -(POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH) )
- snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" );
+ polarssl_snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" );
#endif /* POLARSSL_PKCS12_C */
#if defined(POLARSSL_PKCS5_C)
if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_PKCS5_INVALID_FORMAT) )
- snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
+ polarssl_snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
if( use_ret == -(POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
+ polarssl_snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
if( use_ret == -(POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH) )
- snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
+ polarssl_snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
#endif /* POLARSSL_PKCS5_C */
#if defined(POLARSSL_RSA_C)
if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "RSA - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "RSA - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_RSA_INVALID_PADDING) )
- snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" );
+ polarssl_snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" );
if( use_ret == -(POLARSSL_ERR_RSA_KEY_GEN_FAILED) )
- snprintf( buf, buflen, "RSA - Something failed during generation of a key" );
+ polarssl_snprintf( buf, buflen, "RSA - Something failed during generation of a key" );
if( use_ret == -(POLARSSL_ERR_RSA_KEY_CHECK_FAILED) )
- snprintf( buf, buflen, "RSA - Key failed to pass the libraries validity check" );
+ polarssl_snprintf( buf, buflen, "RSA - Key failed to pass the libraries validity check" );
if( use_ret == -(POLARSSL_ERR_RSA_PUBLIC_FAILED) )
- snprintf( buf, buflen, "RSA - The public key operation failed" );
+ polarssl_snprintf( buf, buflen, "RSA - The public key operation failed" );
if( use_ret == -(POLARSSL_ERR_RSA_PRIVATE_FAILED) )
- snprintf( buf, buflen, "RSA - The private key operation failed" );
+ polarssl_snprintf( buf, buflen, "RSA - The private key operation failed" );
if( use_ret == -(POLARSSL_ERR_RSA_VERIFY_FAILED) )
- snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" );
+ polarssl_snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" );
if( use_ret == -(POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE) )
- snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
+ polarssl_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
if( use_ret == -(POLARSSL_ERR_RSA_RNG_FAILED) )
- snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
+ polarssl_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_SSL_TLS_C)
if( use_ret == -(POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "SSL - The requested feature is not available" );
+ polarssl_snprintf( buf, buflen, "SSL - The requested feature is not available" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "SSL - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "SSL - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_SSL_INVALID_MAC) )
- snprintf( buf, buflen, "SSL - Verification of the message MAC failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Verification of the message MAC failed" );
if( use_ret == -(POLARSSL_ERR_SSL_INVALID_RECORD) )
- snprintf( buf, buflen, "SSL - An invalid SSL record was received" );
+ polarssl_snprintf( buf, buflen, "SSL - An invalid SSL record was received" );
if( use_ret == -(POLARSSL_ERR_SSL_CONN_EOF) )
- snprintf( buf, buflen, "SSL - The connection indicated an EOF" );
+ polarssl_snprintf( buf, buflen, "SSL - The connection indicated an EOF" );
if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_CIPHER) )
- snprintf( buf, buflen, "SSL - An unknown cipher was received" );
+ polarssl_snprintf( buf, buflen, "SSL - An unknown cipher was received" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
- snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
+ polarssl_snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
- snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
+ polarssl_snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
- snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
+ polarssl_snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
- snprintf( buf, buflen, "SSL - DESCRIPTION MISSING" );
+ polarssl_snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED) )
- snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" );
+ polarssl_snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" );
if( use_ret == -(POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED) )
- snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" );
+ polarssl_snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" );
if( use_ret == -(POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED) )
- snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" );
+ polarssl_snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" );
if( use_ret == -(POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE) )
- snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" );
+ polarssl_snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" );
if( use_ret == -(POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE) )
{
- snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" );
+ polarssl_snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" );
return;
}
if( use_ret == -(POLARSSL_ERR_SSL_PEER_VERIFY_FAILED) )
- snprintf( buf, buflen, "SSL - Verification of our peer failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Verification of our peer failed" );
if( use_ret == -(POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) )
- snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" );
+ polarssl_snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO) )
- snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO) )
- snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE) )
- snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) )
- snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) )
- snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) )
- snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) )
- snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) )
- snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) )
- snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) )
- snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) )
- snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_FINISHED) )
- snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_MALLOC_FAILED) )
- snprintf( buf, buflen, "SSL - Memory allocation failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Memory allocation failed" );
if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FAILED) )
- snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" );
+ polarssl_snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" );
if( use_ret == -(POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH) )
- snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" );
+ polarssl_snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" );
if( use_ret == -(POLARSSL_ERR_SSL_COMPRESSION_FAILED) )
- snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION) )
- snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
+ polarssl_snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) )
- snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
+ polarssl_snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED) )
- snprintf( buf, buflen, "SSL - Session ticket has expired" );
+ polarssl_snprintf( buf, buflen, "SSL - Session ticket has expired" );
if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) )
- snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
+ polarssl_snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_IDENTITY) )
- snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" );
+ polarssl_snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" );
if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
- snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
+ polarssl_snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
- snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
+ polarssl_snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
- snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
+ polarssl_snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
+ if( use_ret == -(POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE) )
+ polarssl_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
+ polarssl_snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_OID) )
- snprintf( buf, buflen, "X509 - Requested OID is unknown" );
+ polarssl_snprintf( buf, buflen, "X509 - Requested OID is unknown" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_FORMAT) )
- snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
+ polarssl_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_VERSION) )
- snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_SERIAL) )
- snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_ALG) )
- snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_NAME) )
- snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_DATE) )
- snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_SIGNATURE) )
- snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
if( use_ret == -(POLARSSL_ERR_X509_INVALID_EXTENSIONS) )
- snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_VERSION) )
- snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
+ polarssl_snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_SIG_ALG) )
- snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
+ polarssl_snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
if( use_ret == -(POLARSSL_ERR_X509_SIG_MISMATCH) )
- snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_crt sig_oid)" );
+ polarssl_snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_crt sig_oid)" );
if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) )
- snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
+ polarssl_snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
- snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
+ polarssl_snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
if( use_ret == -(POLARSSL_ERR_X509_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "X509 - Input invalid" );
+ polarssl_snprintf( buf, buflen, "X509 - Input invalid" );
if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
- snprintf( buf, buflen, "X509 - Allocation of memory failed" );
+ polarssl_snprintf( buf, buflen, "X509 - Allocation of memory failed" );
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
- snprintf( buf, buflen, "X509 - Read/write of file failed" );
+ polarssl_snprintf( buf, buflen, "X509 - Read/write of file failed" );
#endif /* POLARSSL_X509_USE,X509_CREATE_C */
// END generated code
if( strlen( buf ) == 0 )
- snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+ polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
use_ret = ret & ~0xFF80;
@@ -513,7 +518,7 @@
if( buflen - len < 5 )
return;
- snprintf( buf + len, buflen - len, " : " );
+ polarssl_snprintf( buf + len, buflen - len, " : " );
buf += len + 3;
buflen -= len + 3;
@@ -524,216 +529,216 @@
// BEGIN generated code
#if defined(POLARSSL_AES_C)
if( use_ret == -(POLARSSL_ERR_AES_INVALID_KEY_LENGTH) )
- snprintf( buf, buflen, "AES - Invalid key length" );
+ polarssl_snprintf( buf, buflen, "AES - Invalid key length" );
if( use_ret == -(POLARSSL_ERR_AES_INVALID_INPUT_LENGTH) )
- snprintf( buf, buflen, "AES - Invalid data input length" );
+ polarssl_snprintf( buf, buflen, "AES - Invalid data input length" );
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_ASN1_PARSE_C)
if( use_ret == -(POLARSSL_ERR_ASN1_OUT_OF_DATA) )
- snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
if( use_ret == -(POLARSSL_ERR_ASN1_UNEXPECTED_TAG) )
- snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" );
+ polarssl_snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" );
if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_LENGTH) )
- snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" );
if( use_ret == -(POLARSSL_ERR_ASN1_LENGTH_MISMATCH) )
- snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_DATA) )
- snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
if( use_ret == -(POLARSSL_ERR_ASN1_MALLOC_FAILED) )
- snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
if( use_ret == -(POLARSSL_ERR_ASN1_BUF_TOO_SMALL) )
- snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" );
+ polarssl_snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" );
#endif /* POLARSSL_ASN1_PARSE_C */
#if defined(POLARSSL_BASE64_C)
if( use_ret == -(POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) )
- snprintf( buf, buflen, "BASE64 - Output buffer too small" );
+ polarssl_snprintf( buf, buflen, "BASE64 - Output buffer too small" );
if( use_ret == -(POLARSSL_ERR_BASE64_INVALID_CHARACTER) )
- snprintf( buf, buflen, "BASE64 - Invalid character in input" );
+ polarssl_snprintf( buf, buflen, "BASE64 - Invalid character in input" );
#endif /* POLARSSL_BASE64_C */
#if defined(POLARSSL_BIGNUM_C)
if( use_ret == -(POLARSSL_ERR_MPI_FILE_IO_ERROR) )
- snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" );
if( use_ret == -(POLARSSL_ERR_MPI_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_MPI_INVALID_CHARACTER) )
- snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
if( use_ret == -(POLARSSL_ERR_MPI_BUFFER_TOO_SMALL) )
- snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
if( use_ret == -(POLARSSL_ERR_MPI_NEGATIVE_VALUE) )
- snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
if( use_ret == -(POLARSSL_ERR_MPI_DIVISION_BY_ZERO) )
- snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
if( use_ret == -(POLARSSL_ERR_MPI_NOT_ACCEPTABLE) )
- snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
if( use_ret == -(POLARSSL_ERR_MPI_MALLOC_FAILED) )
- snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
+ polarssl_snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
#endif /* POLARSSL_BIGNUM_C */
#if defined(POLARSSL_BLOWFISH_C)
if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
- snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
+ polarssl_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
if( use_ret == -(POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
- snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
+ polarssl_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
#endif /* POLARSSL_BLOWFISH_C */
#if defined(POLARSSL_CAMELLIA_C)
if( use_ret == -(POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
- snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
+ polarssl_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
if( use_ret == -(POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
- snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
+ polarssl_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_CCM_C)
if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) )
- snprintf( buf, buflen, "CCM - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "CCM - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) )
- snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
+ polarssl_snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_CTR_DRBG_C)
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
- snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
+ polarssl_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG) )
- snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
+ polarssl_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG) )
- snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
+ polarssl_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR) )
- snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
#endif /* POLARSSL_CTR_DRBG_C */
#if defined(POLARSSL_DES_C)
if( use_ret == -(POLARSSL_ERR_DES_INVALID_INPUT_LENGTH) )
- snprintf( buf, buflen, "DES - The data input has an invalid length" );
+ polarssl_snprintf( buf, buflen, "DES - The data input has an invalid length" );
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ENTROPY_C)
if( use_ret == -(POLARSSL_ERR_ENTROPY_SOURCE_FAILED) )
- snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
+ polarssl_snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) )
- snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
+ polarssl_snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) )
- snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
+ polarssl_snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_FILE_IO_ERROR) )
- snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
#endif /* POLARSSL_ENTROPY_C */
#if defined(POLARSSL_GCM_C)
if( use_ret == -(POLARSSL_ERR_GCM_AUTH_FAILED) )
- snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
+ polarssl_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
if( use_ret == -(POLARSSL_ERR_GCM_BAD_INPUT) )
- snprintf( buf, buflen, "GCM - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "GCM - Bad input parameters to function" );
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_HMAC_DRBG_C)
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG) )
- snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" );
+ polarssl_snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG) )
- snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" );
+ polarssl_snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR) )
- snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) )
- snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
+ polarssl_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
#endif /* POLARSSL_HMAC_DRBG_C */
#if defined(POLARSSL_MD2_C)
if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) )
- snprintf( buf, buflen, "MD2 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "MD2 - Read/write error in file" );
#endif /* POLARSSL_MD2_C */
#if defined(POLARSSL_MD4_C)
if( use_ret == -(POLARSSL_ERR_MD4_FILE_IO_ERROR) )
- snprintf( buf, buflen, "MD4 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "MD4 - Read/write error in file" );
#endif /* POLARSSL_MD4_C */
#if defined(POLARSSL_MD5_C)
if( use_ret == -(POLARSSL_ERR_MD5_FILE_IO_ERROR) )
- snprintf( buf, buflen, "MD5 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "MD5 - Read/write error in file" );
#endif /* POLARSSL_MD5_C */
#if defined(POLARSSL_NET_C)
if( use_ret == -(POLARSSL_ERR_NET_UNKNOWN_HOST) )
- snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
+ polarssl_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
if( use_ret == -(POLARSSL_ERR_NET_SOCKET_FAILED) )
- snprintf( buf, buflen, "NET - Failed to open a socket" );
+ polarssl_snprintf( buf, buflen, "NET - Failed to open a socket" );
if( use_ret == -(POLARSSL_ERR_NET_CONNECT_FAILED) )
- snprintf( buf, buflen, "NET - The connection to the given server / port failed" );
+ polarssl_snprintf( buf, buflen, "NET - The connection to the given server / port failed" );
if( use_ret == -(POLARSSL_ERR_NET_BIND_FAILED) )
- snprintf( buf, buflen, "NET - Binding of the socket failed" );
+ polarssl_snprintf( buf, buflen, "NET - Binding of the socket failed" );
if( use_ret == -(POLARSSL_ERR_NET_LISTEN_FAILED) )
- snprintf( buf, buflen, "NET - Could not listen on the socket" );
+ polarssl_snprintf( buf, buflen, "NET - Could not listen on the socket" );
if( use_ret == -(POLARSSL_ERR_NET_ACCEPT_FAILED) )
- snprintf( buf, buflen, "NET - Could not accept the incoming connection" );
+ polarssl_snprintf( buf, buflen, "NET - Could not accept the incoming connection" );
if( use_ret == -(POLARSSL_ERR_NET_RECV_FAILED) )
- snprintf( buf, buflen, "NET - Reading information from the socket failed" );
+ polarssl_snprintf( buf, buflen, "NET - Reading information from the socket failed" );
if( use_ret == -(POLARSSL_ERR_NET_SEND_FAILED) )
- snprintf( buf, buflen, "NET - Sending information through the socket failed" );
+ polarssl_snprintf( buf, buflen, "NET - Sending information through the socket failed" );
if( use_ret == -(POLARSSL_ERR_NET_CONN_RESET) )
- snprintf( buf, buflen, "NET - Connection was reset by peer" );
+ polarssl_snprintf( buf, buflen, "NET - Connection was reset by peer" );
if( use_ret == -(POLARSSL_ERR_NET_WANT_READ) )
- snprintf( buf, buflen, "NET - Connection requires a read call" );
+ polarssl_snprintf( buf, buflen, "NET - Connection requires a read call" );
if( use_ret == -(POLARSSL_ERR_NET_WANT_WRITE) )
- snprintf( buf, buflen, "NET - Connection requires a write call" );
+ polarssl_snprintf( buf, buflen, "NET - Connection requires a write call" );
#endif /* POLARSSL_NET_C */
#if defined(POLARSSL_OID_C)
if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) )
- snprintf( buf, buflen, "OID - OID is not found" );
+ polarssl_snprintf( buf, buflen, "OID - OID is not found" );
if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) )
- snprintf( buf, buflen, "OID - output buffer is too small" );
+ polarssl_snprintf( buf, buflen, "OID - output buffer is too small" );
#endif /* POLARSSL_OID_C */
#if defined(POLARSSL_PADLOCK_C)
if( use_ret == -(POLARSSL_ERR_PADLOCK_DATA_MISALIGNED) )
- snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
+ polarssl_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
#endif /* POLARSSL_PADLOCK_C */
#if defined(POLARSSL_PBKDF2_C)
if( use_ret == -(POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
#endif /* POLARSSL_PBKDF2_C */
#if defined(POLARSSL_RIPEMD160_C)
if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) )
- snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );
#endif /* POLARSSL_RIPEMD160_C */
#if defined(POLARSSL_SHA1_C)
if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
- snprintf( buf, buflen, "SHA1 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "SHA1 - Read/write error in file" );
#endif /* POLARSSL_SHA1_C */
#if defined(POLARSSL_SHA256_C)
if( use_ret == -(POLARSSL_ERR_SHA256_FILE_IO_ERROR) )
- snprintf( buf, buflen, "SHA256 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "SHA256 - Read/write error in file" );
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
if( use_ret == -(POLARSSL_ERR_SHA512_FILE_IO_ERROR) )
- snprintf( buf, buflen, "SHA512 - Read/write error in file" );
+ polarssl_snprintf( buf, buflen, "SHA512 - Read/write error in file" );
#endif /* POLARSSL_SHA512_C */
#if defined(POLARSSL_THREADING_C)
if( use_ret == -(POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE) )
- snprintf( buf, buflen, "THREADING - The selected feature is not available" );
+ polarssl_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
if( use_ret == -(POLARSSL_ERR_THREADING_BAD_INPUT_DATA) )
- snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
+ polarssl_snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_THREADING_MUTEX_ERROR) )
- snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
+ polarssl_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
#endif /* POLARSSL_THREADING_C */
#if defined(POLARSSL_XTEA_C)
if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
- snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
+ polarssl_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
#endif /* POLARSSL_XTEA_C */
// END generated code
if( strlen( buf ) != 0 )
return;
- snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+ polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
#if defined(POLARSSL_ERROR_STRERROR_BC)
@@ -747,8 +752,6 @@
#if defined(POLARSSL_ERROR_STRERROR_DUMMY)
-#include <string.h>
-
/*
* Provide an non-function in case POLARSSL_ERROR_C is not defined
*/
diff --git a/library/gcm.c b/library/gcm.c
index d48f318..f4f735b 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -1,12 +1,9 @@
/*
* NIST SP800-38D compliant GCM implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,15 +40,20 @@
#include "polarssl/gcm.h"
+#include <string.h>
+
#if defined(POLARSSL_AESNI_C)
#include "polarssl/aesni.h"
#endif
+#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
/*
* 32-bit integer manipulation macros (big endian)
@@ -134,7 +136,7 @@
ctx->HH[i] = vh;
}
- for( i = 2; i < 16; i <<= 1 )
+ for( i = 2; i <= 8; i *= 2 )
{
uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
vh = *HiH;
@@ -499,9 +501,6 @@
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
-
-#include <stdio.h>
-
/*
* AES-GCM test vectors from:
*
@@ -509,10 +508,10 @@
*/
#define MAX_TESTS 6
-int key_index[MAX_TESTS] =
+static const int key_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-unsigned char key[MAX_TESTS][32] =
+static const unsigned char key[MAX_TESTS][32] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -524,13 +523,13 @@
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
};
-size_t iv_len[MAX_TESTS] =
+static const size_t iv_len[MAX_TESTS] =
{ 12, 12, 12, 12, 8, 60 };
-int iv_index[MAX_TESTS] =
+static const int iv_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 2 };
-unsigned char iv[MAX_TESTS][64] =
+static const unsigned char iv[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
@@ -546,13 +545,13 @@
0xa6, 0x37, 0xb3, 0x9b },
};
-size_t add_len[MAX_TESTS] =
+static const size_t add_len[MAX_TESTS] =
{ 0, 0, 0, 20, 20, 20 };
-int add_index[MAX_TESTS] =
+static const int add_index[MAX_TESTS] =
{ 0, 0, 0, 1, 1, 1 };
-unsigned char additional[MAX_TESTS][64] =
+static const unsigned char additional[MAX_TESTS][64] =
{
{ 0x00 },
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
@@ -560,13 +559,13 @@
0xab, 0xad, 0xda, 0xd2 },
};
-size_t pt_len[MAX_TESTS] =
+static const size_t pt_len[MAX_TESTS] =
{ 0, 16, 64, 60, 60, 60 };
-int pt_index[MAX_TESTS] =
+static const int pt_index[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-unsigned char pt[MAX_TESTS][64] =
+static const unsigned char pt[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
@@ -580,7 +579,7 @@
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
};
-unsigned char ct[MAX_TESTS * 3][64] =
+static const unsigned char ct[MAX_TESTS * 3][64] =
{
{ 0x00 },
{ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
@@ -689,7 +688,7 @@
0x44, 0xae, 0x7e, 0x3f },
};
-unsigned char tag[MAX_TESTS * 3][16] =
+static const unsigned char tag[MAX_TESTS * 3][16] =
{
{ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
@@ -940,8 +939,6 @@
return( 0 );
}
-
-
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#endif /* POLARSSL_GCM_C */
diff --git a/library/havege.c b/library/havege.c
index 3acd5bc..fe65699 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -1,12 +1,9 @@
/**
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index d691be1..c7904d0 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -1,12 +1,9 @@
/*
* HMAC_DRBG implementation (NIST SP 800-90)
*
- * Copyright (C) 2014, Brainspark B.V.
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,15 +36,20 @@
#include "polarssl/hmac_drbg.h"
+#include <string.h>
+
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_SELF_TEST */
+#endif /* POLARSSL_PLATFORM_C */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -312,7 +314,7 @@
if( ctx == NULL )
return;
- md_free_ctx( &ctx->md_ctx );
+ md_free( &ctx->md_ctx );
polarssl_zeroize( ctx, sizeof( hmac_drbg_context ) );
}
@@ -379,8 +381,6 @@
#if defined(POLARSSL_SELF_TEST)
-#include <stdio.h>
-
#if !defined(POLARSSL_SHA1_C)
/* Dummy checkup routine */
int hmac_drbg_self_test( int verbose )
@@ -396,7 +396,7 @@
#define OUTPUT_LEN 80
/* From a NIST PR=true test vector */
-static unsigned char entropy_pr[] = {
+static const unsigned char entropy_pr[] = {
0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
@@ -412,7 +412,7 @@
0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
/* From a NIST PR=false test vector */
-static unsigned char entropy_nopr[] = {
+static const unsigned char entropy_nopr[] = {
0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
@@ -461,7 +461,7 @@
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
- hmac_drbg_self_test_entropy, entropy_pr,
+ hmac_drbg_self_test_entropy, (void *) entropy_pr,
NULL, 0 ) );
hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
@@ -480,7 +480,7 @@
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
- hmac_drbg_self_test_entropy, entropy_nopr,
+ hmac_drbg_self_test_entropy, (void *) entropy_nopr,
NULL, 0 ) );
CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
diff --git a/library/md.c b/library/md.c
index 5f3f32d..cf4d7e3 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,16 +1,13 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for PolarSSL
+ * \brief Generic message digest wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,6 +36,7 @@
#include "polarssl/md_wrap.h"
#include <stdlib.h>
+#include <string.h>
#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
!defined(EFI32)
@@ -205,12 +203,14 @@
return( 0 );
}
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int md_free_ctx( md_context_t *ctx )
{
md_free( ctx );
return( 0 );
}
+#endif
int md_starts( md_context_t *ctx )
{
diff --git a/library/md2.c b/library/md2.c
index 45bce37..17569c0 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -1,12 +1,9 @@
/*
* RFC 1115/1319 compliant MD2 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,15 +36,20 @@
#include "polarssl/md2.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
diff --git a/library/md4.c b/library/md4.c
index f6b71d5..d33cc52 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -1,12 +1,9 @@
/*
* RFC 1186/1320 compliant MD4 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,15 +36,20 @@
#include "polarssl/md4.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -70,12 +72,12 @@
#endif
#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
+ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
+ (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
+ (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
diff --git a/library/md5.c b/library/md5.c
index 89354bc..49f0674 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -1,12 +1,9 @@
/*
* RFC 1321 compliant MD5 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,15 +35,20 @@
#include "polarssl/md5.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -69,12 +71,12 @@
#endif
#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
+ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
+ (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
+ (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
@@ -441,7 +443,7 @@
/*
* RFC 1321 test vectors
*/
-static unsigned char md5_test_buf[7][81] =
+static const unsigned char md5_test_buf[7][81] =
{
{ "" },
{ "a" },
@@ -479,7 +481,7 @@
/*
* RFC 2202 test vectors
*/
-static unsigned char md5_hmac_test_key[7][26] =
+static const unsigned char md5_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" },
{ "Jefe" },
@@ -496,7 +498,7 @@
16, 4, 16, 25, 16, 80, 80
};
-static unsigned char md5_hmac_test_buf[7][74] =
+static const unsigned char md5_hmac_test_buf[7][74] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
@@ -578,7 +580,7 @@
if( i == 5 || i == 6 )
{
- memset( buf, '\xAA', buflen = 80 );
+ memset( buf, 0xAA, buflen = 80 );
md5_hmac_starts( &ctx, buf, buflen );
}
else
diff --git a/library/md_wrap.c b/library/md_wrap.c
index de701d3..f554333 100644
--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -1,16 +1,13 @@
/**
* \file md_wrap.c
- * \brief Generic message digest wrapper for PolarSSL
+ * \brief Generic message digest wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -68,12 +65,11 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -399,7 +395,7 @@
static void * ripemd160_ctx_alloc( void )
{
ripemd160_context *ctx;
- ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) );
+ ctx = polarssl_malloc( sizeof( ripemd160_context ) );
if( ctx == NULL )
return( NULL );
@@ -495,7 +491,7 @@
static void * sha1_ctx_alloc( void )
{
sha1_context *ctx;
- ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) );
+ ctx = polarssl_malloc( sizeof( sha1_context ) );
if( ctx == NULL )
return( NULL );
@@ -704,7 +700,7 @@
static void * sha256_ctx_alloc( void )
{
sha256_context *ctx;
- ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) );
+ ctx = polarssl_malloc( sizeof( sha256_context ) );
if( ctx == NULL )
return( NULL );
@@ -910,7 +906,7 @@
static void * sha512_ctx_alloc( void )
{
sha512_context *ctx;
- ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
+ ctx = polarssl_malloc( sizeof( sha512_context ) );
if( ctx == NULL )
return( NULL );
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 00ac3f1..5eb8ab1 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -1,12 +1,9 @@
/*
* Buffer-based memory allocator
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,14 +27,14 @@
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-
#include "polarssl/memory_buffer_alloc.h"
+/* No need for the header guard as POLARSSL_MEMORY_BUFFER_ALLOC_C
+ is dependent upon POLARSSL_PLATFORM_C */
+#include "polarssl/platform.h"
+
#include <string.h>
-#if defined(POLARSSL_MEMORY_DEBUG)
-#include <stdio.h>
-#endif
#if defined(POLARSSL_MEMORY_BACKTRACE)
#include <execinfo.h>
#endif
@@ -46,12 +43,6 @@
#include "polarssl/threading.h"
#endif
-#if defined(POLARSSL_PLATFORM_C)
-#include "polarssl/platform.h"
-#else
-#define polarssl_fprintf fprintf
-#endif
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -84,7 +75,6 @@
size_t len;
memory_header *first;
memory_header *first_free;
- size_t current_alloc_size;
int verify;
#if defined(POLARSSL_MEMORY_DEBUG)
size_t malloc_count;
@@ -277,7 +267,7 @@
polarssl_fprintf( stderr, "FATAL: block in free_list but allocated "
"data\n" );
#endif
- exit( 1 );
+ polarssl_exit( 1 );
}
#if defined(POLARSSL_MEMORY_DEBUG)
@@ -316,7 +306,7 @@
#endif
if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
return( ( (unsigned char *) cur ) + sizeof(memory_header) );
}
@@ -371,7 +361,7 @@
#endif
if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
return( ( (unsigned char *) cur ) + sizeof(memory_header) );
}
@@ -390,14 +380,14 @@
polarssl_fprintf( stderr, "FATAL: polarssl_free() outside of managed "
"space\n" );
#endif
- exit( 1 );
+ polarssl_exit( 1 );
}
p -= sizeof(memory_header);
hdr = (memory_header *) p;
if( verify_header( hdr ) != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
if( hdr->alloc != 1 )
{
@@ -405,7 +395,7 @@
polarssl_fprintf( stderr, "FATAL: polarssl_free() on unallocated "
"data\n" );
#endif
- exit( 1 );
+ polarssl_exit( 1 );
}
hdr->alloc = 0;
@@ -484,7 +474,8 @@
if( old == NULL )
{
hdr->next_free = heap.first_free;
- heap.first_free->prev_free = hdr;
+ if( heap.first_free != NULL )
+ heap.first_free->prev_free = hdr;
heap.first_free = hdr;
}
@@ -494,7 +485,7 @@
#endif
if( ( heap.verify & MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
}
void memory_buffer_set_verify( int verify )
@@ -527,6 +518,24 @@
debug_chain();
}
}
+
+void memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
+{
+ *max_used = heap.maximum_used;
+ *max_blocks = heap.maximum_header_count;
+}
+
+void memory_buffer_alloc_max_reset( void )
+{
+ heap.maximum_used = 0;
+ heap.maximum_header_count = 0;
+}
+
+void memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
+{
+ *cur_used = heap.total_used;
+ *cur_blocks = heap.header_count;
+}
#endif /* POLARSSL_MEMORY_DEBUG */
#if defined(POLARSSL_THREADING_C)
@@ -562,9 +571,11 @@
if( (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE )
{
+ /* Adjust len first since buf is used in the computation */
+ len -= POLARSSL_MEMORY_ALIGN_MULTIPLE
+ - (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE;
buf += POLARSSL_MEMORY_ALIGN_MULTIPLE
- (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE;
- len -= (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE;
}
heap.buf = buf;
@@ -586,4 +597,138 @@
polarssl_zeroize( &heap, sizeof(buffer_alloc_ctx) );
}
+#if defined(POLARSSL_SELF_TEST)
+static int check_pointer( void *p )
+{
+ if( p == NULL )
+ return( -1 );
+
+ if( (size_t) p % POLARSSL_MEMORY_ALIGN_MULTIPLE != 0 )
+ return( -1 );
+
+ return( 0 );
+}
+
+static int check_all_free( )
+{
+ if(
+#if defined(POLARSSL_MEMORY_DEBUG)
+ heap.total_used != 0 ||
+#endif
+ heap.first != heap.first_free ||
+ (void *) heap.first != (void *) heap.buf )
+ {
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
+#define TEST_ASSERT( condition ) \
+ if( ! (condition) ) \
+ { \
+ if( verbose != 0 ) \
+ polarssl_printf( "failed\n" ); \
+ \
+ ret = 1; \
+ goto cleanup; \
+ }
+
+int memory_buffer_alloc_self_test( int verbose )
+{
+ unsigned char buf[1024];
+ unsigned char *p, *q, *r, *end;
+ int ret = 0;
+
+ if( verbose != 0 )
+ polarssl_printf( " MBA test #1 (basic alloc-free cycle): " );
+
+ memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+ p = polarssl_malloc( 1 );
+ q = polarssl_malloc( 128 );
+ r = polarssl_malloc( 16 );
+
+ TEST_ASSERT( check_pointer( p ) == 0 &&
+ check_pointer( q ) == 0 &&
+ check_pointer( r ) == 0 );
+
+ polarssl_free( r );
+ polarssl_free( q );
+ polarssl_free( p );
+
+ TEST_ASSERT( check_all_free( ) == 0 );
+
+ /* Memorize end to compare with the next test */
+ end = heap.buf + heap.len;
+
+ memory_buffer_alloc_free( );
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+
+ if( verbose != 0 )
+ polarssl_printf( " MBA test #2 (buf not aligned): " );
+
+ memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
+
+ TEST_ASSERT( heap.buf + heap.len == end );
+
+ p = polarssl_malloc( 1 );
+ q = polarssl_malloc( 128 );
+ r = polarssl_malloc( 16 );
+
+ TEST_ASSERT( check_pointer( p ) == 0 &&
+ check_pointer( q ) == 0 &&
+ check_pointer( r ) == 0 );
+
+ polarssl_free( r );
+ polarssl_free( q );
+ polarssl_free( p );
+
+ TEST_ASSERT( check_all_free( ) == 0 );
+
+ memory_buffer_alloc_free( );
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+
+ if( verbose != 0 )
+ polarssl_printf( " MBA test #3 (full): " );
+
+ memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+ p = polarssl_malloc( sizeof( buf ) - sizeof( memory_header ) );
+
+ TEST_ASSERT( check_pointer( p ) == 0 );
+ TEST_ASSERT( polarssl_malloc( 1 ) == NULL );
+
+ polarssl_free( p );
+
+ p = polarssl_malloc( sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
+ q = polarssl_malloc( 16 );
+
+ TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
+ TEST_ASSERT( polarssl_malloc( 1 ) == NULL );
+
+ polarssl_free( q );
+
+ TEST_ASSERT( polarssl_malloc( 17 ) == NULL );
+
+ polarssl_free( p );
+
+ TEST_ASSERT( check_all_free( ) == 0 );
+
+ memory_buffer_alloc_free( );
+
+ if( verbose != 0 )
+ polarssl_printf( "passed\n" );
+
+cleanup:
+ memory_buffer_alloc_free( );
+
+ return( ret );
+}
+#endif /* POLARSSL_SELF_TEST */
+
#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_C */
diff --git a/library/net.c b/library/net.c
index 3f0e448..1fb6884 100644
--- a/library/net.c
+++ b/library/net.c
@@ -1,12 +1,9 @@
/*
* TCP networking functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,8 @@
#include "polarssl/net.h"
+#include <string.h>
+
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
@@ -130,6 +129,12 @@
(((unsigned long )(n) & 0xFF000000) >> 24))
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_snprintf snprintf
+#endif
+
unsigned short net_htons( unsigned short n );
unsigned long net_htonl( unsigned long n );
#define net_htons(n) POLARSSL_HTONS(n)
@@ -174,7 +179,7 @@
/* getaddrinfo expects port as a string */
memset( port_str, 0, sizeof( port_str ) );
- snprintf( port_str, sizeof( port_str ), "%d", port );
+ polarssl_snprintf( port_str, sizeof( port_str ), "%d", port );
/* Do name resolution with both IPv6 and IPv4, but only TCP */
memset( &hints, 0, sizeof( hints ) );
@@ -260,7 +265,7 @@
/* getaddrinfo expects port as a string */
memset( port_str, 0, sizeof( port_str ) );
- snprintf( port_str, sizeof( port_str ), "%d", port );
+ polarssl_snprintf( port_str, sizeof( port_str ), "%d", port );
/* Bind to IPv6 and/or IPv4, but only in TCP */
memset( &hints, 0, sizeof( hints ) );
@@ -496,12 +501,12 @@
void net_usleep( unsigned long usec )
{
struct timeval tv;
- tv.tv_sec = 0;
+ tv.tv_sec = usec / 1000000;
#if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \
( defined(__APPLE__) && defined(__MACH__) ) )
- tv.tv_usec = (suseconds_t) usec;
+ tv.tv_usec = (suseconds_t) usec % 1000000;
#else
- tv.tv_usec = usec;
+ tv.tv_usec = usec % 1000000;
#endif
select( 0, NULL, NULL, NULL, &tv );
}
diff --git a/library/oid.c b/library/oid.c
index 7b54054..b616d7e 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -3,12 +3,9 @@
*
* \brief Object Identifier (OID) database
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -36,12 +33,19 @@
#include "polarssl/oid.h"
#include "polarssl/rsa.h"
+#include <stdio.h>
+#include <string.h>
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_snprintf snprintf
+#endif
+
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
#include "polarssl/x509.h"
#endif
-#include <stdio.h>
-
/*
* Macro to automatically add the size of #define'd OIDs
*/
@@ -232,6 +236,10 @@
"DC",
},
{
+ { ADD_LEN( OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" },
+ "uniqueIdentifier",
+ },
+ {
{ NULL, 0, NULL, NULL },
NULL,
}
@@ -369,7 +377,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0, 0,
+ POLARSSL_MD_NONE, POLARSSL_PK_NONE,
},
};
@@ -403,7 +411,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0,
+ POLARSSL_PK_NONE,
},
};
@@ -468,7 +476,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0,
+ POLARSSL_ECP_DP_NONE,
},
};
@@ -498,7 +506,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0,
+ POLARSSL_CIPHER_NONE,
},
};
@@ -551,7 +559,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0,
+ POLARSSL_MD_NONE,
},
};
@@ -582,7 +590,7 @@
},
{
{ NULL, 0, NULL, NULL },
- 0, 0,
+ POLARSSL_MD_NONE, POLARSSL_CIPHER_NONE,
},
};
@@ -655,7 +663,7 @@
/* First byte contains first two dots */
if( oid->len > 0 )
{
- ret = snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
+ ret = polarssl_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
SAFE_SNPRINTF();
}
@@ -672,7 +680,7 @@
if( !( oid->p[i] & 0x80 ) )
{
/* Last byte */
- ret = snprintf( p, n, ".%d", value );
+ ret = polarssl_snprintf( p, n, ".%d", value );
SAFE_SNPRINTF();
value = 0;
}
diff --git a/library/padlock.c b/library/padlock.c
index 5d06390..d83f76c 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -1,12 +1,9 @@
/*
* VIA PadLock support functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,6 +36,8 @@
#include "polarssl/padlock.h"
+#include <string.h>
+
#if defined(POLARSSL_HAVE_X86)
/*
@@ -105,7 +104,7 @@
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
- : "ecx", "edx", "esi", "edi" );
+ : "memory", "ecx", "edx", "esi", "edi" );
memcpy( output, blk, 16 );
@@ -156,7 +155,7 @@
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
"m" (rk), "m" (input), "m" (output), "m" (iw)
- : "eax", "ecx", "edx", "esi", "edi" );
+ : "memory", "eax", "ecx", "edx", "esi", "edi" );
memcpy( iv, iw, 16 );
diff --git a/library/pbkdf2.c b/library/pbkdf2.c
index e76f066..783e4a8 100644
--- a/library/pbkdf2.c
+++ b/library/pbkdf2.c
@@ -1,17 +1,13 @@
/**
* \file pbkdf2.c
*
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- * DEPRECATED: Use pkcs5.c instead
+ * \brief Compatibility wrappers for pkcs5.c
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -45,6 +41,7 @@
#include "polarssl/pbkdf2.h"
#include "polarssl/pkcs5.h"
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
const unsigned char *salt, size_t slen,
unsigned int iteration_count,
@@ -53,12 +50,15 @@
return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
key_length, output );
}
+#endif
#if defined(POLARSSL_SELF_TEST)
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int pbkdf2_self_test( int verbose )
{
return pkcs5_self_test( verbose );
}
+#endif
#endif /* POLARSSL_SELF_TEST */
#endif /* POLARSSL_PBKDF2_C */
diff --git a/library/pem.c b/library/pem.c
index 485d829..68be8fd 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -1,12 +1,9 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,6 +27,7 @@
#endif
#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
+
#include "polarssl/pem.h"
#include "polarssl/base64.h"
#include "polarssl/des.h"
@@ -37,15 +35,16 @@
#include "polarssl/md5.h"
#include "polarssl/cipher.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -322,7 +321,7 @@
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
- if( ( buf = (unsigned char *) polarssl_malloc( len ) ) == NULL )
+ if( ( buf = polarssl_malloc( len ) ) == NULL )
return( POLARSSL_ERR_PEM_MALLOC_FAILED );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
diff --git a/library/pk.c b/library/pk.c
index 4aba3aa..4d78b57 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -1,12 +1,9 @@
/*
* Public Key abstraction layer
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,7 +27,6 @@
#endif
#if defined(POLARSSL_PK_C)
-
#include "polarssl/pk.h"
#include "polarssl/pk_wrap.h"
@@ -301,6 +297,32 @@
}
/*
+ * Check public-private key pair
+ */
+int pk_check_pair( const pk_context *pub, const pk_context *prv )
+{
+ if( pub == NULL || pub->pk_info == NULL ||
+ prv == NULL || prv->pk_info == NULL ||
+ prv->pk_info->check_pair_func == NULL )
+ {
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+ }
+
+ if( prv->pk_info->type == POLARSSL_PK_RSA_ALT )
+ {
+ if( pub->pk_info->type != POLARSSL_PK_RSA )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+ }
+ else
+ {
+ if( pub->pk_info != prv->pk_info )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+ }
+
+ return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+}
+
+/*
* Get key size in bits
*/
size_t pk_get_size( const pk_context *ctx )
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 5e9ff60..6068605 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1,12 +1,9 @@
/*
* Public Key abstraction layer: wrapper functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,12 +27,13 @@
#endif
#if defined(POLARSSL_PK_C)
-
#include "polarssl/pk_wrap.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "polarssl/rsa.h"
+#include <string.h>
+
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
@@ -117,14 +115,21 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- ((void) osize);
-
*olen = ((rsa_context *) ctx)->len;
+ if( *olen > osize )
+ return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
+
return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
}
+static int rsa_check_pair_wrap( const void *pub, const void *prv )
+{
+ return( rsa_check_pub_priv( (const rsa_context *) pub,
+ (const rsa_context *) prv ) );
+}
+
static void *rsa_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
@@ -163,6 +168,7 @@
rsa_sign_wrap,
rsa_decrypt_wrap,
rsa_encrypt_wrap,
+ rsa_check_pair_wrap,
rsa_alloc_wrap,
rsa_free_wrap,
rsa_debug,
@@ -234,6 +240,12 @@
#endif /* POLARSSL_ECDSA_C */
+static int eckey_check_pair( const void *pub, const void *prv )
+{
+ return( ecp_check_pub_priv( (const ecp_keypair *) pub,
+ (const ecp_keypair *) prv ) );
+}
+
static void *eckey_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
@@ -271,6 +283,7 @@
#endif
NULL,
NULL,
+ eckey_check_pair,
eckey_alloc_wrap,
eckey_free_wrap,
eckey_debug,
@@ -294,6 +307,7 @@
NULL,
NULL,
NULL,
+ eckey_check_pair,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */
@@ -367,6 +381,7 @@
ecdsa_sign_wrap,
NULL,
NULL,
+ eckey_check_pair, /* Compatible key structures */
ecdsa_alloc_wrap,
ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */
@@ -419,6 +434,36 @@
RSA_PRIVATE, olen, input, output, osize ) );
}
+#if defined(POLARSSL_RSA_C)
+static int rsa_alt_check_pair( const void *pub, const void *prv )
+{
+ unsigned char sig[POLARSSL_MPI_MAX_SIZE];
+ unsigned char hash[32];
+ size_t sig_len = 0;
+ int ret;
+
+ if( rsa_alt_get_size( prv ) != rsa_get_size( pub ) )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ memset( hash, 0x2a, sizeof( hash ) );
+
+ if( ( ret = rsa_alt_sign_wrap( (void *) prv, POLARSSL_MD_NONE,
+ hash, sizeof( hash ),
+ sig, &sig_len, NULL, NULL ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( rsa_verify_wrap( (void *) pub, POLARSSL_MD_NONE,
+ hash, sizeof( hash ), sig, sig_len ) != 0 )
+ {
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_RSA_C */
+
static void *rsa_alt_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
@@ -444,6 +489,11 @@
rsa_alt_sign_wrap,
rsa_alt_decrypt_wrap,
NULL,
+#if defined(POLARSSL_RSA_C)
+ rsa_alt_check_pair,
+#else
+ NULL,
+#endif
rsa_alt_alloc_wrap,
rsa_alt_free_wrap,
NULL,
diff --git a/library/pkcs11.c b/library/pkcs11.c
index 64e7ce3..14cde31 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -5,12 +5,9 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,6 +27,7 @@
#include "polarssl/pkcs11.h"
#if defined(POLARSSL_PKCS11_C)
+
#include "polarssl/md.h"
#include "polarssl/oid.h"
#include "polarssl/x509_crt.h"
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 0cf2edf..f84fd52 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -1,12 +1,9 @@
/*
* PKCS#12 Personal Information Exchange Syntax
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -41,6 +38,8 @@
#include "polarssl/asn1.h"
#include "polarssl/cipher.h"
+#include <string.h>
+
#if defined(POLARSSL_ARC4_C)
#include "polarssl/arc4.h"
#endif
@@ -199,7 +198,7 @@
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
- if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 )
+ if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, (operation_t) mode ) ) != 0 )
goto exit;
if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
diff --git a/library/pkcs5.c b/library/pkcs5.c
index e2c4e48..c1bab70 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -5,12 +5,9 @@
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -46,9 +43,12 @@
#include "polarssl/cipher.h"
#include "polarssl/oid.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
#endif
@@ -201,7 +201,7 @@
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
- if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 )
+ if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, (operation_t) mode ) ) != 0 )
goto exit;
if( ( ret = cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
@@ -298,44 +298,39 @@
}
#else
-#include <stdio.h>
-
#define MAX_TESTS 6
-size_t plen[MAX_TESTS] =
- { 8, 8, 8, 8, 24, 9 };
+static const size_t plen[MAX_TESTS] =
+ { 8, 8, 8, 24, 9 };
-unsigned char password[MAX_TESTS][32] =
+static const unsigned char password[MAX_TESTS][32] =
{
"password",
"password",
"password",
- "password",
"passwordPASSWORDpassword",
"pass\0word",
};
-size_t slen[MAX_TESTS] =
- { 4, 4, 4, 4, 36, 5 };
+static const size_t slen[MAX_TESTS] =
+ { 4, 4, 4, 36, 5 };
-unsigned char salt[MAX_TESTS][40] =
+static const unsigned char salt[MAX_TESTS][40] =
{
"salt",
"salt",
"salt",
- "salt",
"saltSALTsaltSALTsaltSALTsaltSALTsalt",
"sa\0lt",
};
-uint32_t it_cnt[MAX_TESTS] =
- { 1, 2, 4096, 16777216, 4096, 4096 };
+static const uint32_t it_cnt[MAX_TESTS] =
+ { 1, 2, 4096, 4096, 4096 };
-uint32_t key_len[MAX_TESTS] =
- { 20, 20, 20, 20, 25, 16 };
+static const uint32_t key_len[MAX_TESTS] =
+ { 20, 20, 20, 25, 16 };
-
-unsigned char result_key[MAX_TESTS][32] =
+static const unsigned char result_key[MAX_TESTS][32] =
{
{ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
@@ -346,9 +341,6 @@
{ 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
0x65, 0xa4, 0x29, 0xc1 },
- { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
- 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
- 0x26, 0x34, 0xe9, 0x84 },
{ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
@@ -379,9 +371,6 @@
goto exit;
}
- if( verbose != 0 )
- polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
-
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
diff --git a/library/pkparse.c b/library/pkparse.c
index 29217a2..39c51f6 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1,12 +1,9 @@
/*
* Public Key layer for parsing key files and structures
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -35,6 +32,8 @@
#include "polarssl/asn1.h"
#include "polarssl/oid.h"
+#include <string.h>
+
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
@@ -71,7 +70,7 @@
/*
* Load all data from a file into a given buffer.
*/
-static int load_file( const char *path, unsigned char **buf, size_t *n )
+int pk_load_file( const char *path, unsigned char **buf, size_t *n )
{
FILE *f;
long size;
@@ -90,7 +89,7 @@
*n = (size_t) size;
if( *n + 1 == 0 ||
- ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
+ ( *buf = polarssl_malloc( *n + 1 ) ) == NULL )
{
fclose( f );
return( POLARSSL_ERR_PK_MALLOC_FAILED );
@@ -120,7 +119,7 @@
size_t n;
unsigned char *buf;
- if( ( ret = load_file( path, &buf, &n ) ) != 0 )
+ if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
if( pwd == NULL )
@@ -144,7 +143,7 @@
size_t n;
unsigned char *buf;
- if( ( ret = load_file( path, &buf, &n ) ) != 0 )
+ if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = pk_parse_public_key( ctx, buf, n );
@@ -346,7 +345,7 @@
/*
* order INTEGER
*/
- if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) )
+ if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
grp->nbits = mpi_msb( &grp->N );
@@ -762,58 +761,61 @@
p += len;
- /*
- * Is 'parameters' present?
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
+ pubkey_done = 0;
+ if( p != end )
{
- if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
- ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
+ /*
+ * Is 'parameters' present?
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
+ {
+ if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
+ ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
+ {
+ ecp_keypair_free( eck );
+ return( ret );
+ }
+ }
+ else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
{
ecp_keypair_free( eck );
- return( ret );
- }
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
- ecp_keypair_free( eck );
- return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
- }
-
- /*
- * Is 'publickey' present? If not, or if we can't read it (eg because it
- * is compressed), create it from the private key.
- */
- pubkey_done = 0;
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
- {
- end2 = p + len;
-
- if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
-
- if( p + len != end2 )
- return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
- pubkey_done = 1;
- else
- {
- /*
- * The only acceptable failure mode of pk_get_ecpubkey() above
- * is if the point format is not recognized.
- */
- if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE )
- return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
}
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- {
- ecp_keypair_free( eck );
- return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ /*
+ * Is 'publickey' present? If not, or if we can't read it (eg because it
+ * is compressed), create it from the private key.
+ */
+ if( ( ret = asn1_get_tag( &p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
+ {
+ end2 = p + len;
+
+ if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+ if( p + len != end2 )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+ if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
+ pubkey_done = 1;
+ else
+ {
+ /*
+ * The only acceptable failure mode of pk_get_ecpubkey() above
+ * is if the point format is not recognized.
+ */
+ if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE )
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
+ }
+ }
+ else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ {
+ ecp_keypair_free( eck );
+ return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
}
if( ! pubkey_done &&
@@ -925,6 +927,7 @@
/*
* Parse an encrypted PKCS#8 encoded private key
*/
+#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
static int pk_parse_key_pkcs8_encrypted_der(
pk_context *pk,
const unsigned char *key, size_t keylen,
@@ -1042,6 +1045,7 @@
return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
}
+#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
/*
* Parse a private key
@@ -1133,6 +1137,7 @@
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
+#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
ret = pem_read_buffer( &pem,
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
"-----END ENCRYPTED PRIVATE KEY-----",
@@ -1151,6 +1156,7 @@
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
+#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
#else
((void) pwd);
((void) pwdlen);
@@ -1163,6 +1169,7 @@
* We try the different DER format parsers to see if one passes without
* error
*/
+#if defined(POLARSSL_PKCS12_C) || defined(POLARSSL_PKCS5_C)
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 )
{
@@ -1175,6 +1182,7 @@
{
return( ret );
}
+#endif /* POLARSSL_PKCS12_C || POLARSSL_PKCS5_C */
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
return( 0 );
diff --git a/library/pkwrite.c b/library/pkwrite.c
index d627380..35dbd0b 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -1,12 +1,9 @@
/*
* Public Key layer for writing key files and structures
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -35,6 +32,8 @@
#include "polarssl/asn1write.h"
#include "polarssl/oid.h"
+#include <string.h>
+
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
diff --git a/library/platform.c b/library/platform.c
index d57cbc8..4afe8b7 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -1,12 +1,9 @@
/*
* Platform abstraction layer
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -65,6 +62,36 @@
}
#endif /* POLARSSL_PLATFORM_MEMORY */
+#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
+#if !defined(POLARSSL_PLATFORM_STD_SNPRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_snprintf_uninit( char * s, size_t n,
+ const char * format, ... )
+{
+ ((void) s);
+ ((void) n);
+ ((void) format)
+ return( 0 );
+}
+
+#define POLARSSL_PLATFORM_STD_SNPRINTF platform_snprintf_uninit
+#endif /* !POLARSSL_PLATFORM_STD_SNPRINTF */
+
+int (*polarssl_snprintf)( char * s, size_t n,
+ const char * format,
+ ... ) = POLARSSL_PLATFORM_STD_SNPRINTF;
+
+int platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+ const char * format,
+ ... ) )
+{
+ polarssl_snprintf = snprintf_func;
+ return( 0 );
+}
+#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */
+
#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
#if !defined(POLARSSL_PLATFORM_STD_PRINTF)
/*
@@ -113,4 +140,27 @@
}
#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_EXIT_ALT)
+#if !defined(POLARSSL_PLATFORM_STD_EXIT)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static void platform_exit_uninit( int status )
+{
+ ((void) status);
+ return( 0 );
+}
+
+#define POLARSSL_PLATFORM_STD_EXIT platform_exit_uninit
+#endif /* !POLARSSL_PLATFORM_STD_EXIT */
+
+int (*polarssl_exit)( int status ) = POLARSSL_PLATFORM_STD_EXIT;
+
+int platform_set_exit( void (*exit_func)( int status ) )
+{
+ polarssl_exit = exit_func;
+ return( 0 );
+}
+#endif /* POLARSSL_PLATFORM_EXIT_ALT */
+
#endif /* POLARSSL_PLATFORM_C */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index fcd7760..2c196f4 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -1,12 +1,9 @@
/*
* RIPE MD-160 implementation
*
- * Copyright (C) 2014-2014, Brainspark B.V.
+ * Copyright (C) 2014-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -39,19 +36,20 @@
#include "polarssl/ripemd160.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
#if defined(POLARSSL_SELF_TEST)
-#include <string.h>
-#endif
-
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/*
* 32-bit integer manipulation macros (little endian)
@@ -67,12 +65,12 @@
#endif
#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
+#define PUT_UINT32_LE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
+ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
+ (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
+ (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
diff --git a/library/rsa.c b/library/rsa.c
index 958085c..8ffb341 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1,12 +1,9 @@
/*
* The RSA public-key cryptosystem
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,16 +37,20 @@
#include "polarssl/rsa.h"
#include "polarssl/oid.h"
+#include <string.h>
+
#if defined(POLARSSL_PKCS1_V21)
#include "polarssl/md.h"
#endif
+#if defined(POLARSSL_PKCS1_V15) && !defined(__OpenBSD__)
#include <stdlib.h>
-#include <stdio.h>
+#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
#endif
@@ -241,6 +242,26 @@
}
/*
+ * Check if contexts holding a public and private key match
+ */
+int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv )
+{
+ if( rsa_check_pubkey( pub ) != 0 ||
+ rsa_check_privkey( prv ) != 0 )
+ {
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+ }
+
+ if( mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
+ mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
+ {
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+ }
+
+ return( 0 );
+}
+
+/*
* Do an RSA public key operation
*/
int rsa_public( rsa_context *ctx,
@@ -261,11 +282,18 @@
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_lock( &ctx->mutex );
+#endif
+
olen = ctx->len;
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_unlock( &ctx->mutex );
+#endif
mpi_free( &T );
@@ -275,7 +303,6 @@
return( 0 );
}
-#if !defined(POLARSSL_RSA_NO_CRT)
/*
* Generate or update blinding values, see section 10 of:
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
@@ -329,7 +356,6 @@
return( ret );
}
-#endif /* !POLARSSL_RSA_NO_CRT */
/*
* Do an RSA private key operation
@@ -343,7 +369,6 @@
int ret;
size_t olen;
mpi T, T1, T2;
-#if !defined(POLARSSL_RSA_NO_CRT)
mpi *Vi, *Vf;
/*
@@ -361,7 +386,6 @@
Vi = &ctx->Vi;
Vf = &ctx->Vf;
#endif
-#endif /* !POLARSSL_RSA_NO_CRT */
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
@@ -372,11 +396,6 @@
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
-#if defined(POLARSSL_RSA_NO_CRT)
- ((void) f_rng);
- ((void) p_rng);
- MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
-#else
if( f_rng != NULL )
{
/*
@@ -388,6 +407,13 @@
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_lock( &ctx->mutex );
+#endif
+
+#if defined(POLARSSL_RSA_NO_CRT)
+ MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
+#else
/*
* faster decryption using the CRT
*
@@ -409,6 +435,7 @@
*/
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
+#endif /* POLARSSL_RSA_NO_CRT */
if( f_rng != NULL )
{
@@ -419,16 +446,16 @@
MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
-#endif /* POLARSSL_RSA_NO_CRT */
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
- mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
-#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
+#if defined(POLARSSL_THREADING_C)
+ polarssl_mutex_unlock( &ctx->mutex );
mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
#endif
+ mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
if( ret != 0 )
return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
@@ -511,7 +538,7 @@
if( f_rng == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- md_info = md_info_from_type( ctx->hash_id );
+ md_info = md_info_from_type( (md_type_t) ctx->hash_id );
if( md_info == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -690,7 +717,7 @@
if( ilen < 16 || ilen > sizeof( buf ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- md_info = md_info_from_type( ctx->hash_id );
+ md_info = md_info_from_type( (md_type_t) ctx->hash_id );
if( md_info == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -746,7 +773,7 @@
for( i = 0; i < ilen - 2 * hlen - 2; i++ )
{
pad_done |= p[i];
- pad_len += ( pad_done == 0 );
+ pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
p += pad_len;
@@ -820,8 +847,8 @@
* (minus one, for the 00 byte) */
for( i = 0; i < ilen - 3; i++ )
{
- pad_done |= ( p[i] == 0 );
- pad_count += ( pad_done == 0 );
+ pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
+ pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
p += pad_count;
@@ -928,7 +955,7 @@
hashlen = md_get_size( md_info );
}
- md_info = md_info_from_type( ctx->hash_id );
+ md_info = md_info_from_type( (md_type_t) ctx->hash_id );
if( md_info == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -1425,10 +1452,8 @@
MPI_CHK( mpi_copy( &dst->RP, &src->RP ) );
MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) );
-#if !defined(POLARSSL_RSA_NO_CRT)
MPI_CHK( mpi_copy( &dst->Vi, &src->Vi ) );
MPI_CHK( mpi_copy( &dst->Vf, &src->Vf ) );
-#endif
dst->padding = src->padding;
dst->hash_id = src->hash_id;
@@ -1445,9 +1470,7 @@
*/
void rsa_free( rsa_context *ctx )
{
-#if !defined(POLARSSL_RSA_NO_CRT)
mpi_free( &ctx->Vi ); mpi_free( &ctx->Vf );
-#endif
mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN );
mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D );
diff --git a/library/sha1.c b/library/sha1.c
index 20408c7..fca6109 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -1,12 +1,9 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,15 +35,20 @@
#include "polarssl/sha1.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -474,7 +476,7 @@
/*
* FIPS-180-1 test vectors
*/
-static unsigned char sha1_test_buf[3][57] =
+static const unsigned char sha1_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -499,7 +501,7 @@
/*
* RFC 2202 test vectors
*/
-static unsigned char sha1_hmac_test_key[7][26] =
+static const unsigned char sha1_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -519,7 +521,7 @@
20, 4, 20, 25, 20, 80, 80
};
-static unsigned char sha1_hmac_test_buf[7][74] =
+static const unsigned char sha1_hmac_test_buf[7][74] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
@@ -620,7 +622,7 @@
if( i == 5 || i == 6 )
{
- memset( buf, '\xAA', buflen = 80 );
+ memset( buf, 0xAA, buflen = 80 );
sha1_hmac_starts( &ctx, buf, buflen );
}
else
diff --git a/library/sha256.c b/library/sha256.c
index 4fc6698..2b4b7e1 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -1,12 +1,9 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,15 +35,20 @@
#include "polarssl/sha256.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -481,7 +483,7 @@
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha256_test_buf[3][57] =
+static const unsigned char sha256_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -531,7 +533,7 @@
/*
* RFC 4231 test vectors
*/
-static unsigned char sha256_hmac_test_key[7][26] =
+static const unsigned char sha256_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -551,7 +553,7 @@
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha256_hmac_test_buf[7][153] =
+static const unsigned char sha256_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
@@ -701,7 +703,7 @@
if( j == 5 || j == 6 )
{
- memset( buf, '\xAA', buflen = 131 );
+ memset( buf, 0xAA, buflen = 131 );
sha256_hmac_starts( &ctx, buf, buflen, k );
}
else
diff --git a/library/sha512.c b/library/sha512.c
index f1d1525..4074d33 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -1,12 +1,9 @@
/*
* FIPS-180-2 compliant SHA-384/512 implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,15 +35,26 @@
#include "polarssl/sha512.h"
-#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
+#if defined(_MSC_VER) || defined(__WATCOMC__)
+ #define UL64(x) x##ui64
+#else
+ #define UL64(x) x##ULL
+#endif
+
+#include <string.h>
+
+#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
@@ -480,7 +488,7 @@
/*
* FIPS-180-2 test vectors
*/
-static unsigned char sha512_test_buf[3][113] =
+static const unsigned char sha512_test_buf[3][113] =
{
{ "abc" },
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
@@ -549,7 +557,7 @@
/*
* RFC 4231 test vectors
*/
-static unsigned char sha512_hmac_test_key[7][26] =
+static const unsigned char sha512_hmac_test_key[7][26] =
{
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
"\x0B\x0B\x0B\x0B" },
@@ -569,7 +577,7 @@
20, 4, 20, 25, 20, 131, 131
};
-static unsigned char sha512_hmac_test_buf[7][153] =
+static const unsigned char sha512_hmac_test_buf[7][153] =
{
{ "Hi There" },
{ "what do ya want for nothing?" },
@@ -755,7 +763,7 @@
if( j == 5 || j == 6 )
{
- memset( buf, '\xAA', buflen = 131 );
+ memset( buf, 0xAA, buflen = 131 );
sha512_hmac_starts( &ctx, buf, buflen, k );
}
else
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 836b685..0c2df29 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -1,12 +1,9 @@
/*
* SSL session cache implementation
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -37,15 +34,16 @@
#include "polarssl/ssl_cache.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
void ssl_cache_init( ssl_cache_context *cache )
{
memset( cache, 0, sizeof( ssl_cache_context ) );
@@ -105,10 +103,8 @@
*/
if( entry->peer_cert.p != NULL )
{
- session->peer_cert =
- (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
-
- if( session->peer_cert == NULL )
+ if( ( session->peer_cert = polarssl_malloc(
+ sizeof(x509_crt) ) ) == NULL )
{
ret = 1;
goto exit;
@@ -226,8 +222,7 @@
/*
* max_entries not reached, create new entry
*/
- cur = (ssl_cache_entry *)
- polarssl_malloc( sizeof(ssl_cache_entry) );
+ cur = polarssl_malloc( sizeof(ssl_cache_entry) );
if( cur == NULL )
{
ret = 1;
@@ -264,8 +259,7 @@
*/
if( session->peer_cert != NULL )
{
- cur->peer_cert.p = (unsigned char *)
- polarssl_malloc( session->peer_cert->raw.len );
+ cur->peer_cert.p = polarssl_malloc( session->peer_cert->raw.len );
if( cur->peer_cert.p == NULL )
{
ret = 1;
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 7907980..0fee1e6 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,14 +1,11 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for PolarSSL
+ * \brief SSL ciphersuites for mbed TLS
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -36,7 +33,8 @@
#include "polarssl/ssl_ciphersuites.h"
#include "polarssl/ssl.h"
-#include <stdlib.h>
+// #include <stdlib.h>
+#include <string.h>
#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
!defined(EFI32)
@@ -1676,7 +1674,9 @@
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
- { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
+ { 0, "",
+ POLARSSL_CIPHER_NONE, POLARSSL_MD_NONE, POLARSSL_KEY_EXCHANGE_NONE,
+ 0, 0, 0, 0, 0 }
};
#if defined(SSL_CIPHERSUITES)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 27abb3e..caeb6f3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1,12 +1,9 @@
/*
* SSLv3/TLSv1 client-side functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,16 +31,16 @@
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
+#include <string.h>
+
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-#include <stdio.h>
-
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -114,6 +111,7 @@
}
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
static void ssl_write_renegotiation_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@@ -141,8 +139,13 @@
*olen = 5 + ssl->verify_data_len;
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+/*
+ * Only if we handle at least one key exchange that needs signatures.
+ */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
+ defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@@ -236,7 +239,8 @@
*olen = 6 + sig_alg_len;
}
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
+ POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
@@ -359,6 +363,58 @@
}
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl,
+ unsigned char *buf, size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->encrypt_then_mac == SSL_ETM_DISABLED ||
+ ssl->max_minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
+ "extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+static void ssl_write_extended_ms_ext( ssl_context *ssl,
+ unsigned char *buf, size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+ ssl->max_minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
+ "extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl,
unsigned char *buf, size_t *olen )
@@ -464,7 +520,9 @@
return( POLARSSL_ERR_SSL_NO_RNG );
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
{
ssl->major_ver = ssl->min_major_ver;
ssl->minor_ver = ssl->min_minor_ver;
@@ -528,7 +586,10 @@
*/
n = ssl->session_negotiate->length;
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE || n < 16 || n > 32 ||
+ if( n < 16 || n > 32 ||
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+#endif
ssl->handshake->resume == 0 )
{
n = 0;
@@ -539,16 +600,20 @@
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
- ssl->session_negotiate->ticket != NULL &&
- ssl->session_negotiate->ticket_len != 0 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
{
- ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
+ if( ssl->session_negotiate->ticket != NULL &&
+ ssl->session_negotiate->ticket_len != 0 )
+ {
+ ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
- if( ret != 0 )
- return( ret );
+ if( ret != 0 )
+ return( ret );
- ssl->session_negotiate->length = n = 32;
+ ssl->session_negotiate->length = n = 32;
+ }
}
#endif /* POLARSSL_SSL_SESSION_TICKETS */
@@ -567,16 +632,6 @@
// Skip writing ciphersuite length for now
p += 2;
- /*
- * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
- */
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
- {
- *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
- *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
- n++;
- }
-
for( i = 0; ciphersuites[i] != 0; i++ )
{
ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
@@ -588,6 +643,10 @@
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
continue;
+ if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
+ ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+ continue;
+
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
ciphersuites[i] ) );
@@ -596,6 +655,29 @@
*p++ = (unsigned char)( ciphersuites[i] );
}
+ /*
+ * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
+ {
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
+ n++;
+ }
+
+ /* Some versions of OpenSSL don't handle it correctly if not at end */
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+ if( ssl->fallback == SSL_IS_FALLBACK )
+ {
+ SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+ *p++ = (unsigned char)( SSL_FALLBACK_SCSV >> 8 );
+ *p++ = (unsigned char)( SSL_FALLBACK_SCSV );
+ n++;
+ }
+#endif
+
*q++ = (unsigned char)( n >> 7 );
*q++ = (unsigned char)( n << 1 );
@@ -625,10 +707,13 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
+#endif
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
+ defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
@@ -651,6 +736,16 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -661,6 +756,9 @@
ext_len += olen;
#endif
+ /* olen unused if all extensions are disabled */
+ ((void) olen);
+
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
@@ -694,21 +792,8 @@
{
int ret;
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
- {
- if( len != 1 || buf[0] != 0x0 )
- {
- SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
-
- if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
- return( ret );
-
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
- }
- else
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
{
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 ||
@@ -718,7 +803,7 @@
safer_memcmp( buf + 1 + ssl->verify_data_len,
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{
- SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
+ SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
return( ret );
@@ -726,6 +811,21 @@
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
}
+ else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+ {
+ if( len != 1 || buf[0] != 0x00 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ }
return( 0 );
}
@@ -769,6 +869,46 @@
}
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+static int ssl_parse_encrypt_then_mac_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( ssl->encrypt_then_mac == SSL_ETM_DISABLED ||
+ ssl->minor_ver == SSL_MINOR_VERSION_0 ||
+ len != 0 )
+ {
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ((void) buf);
+
+ ssl->session_negotiate->encrypt_then_mac = SSL_ETM_ENABLED;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+static int ssl_parse_extended_ms_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+ ssl->minor_ver == SSL_MINOR_VERSION_0 ||
+ len != 0 )
+ {
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ((void) buf);
+
+ ssl->handshake->extended_ms = SSL_EXTENDED_MS_ENABLED;
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
const unsigned char *buf,
@@ -877,8 +1017,11 @@
size_t n;
size_t ext_len;
unsigned char *buf, *ext;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0;
+#endif
int handshake_failure = 0;
+ const ssl_ciphersuite_t *suite_info;
#if defined(POLARSSL_DEBUG_C)
uint32_t t;
#endif
@@ -902,6 +1045,7 @@
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
ssl->renego_records_seen++;
@@ -917,6 +1061,7 @@
SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
return( POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
@@ -1025,8 +1170,10 @@
/*
* Check if the session can be resumed
*/
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
- ssl->handshake->resume == 0 || n == 0 ||
+ if( ssl->handshake->resume == 0 || n == 0 ||
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+#endif
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->length != n ||
@@ -1059,6 +1206,16 @@
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
+ suite_info = ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
+ if( suite_info == NULL ||
+ ( ssl->arc4_disabled &&
+ suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+
i = 0;
while( 1 )
{
@@ -1107,7 +1264,9 @@
{
case TLS_EXT_RENEGOTIATION_INFO:
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
renegotiation_info_seen = 1;
+#endif
if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
ext_size ) ) != 0 )
@@ -1141,6 +1300,32 @@
break;
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ case TLS_EXT_ENCRYPT_THEN_MAC:
+ SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
+
+ if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ case TLS_EXT_EXTENDED_MASTER_SECRET:
+ SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) );
+
+ if( ( ret = ssl_parse_extended_ms_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET:
SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
@@ -1201,6 +1386,7 @@
SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->renegotiation == SSL_RENEGOTIATION &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
@@ -1222,6 +1408,7 @@
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
handshake_failure = 1;
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
if( handshake_failure == 1 )
{
@@ -1292,7 +1479,7 @@
SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-#if defined(POLARSSL_SSL_ECP_SET_CURVES)
+#if defined(POLARSSL_SSL_SET_CURVES)
if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
@@ -2253,12 +2440,6 @@
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
- if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
- return( ret );
- }
-
ssl->out_msglen = i + n;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE;
@@ -2283,9 +2464,16 @@
static int ssl_write_certificate_verify( ssl_context *ssl )
{
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ int ret;
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
@@ -2312,6 +2500,12 @@
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+ if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+ return( ret );
+ }
+
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 01b0aca..5f01a01 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1,12 +1,9 @@
/*
* SSLv3/TLSv1 server-side functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +30,9 @@
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
+
+#include <string.h>
+
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
@@ -40,13 +40,11 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-#include <stdio.h>
-
#if defined(POLARSSL_HAVE_TIME)
#include <time.h>
#endif
@@ -431,11 +429,29 @@
{
int ret;
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ /* Check verify-data in constant-time. The length OTOH is no secret */
+ if( len != 1 + ssl->verify_data_len ||
+ buf[0] != ssl->verify_data_len ||
+ safer_memcmp( buf + 1, ssl->peer_verify_data,
+ ssl->verify_data_len ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ }
+ else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
{
if( len != 1 || buf[0] != 0x0 )
{
- SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
+ SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
return( ret );
@@ -445,27 +461,12 @@
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
}
- else
- {
- /* Check verify-data in constant-time. The length OTOH is no secret */
- if( len != 1 + ssl->verify_data_len ||
- buf[0] != ssl->verify_data_len ||
- safer_memcmp( buf + 1, ssl->peer_verify_data,
- ssl->verify_data_len ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
-
- if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
- return( ret );
-
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
- }
return( 0 );
}
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
+ defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
const unsigned char *buf,
size_t len )
@@ -509,7 +510,8 @@
return( 0 );
}
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
+ POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
@@ -629,12 +631,59 @@
((void) buf);
- ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+ if( ssl->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+ ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
return( 0 );
}
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+static int ssl_parse_encrypt_then_mac_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( len != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ((void) buf);
+
+ if( ssl->encrypt_then_mac == SSL_ETM_ENABLED &&
+ ssl->minor_ver != SSL_MINOR_VERSION_0 )
+ {
+ ssl->session_negotiate->encrypt_then_mac = SSL_ETM_ENABLED;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+static int ssl_parse_extended_ms_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ if( len != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ((void) buf);
+
+ if( ssl->extended_ms == SSL_EXTENDED_MS_ENABLED &&
+ ssl->minor_ver != SSL_MINOR_VERSION_0 )
+ {
+ ssl->handshake->extended_ms = SSL_EXTENDED_MS_ENABLED;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static int ssl_parse_session_ticket_ext( ssl_context *ssl,
unsigned char *buf,
@@ -653,11 +702,13 @@
if( len == 0 )
return( 0 );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
return( 0 );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/*
* Failures are ok: just ignore the ticket and proceed.
@@ -749,11 +800,11 @@
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
- * Return 1 if the given EC key uses the given curve, 0 otherwise
+ * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/
#if defined(POLARSSL_ECDSA_C)
-static int ssl_key_matches_curves( pk_context *pk,
- const ecp_curve_info **curves )
+static int ssl_check_key_curve( pk_context *pk,
+ const ecp_curve_info **curves )
{
const ecp_curve_info **crv = curves;
ecp_group_id grp_id = pk_ec( *pk )->grp.id;
@@ -761,11 +812,11 @@
while( *crv != NULL )
{
if( (*crv)->grp_id == grp_id )
- return( 1 );
+ return( 0 );
crv++;
}
- return( 0 );
+ return( -1 );
}
#endif /* POLARSSL_ECDSA_C */
@@ -776,8 +827,9 @@
static int ssl_pick_cert( ssl_context *ssl,
const ssl_ciphersuite_t * ciphersuite_info )
{
- ssl_key_cert *cur, *list;
+ ssl_key_cert *cur, *list, *fallback = NULL;
pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ int flags;
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_key_cert != NULL )
@@ -789,10 +841,18 @@
if( pk_alg == POLARSSL_PK_NONE )
return( 0 );
+ SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
+
for( cur = list; cur != NULL; cur = cur->next )
{
+ SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
+ cur->cert );
+
if( ! pk_can_do( cur->key, pk_alg ) )
+ {
+ SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
continue;
+ }
/*
* This avoids sending the client a cert it'll reject based on
@@ -803,27 +863,57 @@
* and decrypting with the same RSA key.
*/
if( ssl_check_cert_usage( cur->cert, ciphersuite_info,
- SSL_IS_SERVER ) != 0 )
+ SSL_IS_SERVER, &flags ) != 0 )
{
+ SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
+ "(extended) key usage extension" ) );
continue;
}
#if defined(POLARSSL_ECDSA_C)
- if( pk_alg == POLARSSL_PK_ECDSA )
+ if( pk_alg == POLARSSL_PK_ECDSA &&
+ ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
{
- if( ssl_key_matches_curves( cur->key, ssl->handshake->curves ) )
- break;
+ SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
+ continue;
}
- else
#endif
- break;
+
+ /*
+ * Try to select a SHA-1 certificate for pre-1.2 clients, but still
+ * present them a SHA-higher cert rather than failing if it's the only
+ * one we got that satisfies the other conditions.
+ */
+ if( ssl->minor_ver < SSL_MINOR_VERSION_3 &&
+ cur->cert->sig_md != POLARSSL_MD_SHA1 )
+ {
+ if( fallback == NULL )
+ fallback = cur;
+ {
+ SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
+ "sha-2 with pre-TLS 1.2 client" ) );
+ continue;
+ }
+ }
+
+ /* If we get there, we got a winner */
+ break;
}
if( cur == NULL )
- return( -1 );
+ cur = fallback;
- ssl->handshake->key_cert = cur;
- return( 0 );
+
+ /* Do not update ssl->handshake->key_cert unless the is a match */
+ if( cur != NULL )
+ {
+ ssl->handshake->key_cert = cur;
+ SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
+ ssl->handshake->key_cert->cert );
+ return( 0 );
+ }
+
+ return( -1 );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
@@ -839,19 +929,35 @@
suite_info = ssl_ciphersuite_from_id( suite_id );
if( suite_info == NULL )
{
- SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", suite_id ) );
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
+ SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) );
+
if( suite_info->min_minor_ver > ssl->minor_ver ||
suite_info->max_minor_ver < ssl->minor_ver )
+ {
+ SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
return( 0 );
+ }
+
+ if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
+ suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+ {
+ SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
+ return( 0 );
+ }
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
if( ssl_ciphersuite_uses_ec( suite_info ) &&
( ssl->handshake->curves == NULL ||
ssl->handshake->curves[0] == NULL ) )
+ {
+ SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+ "no common elliptic curve" ) );
return( 0 );
+ }
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -861,7 +967,10 @@
ssl->f_psk == NULL &&
( ssl->psk == NULL || ssl->psk_identity == NULL ||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ {
+ SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
return( 0 );
+ }
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
@@ -873,7 +982,11 @@
* This must be done last since we modify the key_cert list.
*/
if( ssl_pick_cert( ssl, suite_info ) != 0 )
+ {
+ SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+ "no suitable certificate" ) );
return( 0 );
+ }
#endif
*ciphersuite_info = suite_info;
@@ -883,7 +996,7 @@
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
static int ssl_parse_client_hello_v2( ssl_context *ssl )
{
- int ret;
+ int ret, got_common_suite;
unsigned int i, j;
size_t n;
unsigned int ciph_len, sess_len, chal_len;
@@ -893,6 +1006,7 @@
SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
@@ -902,6 +1016,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
buf = ssl->in_hdr;
@@ -1038,20 +1153,48 @@
if( p[0] == 0 && p[1] == 0 && p[2] == SSL_EMPTY_RENEGOTIATION_INFO )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
- SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+ SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
+ "during renegotiation" ) );
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
return( ret );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
break;
}
}
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+ for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
+ {
+ if( p[0] == 0 &&
+ p[1] == (unsigned char)( ( SSL_FALLBACK_SCSV >> 8 ) & 0xff ) &&
+ p[2] == (unsigned char)( ( SSL_FALLBACK_SCSV ) & 0xff ) )
+ {
+ SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
+
+ if( ssl->minor_ver < ssl->max_minor_ver )
+ {
+ SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ break;
+ }
+ }
+#endif /* POLARSSL_SSL_FALLBACK_SCSV */
+
+ got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@@ -1069,6 +1212,8 @@
p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
continue;
+ got_common_suite = 1;
+
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 )
return( ret );
@@ -1078,11 +1223,21 @@
}
}
- SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-
- return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ if( got_common_suite )
+ {
+ SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+ "but none of them usable" ) );
+ return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
+ }
+ else
+ {
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ }
have_ciphersuite_v2:
+ SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
ssl->session_negotiate->ciphersuite = ciphersuites[i];
ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
@@ -1112,25 +1267,31 @@
static int ssl_parse_client_hello( ssl_context *ssl )
{
- int ret;
+ int ret, got_common_suite;
unsigned int i, j;
size_t n;
unsigned int ciph_len, sess_len;
unsigned int comp_len;
unsigned int ext_len = 0;
unsigned char *buf, *p, *ext;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0;
+#endif
int handshake_failure = 0;
const int *ciphersuites;
const ssl_ciphersuite_t *ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
- ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
{
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
+ if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
}
buf = ssl->in_hdr;
@@ -1177,18 +1338,24 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
- ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
{
- SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
- return( ret );
+ if( ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
+ return( ret );
+ }
}
buf = ssl->in_msg;
- if( !ssl->renegotiation )
- n = ssl->in_left - 5;
- else
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
n = ssl->in_msglen;
+ else
+#endif
+ n = ssl->in_left - 5;
ssl->handshake->update_checksum( ssl, buf, n );
@@ -1351,6 +1518,7 @@
if( p[0] == 0 && p[1] == SSL_EMPTY_RENEGOTIATION_INFO )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
@@ -1360,11 +1528,36 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ renegotiation_info_seen = 1;
+#endif /* POLARSSL_SSL_RENEGOTIATION */
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
break;
}
}
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+ for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
+ {
+ if( p[0] == (unsigned char)( ( SSL_FALLBACK_SCSV >> 8 ) & 0xff ) &&
+ p[1] == (unsigned char)( ( SSL_FALLBACK_SCSV ) & 0xff ) )
+ {
+ SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
+
+ if( ssl->minor_ver < ssl->max_minor_ver )
+ {
+ SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
+
+ ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ break;
+ }
+ }
+#endif /* POLARSSL_SSL_FALLBACK_SCSV */
+
ext = buf + 44 + sess_len + ciph_len + comp_len;
while( ext_len )
@@ -1395,24 +1588,30 @@
case TLS_EXT_RENEGOTIATION_INFO:
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
renegotiation_info_seen = 1;
+#endif
ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
+ defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
case TLS_EXT_SIG_ALG:
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
break;
+#endif
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
+ POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
@@ -1453,6 +1652,26 @@
break;
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ case TLS_EXT_ENCRYPT_THEN_MAC:
+ SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
+
+ ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ case TLS_EXT_EXTENDED_MASTER_SECRET:
+ SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
+
+ ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
case TLS_EXT_SESSION_TICKET:
SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
@@ -1491,12 +1710,13 @@
/*
* Renegotiation security checks
*/
- if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ if( ssl->secure_renegotiation != SSL_SECURE_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->renegotiation == SSL_RENEGOTIATION &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
@@ -1518,6 +1738,7 @@
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
handshake_failure = 1;
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
if( handshake_failure == 1 )
{
@@ -1532,6 +1753,7 @@
* (At the end because we need information from the EC-based extensions
* and certificate from the SNI callback triggered by the SNI extension.)
*/
+ got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@@ -1548,6 +1770,8 @@
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue;
+ got_common_suite = 1;
+
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 )
return( ret );
@@ -1557,14 +1781,23 @@
}
}
- SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-
- if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
- return( ret );
-
- return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ if( got_common_suite )
+ {
+ SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+ "but none of them usable" ) );
+ ssl_send_fatal_handshake_failure( ssl );
+ return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
+ }
+ else
+ {
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+ ssl_send_fatal_handshake_failure( ssl );
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ }
have_ciphersuite:
+ SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
ssl->session_negotiate->ciphersuite = ciphersuites[i];
ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
@@ -1602,6 +1835,76 @@
}
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ const ssl_ciphersuite_t *suite = NULL;
+ const cipher_info_t *cipher = NULL;
+
+ if( ssl->session_negotiate->encrypt_then_mac == SSL_EXTENDED_MS_DISABLED ||
+ ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ /*
+ * RFC 7366: "If a server receives an encrypt-then-MAC request extension
+ * from a client and then selects a stream or Authenticated Encryption
+ * with Associated Data (AEAD) ciphersuite, it MUST NOT send an
+ * encrypt-then-MAC response extension back to the client."
+ */
+ if( ( suite = ssl_ciphersuite_from_id(
+ ssl->session_negotiate->ciphersuite ) ) == NULL ||
+ ( cipher = cipher_info_from_type( suite->cipher ) ) == NULL ||
+ cipher->mode != POLARSSL_MODE_CBC )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+static void ssl_write_extended_ms_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+
+ if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+ ssl->minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ *olen = 0;
+ return;
+ }
+
+ SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
+ "extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 0x00;
+
+ *olen = 4;
+}
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
static void ssl_write_session_ticket_ext( ssl_context *ssl,
unsigned char *buf,
@@ -1644,16 +1947,29 @@
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
- *p++ = 0x00;
- *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
- *p++ = ssl->verify_data_len * 2 & 0xFF;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ *p++ = 0x00;
+ *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+ *p++ = ssl->verify_data_len * 2 & 0xFF;
- memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
- p += ssl->verify_data_len;
- memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
- p += ssl->verify_data_len;
+ memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
+ memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
- *olen = 5 + ssl->verify_data_len * 2;
+ *olen = 5 + ssl->verify_data_len * 2;
+ }
+ else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+ {
+ *p++ = 0x00;
+ *p++ = 0x01;
+ *p++ = 0x00;
+
+ *olen = 5;
+ }
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
@@ -1812,7 +2128,9 @@
* If not, try looking up session ID in our cache.
*/
if( ssl->handshake->resume == 0 &&
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+#endif
ssl->session_negotiate->length != 0 &&
ssl->f_get_cache != NULL &&
ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
@@ -1905,6 +2223,16 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -2558,6 +2886,9 @@
int ret;
size_t len = pk_get_len( ssl_own_key( ssl ) );
unsigned char *pms = ssl->handshake->premaster + pms_offset;
+ unsigned char fake_pms[48], peer_pms[48];
+ unsigned char mask;
+ size_t i, diff, peer_pmslen;
if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
{
@@ -2587,31 +2918,46 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
+ /*
+ * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
+ * must not cause the connection to end immediately; instead, send a
+ * bad_record_mac later in the handshake.
+ * Also, avoid data-dependant branches here to protect against
+ * timing-based variants.
+ */
+ ret = ssl->f_rng( ssl->p_rng, fake_pms, sizeof( fake_pms ) );
+ if( ret != 0 )
+ return( ret );
+
ret = pk_decrypt( ssl_own_key( ssl ), p, len,
- pms, &ssl->handshake->pmslen,
- sizeof( ssl->handshake->premaster ) - pms_offset,
+ peer_pms, &peer_pmslen,
+ sizeof( peer_pms ),
ssl->f_rng, ssl->p_rng );
- if( ret != 0 || ssl->handshake->pmslen != 48 ||
- pms[0] != ssl->handshake->max_major_ver ||
- pms[1] != ssl->handshake->max_minor_ver )
- {
+ diff = (size_t) ret;
+ diff |= peer_pmslen ^ 48;
+ diff |= peer_pms[0] ^ ssl->handshake->max_major_ver;
+ diff |= peer_pms[1] ^ ssl->handshake->max_minor_ver;
+
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ if( diff != 0 )
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+#endif
- /*
- * Protection against Bleichenbacher's attack:
- * invalid PKCS#1 v1.5 padding must not cause
- * the connection to end immediately; instead,
- * send a bad_record_mac later in the handshake.
- */
- ssl->handshake->pmslen = 48;
-
- ret = ssl->f_rng( ssl->p_rng, pms, ssl->handshake->pmslen );
- if( ret != 0 )
- return( ret );
+ if( sizeof( ssl->handshake->premaster ) < pms_offset ||
+ sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
+ ssl->handshake->pmslen = 48;
- return( ret );
+ mask = ( diff | - diff ) >> ( sizeof( size_t ) * 8 - 1 );
+ mask = (unsigned char)( - ( ret != 0 ) ); /* mask = diff ? 0xff : 0x00 */
+ for( i = 0; i < ssl->handshake->pmslen; i++ )
+ pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
+
+ return( 0 );
}
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f080de..f079adc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1,12 +1,9 @@
/*
* SSLv3/TLSv1 shared functions
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -42,6 +39,8 @@
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
+#include <string.h>
+
#if defined(POLARSSL_X509_CRT_PARSE_C) && \
defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
#include "polarssl/oid.h"
@@ -50,12 +49,11 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
-#include <stdlib.h>
-
#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
!defined(EFI32)
#define strcasecmp _stricmp
@@ -95,7 +93,7 @@
{
int ret;
- dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
+ dst->peer_cert = polarssl_malloc( sizeof(x509_crt) );
if( dst->peer_cert == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -114,7 +112,7 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( src->ticket != NULL )
{
- dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len );
+ dst->ticket = polarssl_malloc( src->ticket_len );
if( dst->ticket == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -470,10 +468,47 @@
SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
handshake->pmslen );
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
+ {
+ unsigned char session_hash[48];
+ size_t hash_len;
+
+ SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
+
+ ssl->handshake->calc_verify( ssl, session_hash );
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+#if defined(POLARSSL_SHA512_C)
+ if( ssl->transform_negotiate->ciphersuite_info->mac ==
+ POLARSSL_MD_SHA384 )
+ {
+ hash_len = 48;
+ }
+ else
+#endif
+ hash_len = 32;
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ hash_len = 36;
+
+ SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
+
+ handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ "extended master secret",
+ session_hash, hash_len, session->master, 48 );
+
+ }
+ else
+#endif
handshake->tls_prf( handshake->premaster, handshake->pmslen,
"master secret",
handshake->randbytes, 64, session->master, 48 );
+
polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
}
else
@@ -564,12 +599,23 @@
{
/*
* GenericBlockCipher:
- * first multiple of blocklen greater than maclen
- * + IV except for SSL3 and TLS 1.0
+ * 1. if EtM is in use: one block plus MAC
+ * otherwise: * first multiple of blocklen greater than maclen
+ * 2. IV except for SSL3 and TLS 1.0
*/
- transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ if( session->encrypt_then_mac == SSL_ETM_ENABLED )
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size;
+ }
+ else
+#endif
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size
+ - transform->maclen % cipher_info->block_size;
+ }
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
if( ssl->minor_ver == SSL_MINOR_VERSION_0 ||
@@ -599,6 +645,7 @@
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
{
key1 = keyblk + transform->maclen * 2;
@@ -617,6 +664,9 @@
iv_copy_len );
}
else
+#endif /* POLARSSL_SSL_CLI_C */
+#if defined(POLARSSL_SSL_SRV_C)
+ if( ssl->endpoint == SSL_IS_SERVER )
{
key1 = keyblk + transform->maclen * 2 + transform->keylen;
key2 = keyblk + transform->maclen * 2;
@@ -633,6 +683,12 @@
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
iv_copy_len );
}
+ else
+#endif /* POLARSSL_SSL_SRV_C */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
#if defined(POLARSSL_SSL_PROTO_SSL3)
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@@ -1023,25 +1079,44 @@
}
#endif /* POLARSSL_SSL_PROTO_SSL3 */
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
+ ( defined(POLARSSL_CIPHER_MODE_CBC) && \
+ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
+#define POLARSSL_SOME_MODES_USE_MAC
+#endif
+
/*
* Encryption/decryption functions
*/
static int ssl_encrypt_buf( ssl_context *ssl )
{
size_t i;
- const cipher_mode_t mode = cipher_get_cipher_mode(
- &ssl->transform_out->cipher_ctx_enc );
+ cipher_mode_t mode;
+ int auth_done = 0;
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+ if( ssl->session_out == NULL || ssl->transform_out == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ mode = cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
+
+ SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
/*
- * Add MAC before encrypt, except for AEAD modes
+ * Add MAC before if needed
*/
-#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
- ( defined(POLARSSL_CIPHER_MODE_CBC) && \
- ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
- if( mode != POLARSSL_MODE_GCM &&
- mode != POLARSSL_MODE_CCM )
+#if defined(POLARSSL_SOME_MODES_USE_MAC)
+ if( mode == POLARSSL_MODE_STREAM ||
+ ( mode == POLARSSL_MODE_CBC
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ && ssl->session_out->encrypt_then_mac == SSL_ETM_DISABLED
+#endif
+ ) )
{
#if defined(POLARSSL_SSL_PROTO_SSL3)
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@@ -1076,6 +1151,7 @@
ssl->transform_out->maclen );
ssl->out_msglen += ssl->transform_out->maclen;
+ auth_done++;
}
#endif /* AEAD not the only option */
@@ -1092,9 +1168,6 @@
"including %d bytes of padding",
ssl->out_msglen, 0 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen,
@@ -1137,6 +1210,7 @@
/*
* Generate IV
*/
+#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
ret = ssl->f_rng( ssl->p_rng,
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
@@ -1146,6 +1220,18 @@
memcpy( ssl->out_iv,
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+#else
+ if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
+ {
+ /* Reminder if we ever add an AEAD mode with a different size */
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+ ssl->out_ctr, 8 );
+ memcpy( ssl->out_iv, ssl->out_ctr, 8 );
+#endif
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
@@ -1162,9 +1248,6 @@
"including %d bytes of padding",
ssl->out_msglen, 0 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
/*
* Encrypt and authenticate
*/
@@ -1187,6 +1270,7 @@
}
ssl->out_msglen += taglen;
+ auth_done++;
SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
}
@@ -1245,9 +1329,6 @@
ssl->out_msglen, ssl->transform_out->ivlen,
padlen + 1 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_iv, ssl->out_msglen );
-
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen,
@@ -1275,6 +1356,40 @@
ssl->transform_out->ivlen );
}
#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ if( auth_done == 0 )
+ {
+ /*
+ * MAC(MAC_write_key, seq_num +
+ * TLSCipherText.type +
+ * TLSCipherText.version +
+ * length_of( (IV +) ENC(...) ) +
+ * IV + // except for TLS 1.0
+ * ENC(content + padding + padding_length));
+ */
+ unsigned char pseudo_hdr[13];
+
+ SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+
+ memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
+ memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
+ pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
+ pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF );
+
+ SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+
+ md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
+ md_hmac_update( &ssl->transform_out->md_ctx_enc,
+ ssl->out_iv, ssl->out_msglen );
+ md_hmac_finish( &ssl->transform_out->md_ctx_enc,
+ ssl->out_iv + ssl->out_msglen );
+ md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+
+ ssl->out_msglen += ssl->transform_out->maclen;
+ auth_done++;
+ }
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
}
else
#endif /* POLARSSL_CIPHER_MODE_CBC &&
@@ -1284,6 +1399,13 @@
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
+ /* Make extra sure authentication was performed, exactly once */
+ if( auth_done != 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
for( i = 8; i > 0; i-- )
if( ++ssl->out_ctr[i - 1] != 0 )
break;
@@ -1305,16 +1427,22 @@
static int ssl_decrypt_buf( ssl_context *ssl )
{
size_t i;
- const cipher_mode_t mode = cipher_get_cipher_mode(
- &ssl->transform_in->cipher_ctx_dec );
-#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
- ( defined(POLARSSL_CIPHER_MODE_CBC) && \
- ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
+ cipher_mode_t mode;
+ int auth_done = 0;
+#if defined(POLARSSL_SOME_MODES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
+ if( ssl->session_in == NULL || ssl->transform_in == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ mode = cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
+
if( ssl->in_msglen < ssl->transform_in->minlen )
{
SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
@@ -1362,7 +1490,7 @@
unsigned char explicit_iv_len = ssl->transform_in->ivlen -
ssl->transform_in->fixed_ivlen;
- if( ssl->in_msglen < explicit_iv_len + taglen )
+ if( ssl->in_msglen < (size_t) explicit_iv_len + taglen )
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
"+ taglen (%d)", ssl->in_msglen,
@@ -1411,6 +1539,7 @@
return( ret );
}
+ auth_done++;
if( olen != dec_msglen )
{
@@ -1437,13 +1566,6 @@
/*
* Check immediate ciphertext sanity
*/
- if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
- ssl->in_msglen, ssl->transform_in->ivlen ) );
- return( POLARSSL_ERR_SSL_INVALID_MAC );
- }
-
#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
minlen += ssl->transform_in->ivlen;
@@ -1463,6 +1585,59 @@
dec_msg = ssl->in_msg;
dec_msg_result = ssl->in_msg;
+ /*
+ * Authenticate before decrypt if enabled
+ */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ if( ssl->session_in->encrypt_then_mac == SSL_ETM_ENABLED )
+ {
+ unsigned char computed_mac[POLARSSL_SSL_MAX_MAC_SIZE];
+ unsigned char pseudo_hdr[13];
+
+ SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+
+ dec_msglen -= ssl->transform_in->maclen;
+ ssl->in_msglen -= ssl->transform_in->maclen;
+
+ memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
+ memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
+ pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
+ pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF );
+
+ SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+
+ md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
+ md_hmac_update( &ssl->transform_in->md_ctx_dec,
+ ssl->in_iv, ssl->in_msglen );
+ md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac );
+ md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+
+ SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen,
+ ssl->transform_in->maclen );
+ SSL_DEBUG_BUF( 4, "computed mac", computed_mac,
+ ssl->transform_in->maclen );
+
+ if( safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac,
+ ssl->transform_in->maclen ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+ auth_done++;
+ }
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+
+ /*
+ * Check length sanity
+ */
+ if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
+ ssl->in_msglen, ssl->transform_in->ivlen ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
/*
* Initialize for prepended IV for block cipher in TLS v1.1 and up
@@ -1507,7 +1682,8 @@
padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
- if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
+ if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
+ auth_done == 0 )
{
#if defined(POLARSSL_SSL_DEBUG_ALL)
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
@@ -1581,6 +1757,8 @@
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
+
+ ssl->in_msglen -= padlen;
}
else
#endif /* POLARSSL_CIPHER_MODE_CBC &&
@@ -1594,17 +1772,15 @@
ssl->in_msg, ssl->in_msglen );
/*
- * Always compute the MAC (RFC4346, CBCTIME), except for AEAD of course
+ * Authenticate if not done yet.
+ * Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
*/
-#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
- ( defined(POLARSSL_CIPHER_MODE_CBC) && \
- ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
- if( mode != POLARSSL_MODE_GCM &&
- mode != POLARSSL_MODE_CCM )
+#if defined(POLARSSL_SOME_MODES_USE_MAC)
+ if( auth_done == 0 )
{
unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
- ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
+ ssl->in_msglen -= ssl->transform_in->maclen;
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
@@ -1649,7 +1825,8 @@
ssl->in_msglen );
md_hmac_finish( &ssl->transform_in->md_ctx_dec,
ssl->in_msg + ssl->in_msglen );
- for( j = 0; j < extra_run; j++ )
+ /* Call md_process at least once due to cache attacks */
+ for( j = 0; j < extra_run + 1; j++ )
md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
md_hmac_reset( &ssl->transform_in->md_ctx_dec );
@@ -1674,6 +1851,7 @@
#endif
correct = 0;
}
+ auth_done++;
/*
* Finally check the correct flag
@@ -1681,7 +1859,14 @@
if( correct == 0 )
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
-#endif /* AEAD not the only option */
+#endif /* POLARSSL_SOME_MODES_USE_MAC */
+
+ /* Make extra sure authentication was performed, exactly once */
+ if( auth_done != 1 )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
if( ssl->in_msglen == 0 )
{
@@ -1717,6 +1902,10 @@
return( 0 );
}
+#undef MAC_NONE
+#undef MAC_PLAINTEXT
+#undef MAC_CIPHERTEXT
+
#if defined(POLARSSL_ZLIB_SUPPORT)
/*
* Compression/decompression functions
@@ -2349,6 +2538,7 @@
return( 0 );
}
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
{
if( ssl->client_auth == 0 )
@@ -2376,7 +2566,9 @@
}
#endif /* POLARSSL_SSL_PROTO_SSL3 */
}
- else /* SSL_IS_SERVER */
+#endif /* POLARSSL_SSL_CLI_C */
+#if defined(POLARSSL_SSL_SRV_C)
+ if( ssl->endpoint == SSL_IS_SERVER )
{
if( ssl_own_cert( ssl ) == NULL )
{
@@ -2384,6 +2576,7 @@
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
}
}
+#endif
SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
@@ -2459,6 +2652,7 @@
return( 0 );
}
+#if defined(POLARSSL_SSL_SRV_C)
if( ssl->endpoint == SSL_IS_SERVER &&
( ssl->authmode == SSL_VERIFY_NONE ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) )
@@ -2468,6 +2662,7 @@
ssl->state++;
return( 0 );
}
+#endif
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
@@ -2477,6 +2672,7 @@
ssl->state++;
+#if defined(POLARSSL_SSL_SRV_C)
#if defined(POLARSSL_SSL_PROTO_SSL3)
/*
* Check if the client sent an empty certificate
@@ -2521,6 +2717,7 @@
}
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
POLARSSL_SSL_PROTO_TLS1_2 */
+#endif /* POLARSSL_SSL_SRV_C */
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
@@ -2552,7 +2749,7 @@
polarssl_free( ssl->session_negotiate->peer_cert );
}
- if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc(
+ if( ( ssl->session_negotiate->peer_cert = polarssl_malloc(
sizeof( x509_crt ) ) ) == NULL )
{
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
@@ -2599,6 +2796,7 @@
* On client, make sure the server cert doesn't change during renego to
* avoid "triple handshake" attack: https://secure-resumption.com/
*/
+#if defined(POLARSSL_SSL_RENEGOTIATION) && defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT &&
ssl->renegotiation == SSL_RENEGOTIATION )
{
@@ -2618,6 +2816,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
}
+#endif /* POLARSSL_SSL_RENEGOTIATION && POLARSSL_SSL_CLI_C */
if( ssl->authmode != SSL_VERIFY_NONE )
{
@@ -2661,7 +2860,8 @@
if( ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
ciphersuite_info,
- ! ssl->endpoint ) != 0 )
+ ! ssl->endpoint,
+ &ssl->session_negotiate->verify_result ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
if( ret == 0 )
@@ -3060,11 +3260,13 @@
polarssl_free( ssl->handshake );
ssl->handshake = NULL;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
ssl->renegotiation = SSL_RENEGOTIATION_DONE;
ssl->renego_records_seen = 0;
}
+#endif
/*
* Switch in our now active transform context
@@ -3079,6 +3281,12 @@
if( ssl->session )
{
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ /* RFC 7366 3.1: keep the EtM state */
+ ssl->session_negotiate->encrypt_then_mac =
+ ssl->session->encrypt_then_mac;
+#endif
+
ssl_session_free( ssl->session );
polarssl_free( ssl->session );
}
@@ -3123,8 +3331,10 @@
// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->verify_data_len = hash_len;
memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+#endif
ssl->out_msglen = 4 + hash_len;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
@@ -3136,10 +3346,14 @@
*/
if( ssl->handshake->resume != 0 )
{
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
ssl->state = SSL_HANDSHAKE_WRAPUP;
- else
+#endif
+#if defined(POLARSSL_SSL_SRV_C)
+ if( ssl->endpoint == SSL_IS_SERVER )
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
+#endif
}
else
ssl->state++;
@@ -3244,16 +3458,21 @@
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->verify_data_len = hash_len;
memcpy( ssl->peer_verify_data, buf, hash_len );
+#endif
if( ssl->handshake->resume != 0 )
{
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
-
+#endif
+#if defined(POLARSSL_SSL_SRV_C)
if( ssl->endpoint == SSL_IS_SERVER )
ssl->state = SSL_HANDSHAKE_WRAPUP;
+#endif
}
else
ssl->state++;
@@ -3328,20 +3547,17 @@
*/
if( ssl->transform_negotiate == NULL )
{
- ssl->transform_negotiate =
- (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
+ ssl->transform_negotiate = polarssl_malloc( sizeof(ssl_transform) );
}
if( ssl->session_negotiate == NULL )
{
- ssl->session_negotiate =
- (ssl_session *) polarssl_malloc( sizeof(ssl_session) );
+ ssl->session_negotiate = polarssl_malloc( sizeof(ssl_session) );
}
if( ssl->handshake == NULL )
{
- ssl->handshake = (ssl_handshake_params *)
- polarssl_malloc( sizeof(ssl_handshake_params) );
+ ssl->handshake = polarssl_malloc( sizeof(ssl_handshake_params) );
}
/* All pointers should exist and can be directly freed without issue */
@@ -3394,7 +3610,11 @@
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renego_max_records = SSL_RENEGO_MAX_RECORDS_DEFAULT;
+ memset( ssl->renego_period, 0xFF, 7 );
+ ssl->renego_period[7] = 0x00;
+#endif
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
@@ -3410,23 +3630,8 @@
/*
* Prepare base structures
*/
- ssl->in_ctr = (unsigned char *) polarssl_malloc( len );
- ssl->in_hdr = ssl->in_ctr + 8;
- ssl->in_iv = ssl->in_ctr + 13;
- ssl->in_msg = ssl->in_ctr + 13;
-
- if( ssl->in_ctr == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- }
-
- ssl->out_ctr = (unsigned char *) polarssl_malloc( len );
- ssl->out_hdr = ssl->out_ctr + 8;
- ssl->out_iv = ssl->out_ctr + 13;
- ssl->out_msg = ssl->out_ctr + 13;
-
- if( ssl->out_ctr == NULL )
+ if( ( ssl->in_ctr = polarssl_malloc( len ) ) == NULL ||
+ ( ssl->out_ctr = polarssl_malloc( len ) ) == NULL )
{
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
polarssl_free( ssl->in_ctr );
@@ -3437,6 +3642,22 @@
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+ ssl->in_hdr = ssl->in_ctr + 8;
+ ssl->in_iv = ssl->in_ctr + 13;
+ ssl->in_msg = ssl->in_ctr + 13;
+
+ ssl->out_hdr = ssl->out_ctr + 8;
+ ssl->out_iv = ssl->out_ctr + 13;
+ ssl->out_msg = ssl->out_ctr + 13;
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ ssl->encrypt_then_mac = SSL_ETM_ENABLED;
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ ssl->extended_ms = SSL_EXTENDED_MS_ENABLED;
+#endif
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
#endif
@@ -3460,12 +3681,16 @@
int ret;
ssl->state = SSL_HELLO_REQUEST;
+
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
- ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
+ ssl->renego_records_seen = 0;
ssl->verify_data_len = 0;
- memset( ssl->own_verify_data, 0, 36 );
- memset( ssl->peer_verify_data, 0, 36 );
+ memset( ssl->own_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN );
+ memset( ssl->peer_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN );
+#endif
+ ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;
ssl->in_offt = NULL;
@@ -3482,12 +3707,14 @@
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ if( ssl->split_done != SSL_CBC_RECORD_SPLITTING_DISABLED )
+ ssl->split_done = 0;
+#endif
ssl->transform_in = NULL;
ssl->transform_out = NULL;
- ssl->renego_records_seen = 0;
-
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
@@ -3548,7 +3775,7 @@
if( ssl->ticket_keys != NULL )
return( 0 );
- tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) );
+ tkeys = polarssl_malloc( sizeof(ssl_ticket_keys) );
if( tkeys == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -3591,10 +3818,16 @@
{
ssl->endpoint = endpoint;
-#if defined(POLARSSL_SSL_SESSION_TICKETS)
+#if defined(POLARSSL_SSL_SESSION_TICKETS) && \
+ defined(POLARSSL_SSL_CLI_C)
if( endpoint == SSL_IS_CLIENT )
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
#endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ if( endpoint == SSL_IS_SERVER )
+ ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+#endif
}
void ssl_set_authmode( ssl_context *ssl, int authmode )
@@ -3638,6 +3871,7 @@
ssl->p_send = p_send;
}
+#if defined(POLARSSL_SSL_SRV_C)
void ssl_set_session_cache( ssl_context *ssl,
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
@@ -3647,7 +3881,9 @@
ssl->f_set_cache = f_set_cache;
ssl->p_set_cache = p_set_cache;
}
+#endif /* POLARSSL_SSL_SRV_C */
+#if defined(POLARSSL_SSL_CLI_C)
int ssl_set_session( ssl_context *ssl, const ssl_session *session )
{
int ret;
@@ -3667,6 +3903,7 @@
return( 0 );
}
+#endif /* POLARSSL_SSL_CLI_C */
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
{
@@ -3695,7 +3932,7 @@
{
ssl_key_cert *key_cert, *last;
- key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) );
+ key_cert = polarssl_malloc( sizeof(ssl_key_cert) );
if( key_cert == NULL )
return( NULL );
@@ -3741,6 +3978,7 @@
return( 0 );
}
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
#if defined(POLARSSL_RSA_C)
int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
rsa_context *rsa_key )
@@ -3751,7 +3989,7 @@
if( key_cert == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
+ key_cert->key = polarssl_malloc( sizeof(pk_context) );
if( key_cert->key == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -3783,7 +4021,7 @@
if( key_cert == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
- key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) );
+ key_cert->key = polarssl_malloc( sizeof(pk_context) );
if( key_cert->key == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -3798,6 +4036,7 @@
return( 0 );
}
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -3810,22 +4049,23 @@
if( psk_len > POLARSSL_PSK_MAX_LEN )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- if( ssl->psk != NULL )
+ if( ssl->psk != NULL || ssl->psk_identity != NULL )
{
polarssl_free( ssl->psk );
polarssl_free( ssl->psk_identity );
}
+ if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||
+ ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL )
+ {
+ polarssl_free( ssl->psk );
+ ssl->psk = NULL;
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ }
+
ssl->psk_len = psk_len;
ssl->psk_identity_len = psk_identity_len;
- ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len );
- ssl->psk_identity = (unsigned char *)
- polarssl_malloc( ssl->psk_identity_len );
-
- if( ssl->psk == NULL || ssl->psk_identity == NULL )
- return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-
memcpy( ssl->psk, psk, ssl->psk_len );
memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
@@ -3903,7 +4143,7 @@
if( ssl->hostname_len + 1 == 0 )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
+ ssl->hostname = polarssl_malloc( ssl->hostname_len + 1 );
if( ssl->hostname == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
@@ -3977,6 +4217,32 @@
}
}
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+void ssl_set_fallback( ssl_context *ssl, char fallback )
+{
+ ssl->fallback = fallback;
+}
+#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm )
+{
+ ssl->encrypt_then_mac = etm;
+}
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+void ssl_set_extended_master_secret( ssl_context *ssl, char ems )
+{
+ ssl->extended_ms = ems;
+}
+#endif
+
+void ssl_set_arc4_support( ssl_context *ssl, char arc4 )
+{
+ ssl->arc4_disabled = arc4;
+}
+
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
{
@@ -3995,37 +4261,54 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
- if( ssl->endpoint != SSL_IS_CLIENT )
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
ssl->trunc_hmac = truncate;
return( 0 );
}
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
-void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+void ssl_set_cbc_record_splitting( ssl_context *ssl, char split )
{
- ssl->disable_renegotiation = renegotiation;
+ ssl->split_done = split;
}
+#endif
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy )
{
ssl->allow_legacy_renegotiation = allow_legacy;
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
+{
+ ssl->disable_renegotiation = renegotiation;
+}
+
void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records )
{
ssl->renego_max_records = max_records;
}
+void ssl_set_renegotiation_period( ssl_context *ssl,
+ const unsigned char period[8] )
+{
+ memcpy( ssl->renego_period, period, 8 );
+}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
{
ssl->session_tickets = use_tickets;
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
return( 0 );
+#endif
+
+ if( use_tickets == SSL_SESSION_TICKETS_DISABLED )
+ return( 0 );
if( ssl->f_rng == NULL )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
@@ -4049,7 +4332,13 @@
int ssl_get_verify_result( const ssl_context *ssl )
{
- return( ssl->session->verify_result );
+ if( ssl->session != NULL )
+ return( ssl->session->verify_result );
+
+ if( ssl->session_negotiate != NULL )
+ return( ssl->session_negotiate->verify_result );
+
+ return( -1 );
}
const char *ssl_get_ciphersuite( const ssl_context *ssl )
@@ -4092,6 +4381,7 @@
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
+#if defined(POLARSSL_SSL_CLI_C)
int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
{
if( ssl == NULL ||
@@ -4104,6 +4394,7 @@
return( ssl_session_copy( dst, ssl->session ) );
}
+#endif /* POLARSSL_SSL_CLI_C */
/*
* Perform a single step of the SSL handshake
@@ -4116,7 +4407,6 @@
if( ssl->endpoint == SSL_IS_CLIENT )
ret = ssl_handshake_client_step( ssl );
#endif
-
#if defined(POLARSSL_SSL_SRV_C)
if( ssl->endpoint == SSL_IS_SERVER )
ret = ssl_handshake_server_step( ssl );
@@ -4147,6 +4437,7 @@
return( ret );
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
#if defined(POLARSSL_SSL_SRV_C)
/*
* Write HelloRequest to request renegotiation on server
@@ -4260,6 +4551,30 @@
}
/*
+ * Check record counters and renegotiate if they're above the limit.
+ */
+static int ssl_check_ctr_renegotiate( ssl_context *ssl )
+{
+ if( ssl->state != SSL_HANDSHAKE_OVER ||
+ ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
+ ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
+ {
+ return( 0 );
+ }
+
+ // TODO: adapt for DTLS
+ if( memcmp( ssl->in_ctr, ssl->renego_period, 8 ) <= 0 &&
+ memcmp( ssl->out_ctr, ssl->renego_period, 8 ) <= 0 )
+ {
+ return( 0 );
+ }
+
+ SSL_DEBUG_MSG( 0, ( "record counter limit reached: renegotiate" ) );
+ return( ssl_renegotiate( ssl ) );
+}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+
+/*
* Receive application data decrypted from the SSL layer
*/
int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
@@ -4269,6 +4584,14 @@
SSL_DEBUG_MSG( 2, ( "=> read" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
+ return( ret );
+ }
+#endif
+
if( ssl->state != SSL_HANDSHAKE_OVER )
{
ret = ssl_handshake( ssl );
@@ -4313,10 +4636,12 @@
}
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT &&
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
ssl->in_hslen != 4 ) )
@@ -4324,6 +4649,7 @@
SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
+#endif
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
@@ -4393,6 +4719,7 @@
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/* Fatal and closure alerts handled by ssl_read_record() */
if( ssl->in_msgtype == SSL_MSG_ALERT )
@@ -4429,25 +4756,16 @@
}
/*
- * Send application data to be encrypted by the SSL layer
+ * Send application data to be encrypted by the SSL layer,
+ * taking care of max fragment length and buffer size
*/
-int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
+static int ssl_write_real( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
{
int ret;
size_t n;
unsigned int max_len = SSL_MAX_CONTENT_LEN;
- SSL_DEBUG_MSG( 2, ( "=> write" ) );
-
- if( ssl->state != SSL_HANDSHAKE_OVER )
- {
- if( ( ret = ssl_handshake( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_handshake", ret );
- return( ret );
- }
- }
-
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/*
* Assume mfl_code is correct since it was checked when set
@@ -4487,9 +4805,81 @@
}
}
+ return( (int) n );
+}
+
+/*
+ * Write application data, doing 1/n-1 splitting if necessary.
+ *
+ * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
+ * then the caller will call us again with the same arguments, so
+ * remember wether we already did the split or not.
+ */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+static int ssl_write_split( ssl_context *ssl,
+ const unsigned char *buf, size_t len )
+{
+ int ret;
+
+ if( ssl->split_done == SSL_CBC_RECORD_SPLITTING_DISABLED ||
+ len <= 1 ||
+ ssl->minor_ver > SSL_MINOR_VERSION_1 ||
+ cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
+ != POLARSSL_MODE_CBC )
+ {
+ return( ssl_write_real( ssl, buf, len ) );
+ }
+
+ if( ssl->split_done == 0 )
+ {
+ if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
+ return( ret );
+ ssl->split_done = 1;
+ }
+
+ if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
+ return( ret );
+ ssl->split_done = 0;
+
+ return( ret + 1 );
+}
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+
+/*
+ * Write application data (public-facing wrapper)
+ */
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> write" ) );
+
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
+ return( ret );
+ }
+#endif
+
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ {
+ if( ( ret = ssl_handshake( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_handshake", ret );
+ return( ret );
+ }
+ }
+
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ ret = ssl_write_split( ssl, buf, len );
+#else
+ ret = ssl_write_real( ssl, buf, len );
+#endif
+
SSL_DEBUG_MSG( 2, ( "<= write" ) );
- return( (int) n );
+ return( ret );
}
/*
@@ -4811,8 +5201,10 @@
#if defined(POLARSSL_X509_CRT_PARSE_C)
int ssl_check_cert_usage( const x509_crt *cert,
const ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint )
+ int cert_endpoint,
+ int *flags )
{
+ int ret = 0;
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
int usage = 0;
#endif
@@ -4825,6 +5217,7 @@
!defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
((void) cert);
((void) cert_endpoint);
+ ((void) flags);
#endif
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
@@ -4864,7 +5257,10 @@
}
if( x509_crt_check_key_usage( cert, usage ) != 0 )
- return( -1 );
+ {
+ *flags |= BADCERT_KEY_USAGE;
+ ret = -1;
+ }
#else
((void) ciphersuite);
#endif /* POLARSSL_X509_CHECK_KEY_USAGE */
@@ -4882,10 +5278,13 @@
}
if( x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
- return( -1 );
+ {
+ *flags |= BADCERT_EXT_KEY_USAGE;
+ ret = -1;
+ }
#endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE */
- return( 0 );
+ return( ret );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
diff --git a/library/threading.c b/library/threading.c
index 522c70f..fa745af 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -1,12 +1,9 @@
/*
* Threading abstraction layer
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/library/timing.c b/library/timing.c
index b387bd8..5d58f52 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -1,12 +1,9 @@
/*
* Portable interface to the CPU cycle counter
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -80,8 +77,10 @@
#endif /* !POLARSSL_HAVE_HARDCLOCK && POLARSSL_HAVE_ASM &&
( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
+/* some versions of mingw-64 have 32-bit longs even on x84_64 */
#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
- defined(__GNUC__) && defined(__i386__)
+ defined(__GNUC__) && ( defined(__i386__) || ( \
+ ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
#define POLARSSL_HAVE_HARDCLOCK
@@ -252,9 +251,13 @@
return( delta );
}
-DWORD WINAPI TimerProc( LPVOID uElapse )
+/* It's OK to use a global because alarm() is supposed to be global anyway */
+static DWORD alarmMs;
+
+static DWORD WINAPI TimerProc( LPVOID TimerContext )
{
- Sleep( (DWORD) uElapse );
+ ((void) TimerContext);
+ Sleep( alarmMs );
alarmed = 1;
return( TRUE );
}
@@ -264,8 +267,8 @@
DWORD ThreadId;
alarmed = 0;
- CloseHandle( CreateThread( NULL, 0, TimerProc,
- (LPVOID) ( seconds * 1000 ), 0, &ThreadId ) );
+ alarmMs = seconds * 1000;
+ CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) );
}
void m_sleep( int milliseconds )
diff --git a/library/version.c b/library/version.c
index c3c708a..2856d6c 100644
--- a/library/version.c
+++ b/library/version.c
@@ -1,12 +1,9 @@
/*
* Version information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,8 +31,6 @@
#include "polarssl/version.h"
#include <string.h>
-const char version[] = POLARSSL_VERSION_STRING;
-
unsigned int version_get_number()
{
return( POLARSSL_VERSION_NUMBER );
diff --git a/library/version_features.c b/library/version_features.c
index 1023198..b8b3a4a 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -1,12 +1,9 @@
/*
* Version feature information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,7 +37,7 @@
#define strcasecmp _stricmp
#endif
-const char *features[] = {
+static const char *features[] = {
#if defined(POLARSSL_VERSION_FEATURES)
#if defined(POLARSSL_HAVE_INT8)
"POLARSSL_HAVE_INT8",
@@ -69,12 +66,24 @@
#if defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
"POLARSSL_PLATFORM_NO_STD_FUNCTIONS",
#endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
- "POLARSSL_PLATFORM_PRINTF_ALT",
-#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_EXIT_ALT)
+ "POLARSSL_PLATFORM_EXIT_ALT",
+#endif /* POLARSSL_PLATFORM_EXIT_ALT */
#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
"POLARSSL_PLATFORM_FPRINTF_ALT",
#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
+ "POLARSSL_PLATFORM_PRINTF_ALT",
+#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
+ "POLARSSL_PLATFORM_SNPRINTF_ALT",
+#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */
+#if defined(POLARSSL_DEPRECATED_WARNING)
+ "POLARSSL_DEPRECATED_WARNING",
+#endif /* POLARSSL_DEPRECATED_WARNING */
+#if defined(POLARSSL_DEPRECATED_REMOVED)
+ "POLARSSL_DEPRECATED_REMOVED",
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#if defined(POLARSSL_TIMING_ALT)
"POLARSSL_TIMING_ALT",
#endif /* POLARSSL_TIMING_ALT */
@@ -120,6 +129,9 @@
#if defined(POLARSSL_AES_ROM_TABLES)
"POLARSSL_AES_ROM_TABLES",
#endif /* POLARSSL_AES_ROM_TABLES */
+#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
+ "POLARSSL_CAMELLIA_SMALL_MEMORY",
+#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
#if defined(POLARSSL_CIPHER_MODE_CBC)
"POLARSSL_CIPHER_MODE_CBC",
#endif /* POLARSSL_CIPHER_MODE_CBC */
@@ -273,15 +285,33 @@
#if defined(POLARSSL_SELF_TEST)
"POLARSSL_SELF_TEST",
#endif /* POLARSSL_SELF_TEST */
+#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
+ "POLARSSL_SSL_AEAD_RANDOM_IV",
+#endif /* POLARSSL_SSL_AEAD_RANDOM_IV */
#if defined(POLARSSL_SSL_ALERT_MESSAGES)
"POLARSSL_SSL_ALERT_MESSAGES",
#endif /* POLARSSL_SSL_ALERT_MESSAGES */
#if defined(POLARSSL_SSL_DEBUG_ALL)
"POLARSSL_SSL_DEBUG_ALL",
#endif /* POLARSSL_SSL_DEBUG_ALL */
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ "POLARSSL_SSL_ENCRYPT_THEN_MAC",
+#endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ "POLARSSL_SSL_EXTENDED_MASTER_SECRET",
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+ "POLARSSL_SSL_FALLBACK_SCSV",
+#endif /* POLARSSL_SSL_FALLBACK_SCSV */
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
"POLARSSL_SSL_HW_RECORD_ACCEL",
#endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ "POLARSSL_SSL_CBC_RECORD_SPLITTING",
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+#if defined(POLARSSL_SSL_DISABLE_RENEGOTIATION)
+ "POLARSSL_SSL_DISABLE_RENEGOTIATION",
+#endif /* POLARSSL_SSL_DISABLE_RENEGOTIATION */
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
"POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO",
#endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
diff --git a/library/x509.c b/library/x509.c
index 941472c..857b8a3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1,12 +1,9 @@
/*
* X.509 common functions for parsing and verification
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -44,6 +41,10 @@
#include "polarssl/x509.h"
#include "polarssl/asn1.h"
#include "polarssl/oid.h"
+
+#include <stdio.h>
+#include <string.h>
+
#if defined(POLARSSL_PEM_PARSE_C)
#include "polarssl/pem.h"
#endif
@@ -51,23 +52,20 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
-#define polarssl_malloc malloc
+#include <stdio.h>
+#include <stdlib.h>
#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
#endif
-#include <string.h>
-#include <stdlib.h>
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
-#if defined(EFIX64) || defined(EFI32)
-#include <stdio.h>
-#endif
-
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#if !defined(_WIN32)
@@ -77,6 +75,8 @@
#endif
#endif
+#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
+
/*
* CertificateSerialNumber ::= INTEGER
*/
@@ -380,7 +380,8 @@
if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
**p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
- **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
+ **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING &&
+ **p != ASN1_BIT_STRING )
return( POLARSSL_ERR_X509_INVALID_NAME +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
@@ -399,6 +400,11 @@
}
/*
+ * Name ::= CHOICE { -- only one possibility for now --
+ * rdnSequence RDNSequence }
+ *
+ * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ *
* RelativeDistinguishedName ::=
* SET OF AttributeTypeAndValue
*
@@ -410,9 +416,11 @@
*
* AttributeValue ::= ANY DEFINED BY AttributeType
*
- * We restrict RelativeDistinguishedName to be a set of 1 element. This is
- * the most common case, and our x509_name structure currently can't handle
- * more than that.
+ * The data structure is optimized for the common case where each RDN has only
+ * one element, which is represented as a list of AttributeTypeAndValue.
+ * For the general case we still use a flat list, but we mark elements of the
+ * same set so that they are "merged" together in the functions that consume
+ * this list, eg x509_dn_gets().
*/
int x509_get_name( unsigned char **p, const unsigned char *end,
x509_name *cur )
@@ -421,35 +429,64 @@
size_t set_len;
const unsigned char *end_set;
- /*
- * parse first SET, restricted to 1 element
- */
- if( ( ret = asn1_get_tag( p, end, &set_len,
- ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+ /* don't use recursion, we'd risk stack overflow if not optimized */
+ while( 1 )
+ {
+ /*
+ * parse SET
+ */
+ if( ( ret = asn1_get_tag( p, end, &set_len,
+ ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_NAME + ret );
- end_set = *p + set_len;
+ end_set = *p + set_len;
- if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
- return( ret );
+ while( 1 )
+ {
+ if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
+ return( ret );
- if( *p != end_set )
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+ if( *p == end_set )
+ break;
- /*
- * recurse until end of SEQUENCE is reached
- */
- if( *p == end )
- return( 0 );
+ /* Mark this item as being only one in a set */
+ cur->next_merged = 1;
- cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) );
+ cur->next = polarssl_malloc( sizeof( x509_name ) );
- if( cur->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
- memset( cur->next, 0, sizeof( x509_name ) );
+ memset( cur->next, 0, sizeof( x509_name ) );
- return( x509_get_name( p, end, cur->next ) );
+ cur = cur->next;
+ }
+
+ /*
+ * continue until end of SEQUENCE is reached
+ */
+ if( *p == end )
+ return( 0 );
+
+ cur->next = polarssl_malloc( sizeof( x509_name ) );
+
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
+ memset( cur->next, 0, sizeof( x509_name ) );
+
+ cur = cur->next;
+ }
+}
+
+static int x509_parse_int(unsigned char **p, unsigned n, int *res){
+ *res = 0;
+ for( ; n > 0; --n ){
+ if( ( **p < '0') || ( **p > '9' ) ) return POLARSSL_ERR_X509_INVALID_DATE;
+ *res *= 10;
+ *res += (*(*p)++ - '0');
+ }
+ return 0;
}
/*
@@ -462,7 +499,6 @@
{
int ret;
size_t len;
- char date[64];
unsigned char tag;
if( ( end - *p ) < 1 )
@@ -479,20 +515,19 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- memset( date, 0, sizeof( date ) );
- memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
- len : sizeof( date ) - 1 );
-
- if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ",
- &time->year, &time->mon, &time->day,
- &time->hour, &time->min, &time->sec ) < 5 )
+ CHECK( x509_parse_int( p, 2, &time->year ) );
+ CHECK( x509_parse_int( p, 2, &time->mon ) );
+ CHECK( x509_parse_int( p, 2, &time->day ) );
+ CHECK( x509_parse_int( p, 2, &time->hour ) );
+ CHECK( x509_parse_int( p, 2, &time->min ) );
+ if( len > 10 )
+ CHECK( x509_parse_int( p, 2, &time->sec ) );
+ if( len > 12 && *(*p)++ != 'Z' )
return( POLARSSL_ERR_X509_INVALID_DATE );
time->year += 100 * ( time->year < 50 );
time->year += 1900;
- *p += len;
-
return( 0 );
}
else if( tag == ASN1_GENERALIZED_TIME )
@@ -503,17 +538,16 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- memset( date, 0, sizeof( date ) );
- memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
- len : sizeof( date ) - 1 );
-
- if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ",
- &time->year, &time->mon, &time->day,
- &time->hour, &time->min, &time->sec ) < 5 )
+ CHECK( x509_parse_int( p, 4, &time->year ) );
+ CHECK( x509_parse_int( p, 2, &time->mon ) );
+ CHECK( x509_parse_int( p, 2, &time->day ) );
+ CHECK( x509_parse_int( p, 2, &time->hour ) );
+ CHECK( x509_parse_int( p, 2, &time->min ) );
+ if( len > 12 )
+ CHECK( x509_parse_int( p, 2, &time->sec ) );
+ if( len > 14 && *(*p)++ != 'Z' )
return( POLARSSL_ERR_X509_INVALID_DATE );
- *p += len;
-
return( 0 );
}
else
@@ -632,50 +666,6 @@
return( 0 );
}
-#if defined(POLARSSL_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- */
-int x509_load_file( const char *path, unsigned char **buf, size_t *n )
-{
- FILE *f;
- long size;
-
- if( ( f = fopen( path, "rb" ) ) == NULL )
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
-
- fseek( f, 0, SEEK_END );
- if( ( size = ftell( f ) ) == -1 )
- {
- fclose( f );
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
- }
- fseek( f, 0, SEEK_SET );
-
- *n = (size_t) size;
-
- if( *n + 1 == 0 ||
- ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
- {
- fclose( f );
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
- }
-
- if( fread( *buf, 1, *n, f ) != *n )
- {
- fclose( f );
- polarssl_free( *buf );
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
- }
-
- fclose( f );
-
- (*buf)[*n] = '\0';
-
- return( 0 );
-}
-#endif /* POLARSSL_FS_IO */
-
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#include <stdarg.h>
@@ -736,7 +726,7 @@
{
int ret;
size_t i, n;
- unsigned char c;
+ unsigned char c, merge = 0;
const x509_name *name;
const char *short_name = NULL;
char s[X509_MAX_DN_NAME_SIZE], *p;
@@ -757,16 +747,16 @@
if( name != dn )
{
- ret = snprintf( p, n, ", " );
+ ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
SAFE_SNPRINTF();
}
ret = oid_get_attr_short_name( &name->oid, &short_name );
if( ret == 0 )
- ret = snprintf( p, n, "%s=", short_name );
+ ret = polarssl_snprintf( p, n, "%s=", short_name );
else
- ret = snprintf( p, n, "\?\?=" );
+ ret = polarssl_snprintf( p, n, "\?\?=" );
SAFE_SNPRINTF();
for( i = 0; i < name->val.len; i++ )
@@ -780,8 +770,10 @@
else s[i] = c;
}
s[i] = '\0';
- ret = snprintf( p, n, "%s", s );
+ ret = polarssl_snprintf( p, n, "%s", s );
SAFE_SNPRINTF();
+
+ merge = name->next_merged;
name = name->next;
}
@@ -809,14 +801,14 @@
if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
continue;
- ret = snprintf( p, n, "%02X%s",
+ ret = polarssl_snprintf( p, n, "%02X%s",
serial->p[i], ( i < nr - 1 ) ? ":" : "" );
SAFE_SNPRINTF();
}
if( nr != serial->len )
{
- ret = snprintf( p, n, "...." );
+ ret = polarssl_snprintf( p, n, "...." );
SAFE_SNPRINTF();
}
@@ -837,9 +829,9 @@
ret = oid_get_sig_alg_desc( sig_oid, &desc );
if( ret != 0 )
- ret = snprintf( p, n, "???" );
+ ret = polarssl_snprintf( p, n, "???" );
else
- ret = snprintf( p, n, "%s", desc );
+ ret = polarssl_snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
@@ -853,7 +845,7 @@
md_info = md_info_from_type( md_alg );
mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id );
- ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
+ ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
md_info ? md_info->name : "???",
mgf_md_info ? mgf_md_info->name : "???",
pss_opts->expected_salt_len );
@@ -880,7 +872,7 @@
if( strlen( name ) + sizeof( " key size" ) > size )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
- ret = snprintf( p, n, "%s key size", name );
+ ret = polarssl_snprintf( p, n, "%s key size", name );
SAFE_SNPRINTF();
return( 0 );
@@ -889,6 +881,7 @@
/*
* Return an informational string describing the given OID
*/
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
const char *x509_oid_get_description( x509_buf *oid )
{
const char *desc = NULL;
@@ -901,12 +894,15 @@
return( desc );
}
+#endif
/* Return the x.y.z.... style numeric string for the given OID */
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
{
return oid_get_numeric_string( buf, size, oid );
}
+#endif
/*
* Return 0 if the x509_time is still valid, or 1 otherwise.
diff --git a/library/x509_create.c b/library/x509_create.c
index 747dc82..f505bab 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -1,12 +1,9 @@
/*
* X.509 base functions for creating certificates / CSRs
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -35,6 +32,8 @@
#include "polarssl/asn1write.h"
#include "polarssl/oid.h"
+#include <string.h>
+
#if defined(_MSC_VER) && !defined strncasecmp && !defined(EFIX64) && \
!defined(EFI32)
#define strncasecmp _strnicmp
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 7dd53c2..de2079f 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -1,12 +1,9 @@
/*
* X.509 Certidicate Revocation List (CRL) parsing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,6 +40,9 @@
#include "polarssl/x509_crl.h"
#include "polarssl/oid.h"
+
+#include <string.h>
+
#if defined(POLARSSL_PEM_PARSE_C)
#include "polarssl/pem.h"
#endif
@@ -50,14 +50,14 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_malloc malloc
+#include <stdlib.h>
+#include <stdio.h>
#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_snprintf snprintf
#endif
-#include <string.h>
-#include <stdlib.h>
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
#include <windows.h>
#else
#include <time.h>
@@ -243,8 +243,8 @@
if( cur_entry->next == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
+ memset( cur_entry->next, 0, sizeof( x509_crl_entry ) );
cur_entry = cur_entry->next;
- memset( cur_entry, 0, sizeof( x509_crl_entry ) );
}
}
@@ -252,25 +252,16 @@
}
/*
- * Parse one or more CRLs and add them to the chained list
+ * Parse one CRLs in DER format and append it to the chained list
*/
-int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
+int x509_crl_parse_der( x509_crl *chain,
+ const unsigned char *buf, size_t buflen )
{
int ret;
size_t len;
unsigned char *p, *end;
- x509_crl *crl;
x509_buf sig_params1, sig_params2;
-
-#if defined(POLARSSL_PEM_PARSE_C)
- size_t use_len;
- pem_context pem;
-#endif
-
- memset( &sig_params1, 0, sizeof( x509_buf ) );
- memset( &sig_params2, 0, sizeof( x509_buf ) );
-
- crl = chain;
+ x509_crl *crl = chain;
/*
* Check for valid input
@@ -278,15 +269,18 @@
if( crl == NULL || buf == NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
- while( crl->version != 0 && crl->next != NULL )
- crl = crl->next;
+ memset( &sig_params1, 0, sizeof( x509_buf ) );
+ memset( &sig_params2, 0, sizeof( x509_buf ) );
/*
* Add new CRL on the end of the chain if needed.
*/
+ while( crl->version != 0 && crl->next != NULL )
+ crl = crl->next;
+
if( crl->version != 0 && crl->next == NULL )
{
- crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
+ crl->next = polarssl_malloc( sizeof( x509_crl ) );
if( crl->next == NULL )
{
@@ -294,57 +288,22 @@
return( POLARSSL_ERR_X509_MALLOC_FAILED );
}
+ x509_crl_init( crl->next );
crl = crl->next;
- x509_crl_init( crl );
}
-#if defined(POLARSSL_PEM_PARSE_C)
- pem_init( &pem );
- ret = pem_read_buffer( &pem,
- "-----BEGIN X509 CRL-----",
- "-----END X509 CRL-----",
- buf, NULL, 0, &use_len );
+ /*
+ * Copy raw DER-encoded CRL
+ */
+ if( ( p = polarssl_malloc( buflen ) ) == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
- if( ret == 0 )
- {
- /*
- * Was PEM encoded
- */
- buflen -= use_len;
- buf += use_len;
-
- /*
- * Steal PEM buffer
- */
- p = pem.buf;
- pem.buf = NULL;
- len = pem.buflen;
- pem_free( &pem );
- }
- else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- pem_free( &pem );
- return( ret );
- }
- else
-#endif /* POLARSSL_PEM_PARSE_C */
- {
- /*
- * nope, copy the raw DER data
- */
- p = (unsigned char *) polarssl_malloc( len = buflen );
-
- if( p == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- memcpy( p, buf, buflen );
-
- buflen = 0;
- }
+ memcpy( p, buf, buflen );
crl->raw.p = p;
- crl->raw.len = len;
- end = p + len;
+ crl->raw.len = buflen;
+
+ end = p + buflen;
/*
* CertificateList ::= SEQUENCE {
@@ -503,7 +462,8 @@
if( crl->sig_oid1.len != crl->sig_oid2.len ||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
sig_params1.len != sig_params2.len ||
- memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+ ( sig_params1.len != 0 &&
+ memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -522,25 +482,64 @@
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
- if( buflen > 0 )
- {
- crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
-
- if( crl->next == NULL )
- {
- x509_crl_free( crl );
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
- }
-
- crl = crl->next;
- x509_crl_init( crl );
-
- return( x509_crl_parse( crl, buf, buflen ) );
- }
-
return( 0 );
}
+/*
+ * Parse one or more CRLs and add them to the chained list
+ */
+int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
+{
+#if defined(POLARSSL_PEM_PARSE_C)
+ int ret;
+ size_t use_len;
+ pem_context pem;
+ int is_pem = 0;
+
+ if( chain == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+ do
+ {
+ pem_init( &pem );
+ ret = pem_read_buffer( &pem,
+ "-----BEGIN X509 CRL-----",
+ "-----END X509 CRL-----",
+ buf, NULL, 0, &use_len );
+
+ if( ret == 0 )
+ {
+ /*
+ * Was PEM encoded
+ */
+ is_pem = 1;
+
+ buflen -= use_len;
+ buf += use_len;
+
+ if( ( ret = x509_crl_parse_der( chain,
+ pem.buf, pem.buflen ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ pem_free( &pem );
+ }
+ else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ pem_free( &pem );
+ return( ret );
+ }
+ }
+ while( is_pem && buflen > 0 );
+
+ if( is_pem )
+ return( 0 );
+ else
+#endif /* POLARSSL_PEM_PARSE_C */
+ return( x509_crl_parse_der( chain, buf, buflen ) );
+}
+
#if defined(POLARSSL_FS_IO)
/*
* Load one or more CRLs and add them to the chained list
@@ -551,7 +550,7 @@
size_t n;
unsigned char *buf;
- if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = x509_crl_parse( chain, buf, n );
@@ -634,23 +633,23 @@
p = buf;
n = size;
- ret = snprintf( p, n, "%sCRL version : %d",
+ ret = polarssl_snprintf( p, n, "%sCRL version : %d",
prefix, crl->version );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%sissuer name : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%sissuer name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &crl->issuer );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%sthis update : " \
+ ret = polarssl_snprintf( p, n, "\n%sthis update : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crl->this_update.year, crl->this_update.mon,
crl->this_update.day, crl->this_update.hour,
crl->this_update.min, crl->this_update.sec );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%snext update : " \
+ ret = polarssl_snprintf( p, n, "\n%snext update : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crl->next_update.year, crl->next_update.mon,
crl->next_update.day, crl->next_update.hour,
@@ -659,20 +658,20 @@
entry = &crl->entry;
- ret = snprintf( p, n, "\n%sRevoked certificates:",
+ ret = polarssl_snprintf( p, n, "\n%sRevoked certificates:",
prefix );
SAFE_SNPRINTF();
while( entry != NULL && entry->raw.len != 0 )
{
- ret = snprintf( p, n, "\n%sserial number: ",
+ ret = polarssl_snprintf( p, n, "\n%sserial number: ",
prefix );
SAFE_SNPRINTF();
ret = x509_serial_gets( p, n, &entry->serial );
SAFE_SNPRINTF();
- ret = snprintf( p, n, " revocation date: " \
+ ret = polarssl_snprintf( p, n, " revocation date: " \
"%04d-%02d-%02d %02d:%02d:%02d",
entry->revocation_date.year, entry->revocation_date.mon,
entry->revocation_date.day, entry->revocation_date.hour,
@@ -682,14 +681,14 @@
entry = entry->next;
}
- ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
crl->sig_opts );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n" );
+ ret = polarssl_snprintf( p, n, "\n" );
SAFE_SNPRINTF();
return( (int) ( size - n ) );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 88d7f04..fe9e552 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1,12 +1,9 @@
/*
* X.509 certificate parsing and verification
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,6 +40,10 @@
#include "polarssl/x509_crt.h"
#include "polarssl/oid.h"
+
+#include <stdio.h>
+#include <string.h>
+
#if defined(POLARSSL_PEM_PARSE_C)
#include "polarssl/pem.h"
#endif
@@ -50,33 +51,29 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_malloc malloc
+#include <stdlib.h>
#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_snprintf snprintf
#endif
#if defined(POLARSSL_THREADING_C)
#include "polarssl/threading.h"
#endif
-#include <string.h>
-#include <stdlib.h>
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
#else
#include <time.h>
#endif
-#if defined(EFIX64) || defined(EFI32)
-#include <stdio.h>
-#endif
-
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
-#endif
+#endif /* !_WIN32 || EFIX64 || EFI32 */
#endif
/* Implementation that should never be optimized out by the compiler */
@@ -313,7 +310,7 @@
* nameAssigner [0] DirectoryString OPTIONAL,
* partyName [1] DirectoryString }
*
- * NOTE: PolarSSL only parses and uses dNSName at this point.
+ * NOTE: we only parse and use dNSName at this point.
*/
static int x509_get_subject_alt_name( unsigned char **p,
const unsigned char *end,
@@ -359,8 +356,10 @@
/* Allocate and assign next pointer */
if( cur->buf.p != NULL )
{
- cur->next = (asn1_sequence *) polarssl_malloc(
- sizeof( asn1_sequence ) );
+ if( cur->next != NULL )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
+
+ cur->next = polarssl_malloc( sizeof( asn1_sequence ) );
if( cur->next == NULL )
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
@@ -478,6 +477,10 @@
continue;
}
+ /* Forbid repeated extensions */
+ if( ( crt->ext_types & ext_type ) != 0 )
+ return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
+
crt->ext_types |= ext_type;
switch( ext_type )
@@ -549,7 +552,7 @@
if( crt == NULL || buf == NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
- p = (unsigned char *) polarssl_malloc( len = buflen );
+ p = polarssl_malloc( len = buflen );
if( p == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
@@ -757,7 +760,8 @@
if( crt->sig_oid1.len != crt->sig_oid2.len ||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
sig_params1.len != sig_params2.len ||
- memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+ ( sig_params1.len != 0 &&
+ memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
{
x509_crt_free( crt );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -806,14 +810,14 @@
*/
if( crt->version != 0 && crt->next == NULL )
{
- crt->next = (x509_crt *) polarssl_malloc( sizeof( x509_crt ) );
+ crt->next = polarssl_malloc( sizeof( x509_crt ) );
if( crt->next == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
prev = crt;
+ x509_crt_init( crt->next );
crt = crt->next;
- x509_crt_init( crt );
}
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
@@ -946,7 +950,7 @@
size_t n;
unsigned char *buf;
- if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = x509_crt_parse( chain, buf, n );
@@ -986,6 +990,8 @@
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
MAX_PATH - 3 );
+ if( w_ret == 0 )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
hFind = FindFirstFileW( szDir, &file_data );
if( hFind == INVALID_HANDLE_VALUE )
@@ -1003,6 +1009,8 @@
lstrlenW( file_data.cFileName ),
p, len - 1,
NULL, NULL );
+ if( w_ret == 0 )
+ return( POLARSSL_ERR_X509_FILE_IO_ERROR );
w_ret = x509_crt_parse_file( chain, filename );
if( w_ret < 0 )
@@ -1033,7 +1041,7 @@
while( ( entry = readdir( dir ) ) != NULL )
{
- snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
+ polarssl_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
if( stat( entry_name, &sb ) == -1 )
{
@@ -1159,7 +1167,7 @@
#define PRINT_ITEM(i) \
{ \
- ret = snprintf( p, n, "%s" i, sep ); \
+ ret = polarssl_snprintf( p, n, "%s" i, sep ); \
SAFE_SNPRINTF(); \
sep = ", "; \
}
@@ -1232,7 +1240,7 @@
if( oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
desc = "???";
- ret = snprintf( p, n, "%s%s", sep, desc );
+ ret = polarssl_snprintf( p, n, "%s%s", sep, desc );
SAFE_SNPRINTF();
sep = ", ";
@@ -1262,41 +1270,41 @@
p = buf;
n = size;
- ret = snprintf( p, n, "%scert. version : %d\n",
+ ret = polarssl_snprintf( p, n, "%scert. version : %d\n",
prefix, crt->version );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "%sserial number : ",
+ ret = polarssl_snprintf( p, n, "%sserial number : ",
prefix );
SAFE_SNPRINTF();
ret = x509_serial_gets( p, n, &crt->serial );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%sissuer name : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%sissuer name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &crt->issuer );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%ssubject name : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &crt->subject );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%sissued on : " \
+ ret = polarssl_snprintf( p, n, "\n%sissued on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_from.year, crt->valid_from.mon,
crt->valid_from.day, crt->valid_from.hour,
crt->valid_from.min, crt->valid_from.sec );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%sexpires on : " \
+ ret = polarssl_snprintf( p, n, "\n%sexpires on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_to.year, crt->valid_to.mon,
crt->valid_to.day, crt->valid_to.hour,
crt->valid_to.min, crt->valid_to.sec );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk,
@@ -1310,7 +1318,7 @@
return( ret );
}
- ret = snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
+ ret = polarssl_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
(int) pk_get_size( &crt->pk ) );
SAFE_SNPRINTF();
@@ -1320,20 +1328,20 @@
if( crt->ext_types & EXT_BASIC_CONSTRAINTS )
{
- ret = snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
+ ret = polarssl_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
crt->ca_istrue ? "true" : "false" );
SAFE_SNPRINTF();
if( crt->max_pathlen > 0 )
{
- ret = snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
+ ret = polarssl_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
SAFE_SNPRINTF();
}
}
if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
{
- ret = snprintf( p, n, "\n%ssubject alt name : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssubject alt name : ", prefix );
SAFE_SNPRINTF();
if( ( ret = x509_info_subject_alt_name( &p, &n,
@@ -1343,7 +1351,7 @@
if( crt->ext_types & EXT_NS_CERT_TYPE )
{
- ret = snprintf( p, n, "\n%scert. type : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%scert. type : ", prefix );
SAFE_SNPRINTF();
if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
@@ -1352,7 +1360,7 @@
if( crt->ext_types & EXT_KEY_USAGE )
{
- ret = snprintf( p, n, "\n%skey usage : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%skey usage : ", prefix );
SAFE_SNPRINTF();
if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
@@ -1361,7 +1369,7 @@
if( crt->ext_types & EXT_EXTENDED_KEY_USAGE )
{
- ret = snprintf( p, n, "\n%sext key usage : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%sext key usage : ", prefix );
SAFE_SNPRINTF();
if( ( ret = x509_info_ext_key_usage( &p, &n,
@@ -1369,12 +1377,63 @@
return( ret );
}
- ret = snprintf( p, n, "\n" );
+ ret = polarssl_snprintf( p, n, "\n" );
SAFE_SNPRINTF();
return( (int) ( size - n ) );
}
+struct x509_crt_verify_string {
+ int code;
+ const char *string;
+};
+
+static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
+ { BADCERT_EXPIRED, "The certificate validity has expired" },
+ { BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
+ { BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
+ { BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
+ { BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
+ { BADCRL_EXPIRED, "The CRL is expired" },
+ { BADCERT_MISSING, "Certificate was missing" },
+ { BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
+ { BADCERT_OTHER, "Other reason (can be used by verify callback)" },
+ { BADCERT_FUTURE, "The certificate validity starts in the future" },
+ { BADCRL_FUTURE, "The CRL is from the future" },
+ { BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
+ { BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
+ { BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
+ { 0, NULL }
+};
+
+int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+ int flags )
+{
+ int ret;
+ const struct x509_crt_verify_string *cur;
+ char *p = buf;
+ size_t n = size;
+
+ for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
+ {
+ if( ( flags & cur->code ) == 0 )
+ continue;
+
+ ret = polarssl_snprintf( p, n, "%s%s\n", prefix, cur->string );
+ SAFE_SNPRINTF();
+ flags ^= cur->code;
+ }
+
+ if( flags != 0 )
+ {
+ ret = polarssl_snprintf( p, n, "%sUnknown reason "
+ "(this should not happen)\n", prefix );
+ SAFE_SNPRINTF();
+ }
+
+ return( (int) ( size - n ) );
+}
+
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
int x509_crt_check_key_usage( const x509_crt *crt, int usage )
{
@@ -1629,25 +1688,34 @@
*/
static int x509_name_cmp( const x509_name *a, const x509_name *b )
{
- if( a == NULL && b == NULL )
- return( 0 );
-
- if( a == NULL || b == NULL )
- return( -1 );
-
- /* type */
- if( a->oid.tag != b->oid.tag ||
- a->oid.len != b->oid.len ||
- memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
+ /* Avoid recursion, it might not be optimised by the compiler */
+ while( a != NULL || b != NULL )
{
- return( -1 );
+ if( a == NULL || b == NULL )
+ return( -1 );
+
+ /* type */
+ if( a->oid.tag != b->oid.tag ||
+ a->oid.len != b->oid.len ||
+ memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
+ {
+ return( -1 );
+ }
+
+ /* value */
+ if( x509_string_cmp( &a->val, &b->val ) != 0 )
+ return( -1 );
+
+ /* structure of the list of sets */
+ if( a->next_merged != b->next_merged )
+ return( -1 );
+
+ a = a->next;
+ b = b->next;
}
- /* value */
- if( x509_string_cmp( &a->val, &b->val ) != 0 )
- return( -1 );
-
- return( x509_name_cmp( a->next, b->next ) );
+ /* a == NULL == b */
+ return( 0 );
}
/*
@@ -1822,6 +1890,13 @@
x509_crt *grandparent;
const md_info_t *md_info;
+ /* path_cnt is 0 for the first intermediate CA */
+ if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
+ {
+ *flags |= BADCERT_NOT_TRUSTED;
+ return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
+ }
+
if( x509_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 0b4f771..558b078 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -1,12 +1,9 @@
/*
* X.509 Certificate Signing Request (CSR) parsing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,6 +40,9 @@
#include "polarssl/x509_csr.h"
#include "polarssl/oid.h"
+
+#include <string.h>
+
#if defined(POLARSSL_PEM_PARSE_C)
#include "polarssl/pem.h"
#endif
@@ -50,12 +50,12 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_malloc malloc
-#define polarssl_free free
-#endif
-
-#include <string.h>
#include <stdlib.h>
+#include <stdio.h>
+#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_snprintf snprintf
+#endif
#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
#include <stdio.h>
@@ -113,7 +113,7 @@
/*
* first copy the raw DER data
*/
- p = (unsigned char *) polarssl_malloc( len = buflen );
+ p = polarssl_malloc( len = buflen );
if( p == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
@@ -310,7 +310,7 @@
size_t n;
unsigned char *buf;
- if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
+ if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = x509_csr_parse( csr, buf, n );
@@ -390,16 +390,16 @@
p = buf;
n = size;
- ret = snprintf( p, n, "%sCSR version : %d",
+ ret = polarssl_snprintf( p, n, "%sCSR version : %d",
prefix, csr->version );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%ssubject name : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
ret = x509_dn_gets( p, n, &csr->subject );
SAFE_SNPRINTF();
- ret = snprintf( p, n, "\n%ssigned using : ", prefix );
+ ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
@@ -412,7 +412,7 @@
return( ret );
}
- ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+ ret = polarssl_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
(int) pk_get_size( &csr->pk ) );
SAFE_SNPRINTF();
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index e298c24..80913ec 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -1,12 +1,9 @@
/*
* X.509 certificate writing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -42,6 +39,8 @@
#include "polarssl/asn1write.h"
#include "polarssl/sha1.h"
+#include <string.h>
+
#if defined(POLARSSL_PEM_WRITE_C)
#include "polarssl/pem.h"
#endif /* POLARSSL_PEM_WRITE_C */
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 53ae9c6..c5a5875 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -1,12 +1,9 @@
/*
* X.509 Certificate Signing Request writing
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,13 +37,13 @@
#include "polarssl/oid.h"
#include "polarssl/asn1write.h"
+#include <string.h>
+#include <stdlib.h>
+
#if defined(POLARSSL_PEM_WRITE_C)
#include "polarssl/pem.h"
#endif
-#include <string.h>
-#include <stdlib.h>
-
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
diff --git a/library/xtea.c b/library/xtea.c
index 75215c5..0558b93 100644
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -1,12 +1,9 @@
/*
* An 32-bit implementation of the XTEA algorithm
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,11 +30,16 @@
#include "polarssl/xtea.h"
+#include <string.h>
+
+#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
-#endif
+#endif /* POLARSSL_PLATFORM_C */
+#endif /* POLARSSL_SELF_TEST */
#if !defined(POLARSSL_XTEA_ALT)
@@ -193,9 +195,6 @@
#if defined(POLARSSL_SELF_TEST)
-#include <string.h>
-#include <stdio.h>
-
/*
* XTEA tests vectors (non-official)
*/
diff --git a/programs/.gitignore b/programs/.gitignore
index a47ef06..80d7559 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -1,4 +1,7 @@
*/Makefile
+*.sln
+*.vcxproj
+
aes/aescrypt2
aes/crypt_and_hash
hash/generic_sum
@@ -35,6 +38,7 @@
ssl/ssl_pthread_server
ssl/ssl_server
ssl/ssl_server2
+ssl/mini_client
test/benchmark
test/ecp-bench
test/o_p_test
diff --git a/programs/Makefile b/programs/Makefile
index 9238ae8..3f6a933 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -1,49 +1,64 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
-# To compile on MinGW: add "-lws2_32" to LDFLAGS or define WINDOWS in your env
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
-CFLAGS += -I../include -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement
-OFLAGS = -O2
-LDFLAGS += -L../library -lpolarssl $(SYS_LDFLAGS)
+CFLAGS ?= -O2
+WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+LDFLAGS ?=
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS = -L../library -lmbedtls$(SHARED_SUFFIX)
ifdef DEBUG
-CFLAGS += -g3
+LOCAL_CFLAGS += -g3
endif
+#
+# if we running on Windows build
+# for Windows
+#
ifdef WINDOWS
-LDFLAGS += -lws2_32
+WINDOWS_BUILD=1
+endif
+
+ifdef WINDOWS_BUILD
+DLEXT=dll
+EXEXT=.exe
+LOCAL_LDFLAGS += -lws2_32
+ifdef SHARED
+SHARED_SUFFIX=.$(DLEXT)
+endif
endif
# Zlib shared library extensions:
ifdef ZLIB
-LDFLAGS += -lz
+LOCAL_LDFLAGS += -lz
endif
-APPS = aes/aescrypt2 aes/crypt_and_hash \
- hash/hello hash/generic_sum \
- hash/md5sum hash/sha1sum \
- hash/sha2sum pkey/dh_client \
- pkey/dh_genprime pkey/dh_server \
- pkey/gen_key \
- pkey/key_app pkey/key_app_writer \
- pkey/mpi_demo pkey/pk_decrypt \
- pkey/pk_encrypt pkey/pk_sign \
- pkey/pk_verify pkey/rsa_genkey \
- pkey/rsa_decrypt pkey/rsa_encrypt \
- pkey/rsa_sign pkey/rsa_verify \
- pkey/rsa_sign_pss pkey/rsa_verify_pss \
- ssl/ssl_client1 ssl/ssl_client2 \
- ssl/ssl_server ssl/ssl_server2 \
- ssl/ssl_fork_server \
- ssl/ssl_mail_client random/gen_entropy \
- random/gen_random_havege \
- random/gen_random_ctr_drbg \
- test/ssl_cert_test test/benchmark \
- test/selftest test/ssl_test \
- util/pem2der util/strerror \
- x509/cert_app x509/crl_app \
- x509/cert_req
+APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
+ hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
+ hash/md5sum$(EXEXT) hash/sha1sum$(EXEXT) \
+ hash/sha2sum$(EXEXT) pkey/dh_client$(EXEXT) \
+ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
+ pkey/gen_key$(EXEXT) \
+ pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \
+ pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \
+ pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \
+ pkey/pk_verify$(EXEXT) pkey/rsa_genkey$(EXEXT) \
+ pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \
+ pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \
+ pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \
+ ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \
+ ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \
+ ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \
+ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
+ random/gen_random_havege$(EXEXT) \
+ random/gen_random_ctr_drbg$(EXEXT) \
+ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
+ test/selftest$(EXEXT) test/ssl_test$(EXEXT) \
+ util/pem2der$(EXEXT) util/strerror$(EXEXT) \
+ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
+ x509/cert_req$(EXEXT)
ifdef OPENSSL
APPS += test/o_p_test
@@ -57,189 +72,193 @@
all: $(APPS)
-aes/aescrypt2: aes/aescrypt2.c ../library/libpolarssl.a
+aes/aescrypt2$(EXEXT): aes/aescrypt2.c ../library/libmbedtls.a
echo " CC aes/aescrypt2.c"
- $(CC) $(CFLAGS) $(OFLAGS) aes/aescrypt2.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-aes/crypt_and_hash: aes/crypt_and_hash.c ../library/libpolarssl.a
+aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c ../library/libmbedtls.a
echo " CC aes/crypt_and_hash.c"
- $(CC) $(CFLAGS) $(OFLAGS) aes/crypt_and_hash.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/hello: hash/hello.c ../library/libpolarssl.a
+hash/hello$(EXEXT): hash/hello.c ../library/libmbedtls.a
echo " CC hash/hello.c"
- $(CC) $(CFLAGS) $(OFLAGS) hash/hello.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/generic_sum: hash/generic_sum.c ../library/libpolarssl.a
+hash/generic_sum$(EXEXT): hash/generic_sum.c ../library/libmbedtls.a
echo " CC hash/generic_sum.c"
- $(CC) $(CFLAGS) $(OFLAGS) hash/generic_sum.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/md5sum: hash/md5sum.c ../library/libpolarssl.a
+hash/md5sum$(EXEXT): hash/md5sum.c ../library/libmbedtls.a
echo " CC hash/md5sum.c"
- $(CC) $(CFLAGS) $(OFLAGS) hash/md5sum.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md5sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/sha1sum: hash/sha1sum.c ../library/libpolarssl.a
+hash/sha1sum$(EXEXT): hash/sha1sum.c ../library/libmbedtls.a
echo " CC hash/sha1sum.c"
- $(CC) $(CFLAGS) $(OFLAGS) hash/sha1sum.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/sha1sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-hash/sha2sum: hash/sha2sum.c ../library/libpolarssl.a
+hash/sha2sum$(EXEXT): hash/sha2sum.c ../library/libmbedtls.a
echo " CC hash/sha2sum.c"
- $(CC) $(CFLAGS) $(OFLAGS) hash/sha2sum.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/sha2sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/dh_client: pkey/dh_client.c ../library/libpolarssl.a
+pkey/dh_client$(EXEXT): pkey/dh_client.c ../library/libmbedtls.a
echo " CC pkey/dh_client.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_client.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/dh_genprime: pkey/dh_genprime.c ../library/libpolarssl.a
+pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c ../library/libmbedtls.a
echo " CC pkey/dh_genprime.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_genprime.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/dh_server: pkey/dh_server.c ../library/libpolarssl.a
+pkey/dh_server$(EXEXT): pkey/dh_server.c ../library/libmbedtls.a
echo " CC pkey/dh_server.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_server.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/ecdsa: pkey/ecdsa.c ../library/libpolarssl.a
+pkey/ecdsa$(EXEXT): pkey/ecdsa.c ../library/libmbedtls.a
echo " CC pkey/ecdsa.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/ecdsa.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/gen_key: pkey/gen_key.c ../library/libpolarssl.a
+pkey/gen_key$(EXEXT): pkey/gen_key.c ../library/libmbedtls.a
echo " CC pkey/gen_key.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/gen_key.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/key_app: pkey/key_app.c ../library/libpolarssl.a
+pkey/key_app$(EXEXT): pkey/key_app.c ../library/libmbedtls.a
echo " CC pkey/key_app.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/key_app.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/key_app_writer: pkey/key_app_writer.c ../library/libpolarssl.a
+pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c ../library/libmbedtls.a
echo " CC pkey/key_app_writer.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/key_app_writer.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/mpi_demo: pkey/mpi_demo.c ../library/libpolarssl.a
+pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c ../library/libmbedtls.a
echo " CC pkey/mpi_demo.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/mpi_demo.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/pk_decrypt: pkey/pk_decrypt.c ../library/libpolarssl.a
+pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c ../library/libmbedtls.a
echo " CC pkey/pk_decrypt.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_decrypt.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/pk_encrypt: pkey/pk_encrypt.c ../library/libpolarssl.a
+pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c ../library/libmbedtls.a
echo " CC pkey/pk_encrypt.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_encrypt.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/pk_sign: pkey/pk_sign.c ../library/libpolarssl.a
+pkey/pk_sign$(EXEXT): pkey/pk_sign.c ../library/libmbedtls.a
echo " CC pkey/pk_sign.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_sign.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/pk_verify: pkey/pk_verify.c ../library/libpolarssl.a
+pkey/pk_verify$(EXEXT): pkey/pk_verify.c ../library/libmbedtls.a
echo " CC pkey/pk_verify.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/pk_verify.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_genkey: pkey/rsa_genkey.c ../library/libpolarssl.a
+pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c ../library/libmbedtls.a
echo " CC pkey/rsa_genkey.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_genkey.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_sign: pkey/rsa_sign.c ../library/libpolarssl.a
+pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c ../library/libmbedtls.a
echo " CC pkey/rsa_sign.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_sign.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_verify: pkey/rsa_verify.c ../library/libpolarssl.a
+pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c ../library/libmbedtls.a
echo " CC pkey/rsa_verify.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_verify.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_sign_pss: pkey/rsa_sign_pss.c ../library/libpolarssl.a
+pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c ../library/libmbedtls.a
echo " CC pkey/rsa_sign_pss.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_sign_pss.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_verify_pss: pkey/rsa_verify_pss.c ../library/libpolarssl.a
+pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c ../library/libmbedtls.a
echo " CC pkey/rsa_verify_pss.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_verify_pss.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_decrypt: pkey/rsa_decrypt.c ../library/libpolarssl.a
+pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c ../library/libmbedtls.a
echo " CC pkey/rsa_decrypt.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_decrypt.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-pkey/rsa_encrypt: pkey/rsa_encrypt.c ../library/libpolarssl.a
+pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c ../library/libmbedtls.a
echo " CC pkey/rsa_encrypt.c"
- $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_encrypt.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-random/gen_entropy: random/gen_entropy.c ../library/libpolarssl.a
+random/gen_entropy$(EXEXT): random/gen_entropy.c ../library/libmbedtls.a
echo " CC random/gen_entropy.c"
- $(CC) $(CFLAGS) $(OFLAGS) random/gen_entropy.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-random/gen_random_havege: random/gen_random_havege.c ../library/libpolarssl.a
+random/gen_random_havege$(EXEXT): random/gen_random_havege.c ../library/libmbedtls.a
echo " CC random/gen_random_havege.c"
- $(CC) $(CFLAGS) $(OFLAGS) random/gen_random_havege.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_havege.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-random/gen_random_ctr_drbg: random/gen_random_ctr_drbg.c ../library/libpolarssl.a
+random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c ../library/libmbedtls.a
echo " CC random/gen_random_ctr_drbg.c"
- $(CC) $(CFLAGS) $(OFLAGS) random/gen_random_ctr_drbg.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_client1: ssl/ssl_client1.c ../library/libpolarssl.a
+ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c ../library/libmbedtls.a
echo " CC ssl/ssl_client1.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client1.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_client2: ssl/ssl_client2.c ../library/libpolarssl.a
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c ../library/libmbedtls.a
echo " CC ssl/ssl_client2.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client2.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_server: ssl/ssl_server.c ../library/libpolarssl.a
+ssl/ssl_server$(EXEXT): ssl/ssl_server.c ../library/libmbedtls.a
echo " CC ssl/ssl_server.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_server.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_server2: ssl/ssl_server2.c ../library/libpolarssl.a
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c ../library/libmbedtls.a
echo " CC ssl/ssl_server2.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_server2.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_fork_server: ssl/ssl_fork_server.c ../library/libpolarssl.a
+ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c ../library/libmbedtls.a
echo " CC ssl/ssl_fork_server.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_fork_server.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_pthread_server: ssl/ssl_pthread_server.c ../library/libpolarssl.a
+ssl/ssl_pthread_server$(EXEXT): ssl/ssl_pthread_server.c ../library/libmbedtls.a
echo " CC ssl/ssl_pthread_server.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_pthread_server.c $(LDFLAGS) -o $@ -lpthread
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_pthread_server.c $(LOCAL_LDFLAGS) -lpthread $(LDFLAGS) -o $@
-ssl/ssl_mail_client: ssl/ssl_mail_client.c ../library/libpolarssl.a
+ssl/ssl_mail_client$(EXEXT): ssl/ssl_mail_client.c ../library/libmbedtls.a
echo " CC ssl/ssl_mail_client.c"
- $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_mail_client.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_mail_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/ssl_cert_test: test/ssl_cert_test.c ../library/libpolarssl.a
+ssl/mini_client$(EXEXT): ssl/mini_client.c ../library/libmbedtls.a
+ echo " CC ssl/mini_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c ../library/libmbedtls.a
echo " CC test/ssl_cert_test.c"
- $(CC) $(CFLAGS) $(OFLAGS) test/ssl_cert_test.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/benchmark: test/benchmark.c ../library/libpolarssl.a
+test/benchmark$(EXEXT): test/benchmark.c ../library/libmbedtls.a
echo " CC test/benchmark.c"
- $(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/selftest: test/selftest.c ../library/libpolarssl.a
+test/selftest$(EXEXT): test/selftest.c ../library/libmbedtls.a
echo " CC test/selftest.c"
- $(CC) $(CFLAGS) $(OFLAGS) test/selftest.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/ssl_test: test/ssl_test.c ../library/libpolarssl.a
+test/ssl_test$(EXEXT): test/ssl_test.c ../library/libmbedtls.a
echo " CC test/ssl_test.c"
- $(CC) $(CFLAGS) $(OFLAGS) test/ssl_test.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/o_p_test: test/o_p_test.c ../library/libpolarssl.a
+test/o_p_test$(EXEXT): test/o_p_test.c ../library/libmbedtls.a
echo " CC test/o_p_test.c"
- $(CC) $(CFLAGS) $(OFLAGS) test/o_p_test.c $(LDFLAGS) -o $@ -lssl -lcrypto
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/o_p_test.c $(LOCAL_LDFLAGS) -lssl -lcrypto $(LDFLAGS) -o $@
-util/pem2der: util/pem2der.c ../library/libpolarssl.a
+util/pem2der$(EXEXT): util/pem2der.c ../library/libmbedtls.a
echo " CC util/pem2der.c"
- $(CC) $(CFLAGS) $(OFLAGS) util/pem2der.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-util/strerror: util/strerror.c ../library/libpolarssl.a
+util/strerror$(EXEXT): util/strerror.c ../library/libmbedtls.a
echo " CC util/strerror.c"
- $(CC) $(CFLAGS) $(OFLAGS) util/strerror.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/strerror.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-x509/cert_app: x509/cert_app.c ../library/libpolarssl.a
+x509/cert_app$(EXEXT): x509/cert_app.c ../library/libmbedtls.a
echo " CC x509/cert_app.c"
- $(CC) $(CFLAGS) $(OFLAGS) x509/cert_app.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-x509/crl_app: x509/crl_app.c ../library/libpolarssl.a
+x509/crl_app$(EXEXT): x509/crl_app.c ../library/libmbedtls.a
echo " CC x509/crl_app.c"
- $(CC) $(CFLAGS) $(OFLAGS) x509/crl_app.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/crl_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-x509/cert_req: x509/cert_req.c ../library/libpolarssl.a
+x509/cert_req$(EXEXT): x509/cert_req.c ../library/libmbedtls.a
echo " CC x509/cert_req.c"
- $(CC) $(CFLAGS) $(OFLAGS) x509/cert_req.c $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
clean:
ifndef WINDOWS
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 9bac94a..f5a0caa 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -1,8 +1,8 @@
add_executable(aescrypt2 aescrypt2.c)
-target_link_libraries(aescrypt2 polarssl)
+target_link_libraries(aescrypt2 mbedtls)
add_executable(crypt_and_hash crypt_and_hash.c)
-target_link_libraries(crypt_and_hash polarssl)
+target_link_libraries(crypt_and_hash mbedtls)
install(TARGETS aescrypt2 crypt_and_hash
DESTINATION "bin"
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 40b7fec..2582b96 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -1,12 +1,9 @@
/*
* AES-256 file encryption program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,6 +26,24 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_AES_C) && defined(POLARSSL_SHA256_C) && \
+ defined(POLARSSL_FS_IO)
+#include "polarssl/aes.h"
+#include "polarssl/sha256.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(_WIN32)
#include <windows.h>
#if !defined(_WIN32_WCE)
@@ -39,14 +54,6 @@
#include <unistd.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-
-#include "polarssl/aes.h"
-#include "polarssl/sha256.h"
-
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
@@ -56,12 +63,11 @@
"\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
"\n"
-#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C)
-int main( int argc, char *argv[] )
+#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \
+ !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
- printf("POLARSSL_AES_C and/or POLARSSL_SHA256_C not defined.\n");
+ polarssl_printf("POLARSSL_AES_C and/or POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -101,10 +107,10 @@
*/
if( argc != 5 )
{
- printf( USAGE );
+ polarssl_printf( USAGE );
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
@@ -112,28 +118,32 @@
}
mode = atoi( argv[1] );
+ memset(IV, 0, sizeof(IV));
+ memset(key, 0, sizeof(key));
+ memset(digest, 0, sizeof(digest));
+ memset(buffer, 0, sizeof(buffer));
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
- fprintf( stderr, "invalide operation mode\n" );
+ polarssl_fprintf( stderr, "invalide operation mode\n" );
goto exit;
}
if( strcmp( argv[2], argv[3] ) == 0 )
{
- fprintf( stderr, "input and output filenames must differ\n" );
+ polarssl_fprintf( stderr, "input and output filenames must differ\n" );
goto exit;
}
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
{
- fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+ polarssl_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
goto exit;
}
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
{
- fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+ polarssl_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
goto exit;
}
@@ -186,7 +196,7 @@
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
- fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+ polarssl_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
goto exit;
}
@@ -202,7 +212,7 @@
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
- fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+ polarssl_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
goto exit;
}
@@ -238,7 +248,7 @@
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
@@ -271,7 +281,7 @@
if( fread( buffer, 1, n, fin ) != (size_t) n )
{
- fprintf( stderr, "fread(%d bytes) failed\n", n );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", n );
goto exit;
}
@@ -283,7 +293,7 @@
if( fwrite( buffer, 1, 16, fout ) != 16 )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
@@ -297,7 +307,7 @@
if( fwrite( digest, 1, 32, fout ) != 32 )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
}
@@ -317,13 +327,13 @@
*/
if( filesize < 48 )
{
- fprintf( stderr, "File too short to be encrypted.\n" );
+ polarssl_fprintf( stderr, "File too short to be encrypted.\n" );
goto exit;
}
if( ( filesize & 0x0F ) != 0 )
{
- fprintf( stderr, "File size not a multiple of 16.\n" );
+ polarssl_fprintf( stderr, "File size not a multiple of 16.\n" );
goto exit;
}
@@ -337,7 +347,7 @@
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
- fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
@@ -370,7 +380,7 @@
{
if( fread( buffer, 1, 16, fin ) != 16 )
{
- fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
@@ -389,7 +399,7 @@
if( fwrite( buffer, 1, n, fout ) != (size_t) n )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", n );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
goto exit;
}
}
@@ -401,7 +411,7 @@
if( fread( buffer, 1, 32, fin ) != 32 )
{
- fprintf( stderr, "fread(%d bytes) failed\n", 32 );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
goto exit;
}
@@ -412,7 +422,7 @@
if( diff != 0 )
{
- fprintf( stderr, "HMAC check failed: wrong key, "
+ polarssl_fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
goto exit;
}
@@ -434,4 +444,4 @@
return( ret );
}
-#endif /* POLARSSL_AES_C && POLARSSL_SHA256_C */
+#endif /* POLARSSL_AES_C && POLARSSL_SHA256_C && POLARSSL_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index f5484d4..1f14d3f 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -2,12 +2,9 @@
* \brief Generic file encryption program using generic wrappers for configured
* security.
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,6 +27,24 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_CIPHER_C) && defined(POLARSSL_MD_C) && \
+ defined(POLARSSL_FS_IO)
+#include "polarssl/cipher.h"
+#include "polarssl/md.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(_WIN32)
#include <windows.h>
#if !defined(_WIN32_WCE)
@@ -40,14 +55,6 @@
#include <unistd.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-
-#include "polarssl/cipher.h"
-#include "polarssl/md.h"
-
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
@@ -57,13 +64,11 @@
"\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
"\n"
-#if !defined(POLARSSL_CIPHER_C) || !defined(POLARSSL_MD_C)
-int main( int argc, char *argv[] )
+#if !defined(POLARSSL_CIPHER_C) || !defined(POLARSSL_MD_C) || \
+ !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_CIPHER_C and/or POLARSSL_MD_C not defined.\n");
+ polarssl_printf("POLARSSL_CIPHER_C and/or POLARSSL_MD_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -105,28 +110,28 @@
{
const int *list;
- printf( USAGE );
+ polarssl_printf( USAGE );
- printf( "Available ciphers:\n" );
+ polarssl_printf( "Available ciphers:\n" );
list = cipher_list();
while( *list )
{
cipher_info = cipher_info_from_type( *list );
- printf( " %s\n", cipher_info->name );
+ polarssl_printf( " %s\n", cipher_info->name );
list++;
}
- printf( "\nAvailable message digests:\n" );
+ polarssl_printf( "\nAvailable message digests:\n" );
list = md_list();
while( *list )
{
md_info = md_info_from_type( *list );
- printf( " %s\n", md_info->name );
+ polarssl_printf( " %s\n", md_info->name );
list++;
}
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
@@ -137,25 +142,25 @@
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
- fprintf( stderr, "invalid operation mode\n" );
+ polarssl_fprintf( stderr, "invalid operation mode\n" );
goto exit;
}
if( strcmp( argv[2], argv[3] ) == 0 )
{
- fprintf( stderr, "input and output filenames must differ\n" );
+ polarssl_fprintf( stderr, "input and output filenames must differ\n" );
goto exit;
}
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
{
- fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+ polarssl_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
goto exit;
}
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
{
- fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+ polarssl_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
goto exit;
}
@@ -165,19 +170,19 @@
cipher_info = cipher_info_from_string( argv[4] );
if( cipher_info == NULL )
{
- fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
+ polarssl_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
goto exit;
}
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info) ) != 0 )
{
- fprintf( stderr, "cipher_init_ctx failed\n" );
+ polarssl_fprintf( stderr, "cipher_init_ctx failed\n" );
goto exit;
}
md_info = md_info_from_string( argv[5] );
if( md_info == NULL )
{
- fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
+ polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
goto exit;
}
md_init_ctx( &md_ctx, md_info);
@@ -231,7 +236,7 @@
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
- fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+ polarssl_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
goto exit;
}
@@ -247,7 +252,7 @@
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
- fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+ polarssl_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
goto exit;
}
@@ -283,7 +288,7 @@
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
@@ -308,17 +313,17 @@
if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length,
POLARSSL_ENCRYPT ) != 0 )
{
- fprintf( stderr, "cipher_setkey() returned error\n");
+ polarssl_fprintf( stderr, "cipher_setkey() returned error\n");
goto exit;
}
if( cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
- fprintf( stderr, "cipher_set_iv() returned error\n");
+ polarssl_fprintf( stderr, "cipher_set_iv() returned error\n");
goto exit;
}
if( cipher_reset( &cipher_ctx ) != 0 )
{
- fprintf( stderr, "cipher_reset() returned error\n");
+ polarssl_fprintf( stderr, "cipher_reset() returned error\n");
goto exit;
}
@@ -334,13 +339,13 @@
if( fread( buffer, 1, ilen, fin ) != ilen )
{
- fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
+ polarssl_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
goto exit;
}
if( cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
{
- fprintf( stderr, "cipher_update() returned error\n");
+ polarssl_fprintf( stderr, "cipher_update() returned error\n");
goto exit;
}
@@ -348,21 +353,21 @@
if( fwrite( output, 1, olen, fout ) != olen )
{
- fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
if( cipher_finish( &cipher_ctx, output, &olen ) != 0 )
{
- fprintf( stderr, "cipher_finish() returned error\n" );
+ polarssl_fprintf( stderr, "cipher_finish() returned error\n" );
goto exit;
}
md_hmac_update( &md_ctx, output, olen );
if( fwrite( output, 1, olen, fout ) != olen )
{
- fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
@@ -373,7 +378,7 @@
if( fwrite( digest, 1, md_get_size( md_info ), fout ) != md_get_size( md_info ) )
{
- fprintf( stderr, "fwrite(%d bytes) failed\n", md_get_size( md_info ) );
+ polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", md_get_size( md_info ) );
goto exit;
}
}
@@ -391,14 +396,14 @@
*/
if( filesize < 16 + md_get_size( md_info ) )
{
- fprintf( stderr, "File too short to be encrypted.\n" );
+ polarssl_fprintf( stderr, "File too short to be encrypted.\n" );
goto exit;
}
- if( ( ( filesize - md_get_size( md_info ) ) %
+ if( ( ( filesize - md_get_size( md_info ) ) %
cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
- fprintf( stderr, "File content not a multiple of the block size (%d).\n",
+ polarssl_fprintf( stderr, "File content not a multiple of the block size (%d).\n",
cipher_get_block_size( &cipher_ctx ));
goto exit;
}
@@ -413,7 +418,7 @@
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
- fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
@@ -440,19 +445,19 @@
if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length,
POLARSSL_DECRYPT ) != 0 )
{
- fprintf( stderr, "cipher_setkey() returned error\n" );
+ polarssl_fprintf( stderr, "cipher_setkey() returned error\n" );
goto exit;
}
if( cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
- fprintf( stderr, "cipher_set_iv() returned error\n" );
+ polarssl_fprintf( stderr, "cipher_set_iv() returned error\n" );
goto exit;
}
if( cipher_reset( &cipher_ctx ) != 0 )
{
- fprintf( stderr, "cipher_reset() returned error\n" );
+ polarssl_fprintf( stderr, "cipher_reset() returned error\n" );
goto exit;
}
@@ -466,7 +471,7 @@
if( fread( buffer, 1, cipher_get_block_size( &cipher_ctx ), fin ) !=
(size_t) cipher_get_block_size( &cipher_ctx ) )
{
- fprintf( stderr, "fread(%d bytes) failed\n",
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n",
cipher_get_block_size( &cipher_ctx ) );
goto exit;
}
@@ -476,13 +481,13 @@
cipher_get_block_size( &cipher_ctx ),
output, &olen ) != 0 )
{
- fprintf( stderr, "cipher_update() returned error\n" );
+ polarssl_fprintf( stderr, "cipher_update() returned error\n" );
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
- fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
@@ -494,7 +499,7 @@
if( fread( buffer, 1, md_get_size( md_info ), fin ) != md_get_size( md_info ) )
{
- fprintf( stderr, "fread(%d bytes) failed\n", md_get_size( md_info ) );
+ polarssl_fprintf( stderr, "fread(%d bytes) failed\n", md_get_size( md_info ) );
goto exit;
}
@@ -505,7 +510,7 @@
if( diff != 0 )
{
- fprintf( stderr, "HMAC check failed: wrong key, "
+ polarssl_fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
goto exit;
}
@@ -517,7 +522,7 @@
if( fwrite( output, 1, olen, fout ) != olen )
{
- fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
goto exit;
}
}
@@ -538,4 +543,4 @@
return( ret );
}
-#endif /* POLARSSL_CIPHER_C && POLARSSL_MD_C */
+#endif /* POLARSSL_CIPHER_C && POLARSSL_MD_C && POLARSSL_FS_IO */
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index 870b8a0..f7a7689 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -1,17 +1,17 @@
add_executable(hello hello.c)
-target_link_libraries(hello polarssl)
+target_link_libraries(hello mbedtls)
add_executable(generic_sum generic_sum.c)
-target_link_libraries(generic_sum polarssl)
+target_link_libraries(generic_sum mbedtls)
add_executable(md5sum md5sum.c)
-target_link_libraries(md5sum polarssl)
+target_link_libraries(md5sum mbedtls)
add_executable(sha1sum sha1sum.c)
-target_link_libraries(sha1sum polarssl)
+target_link_libraries(sha1sum mbedtls)
add_executable(sha2sum sha2sum.c)
-target_link_libraries(sha2sum polarssl)
+target_link_libraries(sha2sum mbedtls)
install(TARGETS hello md5sum sha1sum sha2sum generic_sum
DESTINATION "bin"
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 4d007cf..08f175d 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -1,12 +1,9 @@
/*
* generic message digest layer demonstration program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_MD_C) && defined(POLARSSL_FS_IO)
#include "polarssl/md.h"
-#if !defined(POLARSSL_MD_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_MD_C not defined.\n");
+#if !defined(POLARSSL_MD_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_MD_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -49,10 +53,10 @@
int ret = md_file( md_info, filename, sum );
if( ret == 1 )
- fprintf( stderr, "failed to open: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
- fprintf( stderr, "failed to read: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
@@ -66,9 +70,9 @@
return( 1 );
for( i = 0; i < md_info->size; i++ )
- printf( "%02x", sum[i] );
+ polarssl_printf( "%02x", sum[i] );
- printf( " %s\n", filename );
+ polarssl_printf( " %s\n", filename );
return( 0 );
}
@@ -85,7 +89,7 @@
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "failed to open: %s\n", filename );
+ polarssl_printf( "failed to open: %s\n", filename );
return( 1 );
}
@@ -102,13 +106,13 @@
if( n < (size_t) 2 * md_info->size + 4 )
{
- printf("No '%s' hash found on line.\n", md_info->name);
+ polarssl_printf("No '%s' hash found on line.\n", md_info->name);
continue;
}
if( line[2 * md_info->size] != ' ' || line[2 * md_info->size + 1] != ' ' )
{
- printf("No '%s' hash found on line.\n", md_info->name);
+ polarssl_printf("No '%s' hash found on line.\n", md_info->name);
continue;
}
@@ -136,7 +140,7 @@
if( diff != 0 )
{
nb_err2++;
- fprintf( stderr, "wrong checksum: %s\n", line + 66 );
+ polarssl_fprintf( stderr, "wrong checksum: %s\n", line + 66 );
}
n = sizeof( line );
@@ -144,13 +148,13 @@
if( nb_err1 != 0 )
{
- printf( "WARNING: %d (out of %d) input files could "
+ polarssl_printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
- printf( "WARNING: %d (out of %d) computed checksums did "
+ polarssl_printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
@@ -171,20 +175,20 @@
{
const int *list;
- printf( "print mode: generic_sum <md> <file> <file> ...\n" );
- printf( "check mode: generic_sum <md> -c <checksum file>\n" );
+ polarssl_printf( "print mode: generic_sum <md> <file> <file> ...\n" );
+ polarssl_printf( "check mode: generic_sum <md> -c <checksum file>\n" );
- printf( "\nAvailable message digests:\n" );
+ polarssl_printf( "\nAvailable message digests:\n" );
list = md_list();
while( *list )
{
md_info = md_info_from_type( *list );
- printf( " %s\n", md_info->name );
+ polarssl_printf( " %s\n", md_info->name );
list++;
}
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
@@ -197,12 +201,12 @@
md_info = md_info_from_string( argv[1] );
if( md_info == NULL )
{
- fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
+ polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
return( 1 );
}
if( md_init_ctx( &md_ctx, md_info) )
{
- fprintf( stderr, "Failed to initialize context.\n" );
+ polarssl_fprintf( stderr, "Failed to initialize context.\n" );
return( 1 );
}
@@ -221,4 +225,4 @@
return( ret );
}
-#endif /* POLARSSL_MD_C */
+#endif /* POLARSSL_MD_C && POLARSSL_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 5bcfee9..77ae7f9 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -1,12 +1,9 @@
/*
* Classic "Hello, world" demonstration program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,40 +26,41 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_MD5_C)
#include "polarssl/md5.h"
+#endif
#if !defined(POLARSSL_MD5_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_MD5_C not defined.\n");
+ polarssl_printf("POLARSSL_MD5_C not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
int i;
unsigned char digest[16];
char str[] = "Hello, world!";
- ((void) argc);
- ((void) argv);
-
- printf( "\n MD5('%s') = ", str );
+ polarssl_printf( "\n MD5('%s') = ", str );
md5( (unsigned char *) str, 13, digest );
for( i = 0; i < 16; i++ )
- printf( "%02x", digest[i] );
+ polarssl_printf( "%02x", digest[i] );
- printf( "\n\n" );
+ polarssl_printf( "\n\n" );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c
index ba7eea4..f8e32f7 100644
--- a/programs/hash/md5sum.c
+++ b/programs/hash/md5sum.c
@@ -1,12 +1,9 @@
/*
* md5sum demonstration program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_FS_IO)
#include "polarssl/md5.h"
-#if !defined(POLARSSL_MD5_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_MD5_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_MD5_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_MD5_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -49,10 +53,10 @@
int ret = md5_file( filename, sum );
if( ret == 1 )
- fprintf( stderr, "failed to open: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
- fprintf( stderr, "failed to read: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
@@ -66,9 +70,9 @@
return( 1 );
for( i = 0; i < 16; i++ )
- printf( "%02x", sum[i] );
+ polarssl_printf( "%02x", sum[i] );
- printf( " %s\n", filename );
+ polarssl_printf( " %s\n", filename );
return( 0 );
}
@@ -85,7 +89,7 @@
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "failed to open: %s\n", filename );
+ polarssl_printf( "failed to open: %s\n", filename );
return( 1 );
}
@@ -130,7 +134,7 @@
if( diff != 0 )
{
nb_err2++;
- fprintf( stderr, "wrong checksum: %s\n", line + 34 );
+ polarssl_fprintf( stderr, "wrong checksum: %s\n", line + 34 );
}
n = sizeof( line );
@@ -140,13 +144,13 @@
if( nb_err1 != 0 )
{
- printf( "WARNING: %d (out of %d) input files could "
+ polarssl_printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
- printf( "WARNING: %d (out of %d) computed checksums did "
+ polarssl_printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
@@ -159,11 +163,11 @@
if( argc == 1 )
{
- printf( "print mode: md5sum <file> <file> ...\n" );
- printf( "check mode: md5sum -c <checksum file>\n" );
+ polarssl_printf( "print mode: md5sum <file> <file> ...\n" );
+ polarssl_printf( "check mode: md5sum -c <checksum file>\n" );
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c
index 3a87b51..dbdce3e 100644
--- a/programs/hash/sha1sum.c
+++ b/programs/hash/sha1sum.c
@@ -1,12 +1,9 @@
/*
* sha1sum demonstration program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_SHA1_C) && defined(POLARSSL_FS_IO)
#include "polarssl/sha1.h"
-#if !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -49,10 +53,10 @@
int ret = sha1_file( filename, sum );
if( ret == 1 )
- fprintf( stderr, "failed to open: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
- fprintf( stderr, "failed to read: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
@@ -66,9 +70,9 @@
return( 1 );
for( i = 0; i < 20; i++ )
- printf( "%02x", sum[i] );
+ polarssl_printf( "%02x", sum[i] );
- printf( " %s\n", filename );
+ polarssl_printf( " %s\n", filename );
return( 0 );
}
@@ -85,7 +89,7 @@
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "failed to open: %s\n", filename );
+ polarssl_printf( "failed to open: %s\n", filename );
return( 1 );
}
@@ -130,7 +134,7 @@
if( diff != 0 )
{
nb_err2++;
- fprintf( stderr, "wrong checksum: %s\n", line + 42 );
+ polarssl_fprintf( stderr, "wrong checksum: %s\n", line + 42 );
}
n = sizeof( line );
@@ -140,13 +144,13 @@
if( nb_err1 != 0 )
{
- printf( "WARNING: %d (out of %d) input files could "
+ polarssl_printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
- printf( "WARNING: %d (out of %d) computed checksums did "
+ polarssl_printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
@@ -159,11 +163,11 @@
if( argc == 1 )
{
- printf( "print mode: sha1sum <file> <file> ...\n" );
- printf( "check mode: sha1sum -c <checksum file>\n" );
+ polarssl_printf( "print mode: sha1sum <file> <file> ...\n" );
+ polarssl_printf( "check mode: sha1sum -c <checksum file>\n" );
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c
index 3452054..2ed92fc 100644
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c
@@ -1,12 +1,9 @@
/*
* sha256sum demonstration program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_SHA256_C) && defined(POLARSSL_FS_IO)
#include "polarssl/sha256.h"
-#if !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -49,10 +53,10 @@
int ret = sha256_file( filename, sum, 0 );
if( ret == 1 )
- fprintf( stderr, "failed to open: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
- fprintf( stderr, "failed to read: %s\n", filename );
+ polarssl_fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
@@ -66,9 +70,9 @@
return( 1 );
for( i = 0; i < 32; i++ )
- printf( "%02x", sum[i] );
+ polarssl_printf( "%02x", sum[i] );
- printf( " %s\n", filename );
+ polarssl_printf( " %s\n", filename );
return( 0 );
}
@@ -85,7 +89,7 @@
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "failed to open: %s\n", filename );
+ polarssl_printf( "failed to open: %s\n", filename );
return( 1 );
}
@@ -130,7 +134,7 @@
if( diff != 0 )
{
nb_err2++;
- fprintf( stderr, "wrong checksum: %s\n", line + 66 );
+ polarssl_fprintf( stderr, "wrong checksum: %s\n", line + 66 );
}
n = sizeof( line );
@@ -140,13 +144,13 @@
if( nb_err1 != 0 )
{
- printf( "WARNING: %d (out of %d) input files could "
+ polarssl_printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
}
if( nb_err2 != 0 )
{
- printf( "WARNING: %d (out of %d) computed checksums did "
+ polarssl_printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
}
@@ -159,11 +163,11 @@
if( argc == 1 )
{
- printf( "print mode: sha256sum <file> <file> ...\n" );
- printf( "check mode: sha256sum -c <checksum file>\n" );
+ polarssl_printf( "print mode: sha256sum <file> <file> ...\n" );
+ polarssl_printf( "check mode: sha256sum -c <checksum file>\n" );
#if defined(_WIN32)
- printf( "\n Press Enter to exit this program.\n" );
+ polarssl_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 291ff99..8dc7def 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -1,59 +1,59 @@
add_executable(dh_client dh_client.c)
-target_link_libraries(dh_client polarssl)
+target_link_libraries(dh_client mbedtls)
add_executable(dh_genprime dh_genprime.c)
-target_link_libraries(dh_genprime polarssl)
+target_link_libraries(dh_genprime mbedtls)
add_executable(dh_server dh_server.c)
-target_link_libraries(dh_server polarssl)
+target_link_libraries(dh_server mbedtls)
add_executable(ecdsa ecdsa.c)
-target_link_libraries(ecdsa polarssl)
+target_link_libraries(ecdsa mbedtls)
add_executable(gen_key gen_key.c)
-target_link_libraries(gen_key polarssl)
+target_link_libraries(gen_key mbedtls)
add_executable(key_app key_app.c)
-target_link_libraries(key_app polarssl)
+target_link_libraries(key_app mbedtls)
add_executable(key_app_writer key_app_writer.c)
-target_link_libraries(key_app_writer polarssl)
+target_link_libraries(key_app_writer mbedtls)
add_executable(mpi_demo mpi_demo.c)
-target_link_libraries(mpi_demo polarssl)
+target_link_libraries(mpi_demo mbedtls)
add_executable(rsa_genkey rsa_genkey.c)
-target_link_libraries(rsa_genkey polarssl)
+target_link_libraries(rsa_genkey mbedtls)
add_executable(rsa_sign rsa_sign.c)
-target_link_libraries(rsa_sign polarssl)
+target_link_libraries(rsa_sign mbedtls)
add_executable(rsa_verify rsa_verify.c)
-target_link_libraries(rsa_verify polarssl)
+target_link_libraries(rsa_verify mbedtls)
add_executable(rsa_sign_pss rsa_sign_pss.c)
-target_link_libraries(rsa_sign_pss polarssl)
+target_link_libraries(rsa_sign_pss mbedtls)
add_executable(rsa_verify_pss rsa_verify_pss.c)
-target_link_libraries(rsa_verify_pss polarssl)
+target_link_libraries(rsa_verify_pss mbedtls)
add_executable(rsa_encrypt rsa_encrypt.c)
-target_link_libraries(rsa_encrypt polarssl)
+target_link_libraries(rsa_encrypt mbedtls)
add_executable(rsa_decrypt rsa_decrypt.c)
-target_link_libraries(rsa_decrypt polarssl)
+target_link_libraries(rsa_decrypt mbedtls)
add_executable(pk_sign pk_sign.c)
-target_link_libraries(pk_sign polarssl)
+target_link_libraries(pk_sign mbedtls)
add_executable(pk_verify pk_verify.c)
-target_link_libraries(pk_verify polarssl)
+target_link_libraries(pk_verify mbedtls)
add_executable(pk_encrypt pk_encrypt.c)
-target_link_libraries(pk_encrypt polarssl)
+target_link_libraries(pk_encrypt mbedtls)
add_executable(pk_decrypt pk_decrypt.c)
-target_link_libraries(pk_decrypt polarssl)
+target_link_libraries(pk_decrypt mbedtls)
install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
DESTINATION "bin"
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 5315eb9..a5a137a 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -1,12 +1,9 @@
/*
* Diffie-Hellman-Merkle key exchange (client side)
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,17 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_AES_C) && defined(POLARSSL_DHM_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_SHA256_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/aes.h"
#include "polarssl/dhm.h"
@@ -40,26 +45,27 @@
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#define SERVER_NAME "localhost"
#define SERVER_PORT 11999
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
+ polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
FILE *f;
@@ -78,9 +84,6 @@
dhm_context dhm;
aes_context aes;
- ((void) argc);
- ((void) argv);
-
memset( &rsa, 0, sizeof( rsa ) );
dhm_init( &dhm );
aes_init( &aes );
@@ -88,7 +91,7 @@
/*
* 1. Setup the RNG
*/
- printf( "\n . Seeding the random number generator" );
+ polarssl_printf( "\n . Seeding the random number generator" );
fflush( stdout );
entropy_init( &entropy );
@@ -96,20 +99,20 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
/*
* 2. Read the server's public RSA key
*/
- printf( "\n . Reading public key from rsa_pub.txt" );
+ polarssl_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
@@ -119,7 +122,7 @@
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
@@ -130,35 +133,35 @@
/*
* 3. Initiate the connection
*/
- printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME,
+ polarssl_printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
- printf( " failed\n ! net_connect returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
/*
* 4a. First get the buffer length
*/
- printf( "\n . Receiving the server's DH parameters" );
+ polarssl_printf( "\n . Receiving the server's DH parameters" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 )
{
- printf( " failed\n ! net_recv returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
n = buflen = ( buf[0] << 8 ) | buf[1];
if( buflen < 1 || buflen > sizeof( buf ) )
{
- printf( " failed\n ! Got an invalid buffer length\n\n" );
+ polarssl_printf( " failed\n ! Got an invalid buffer length\n\n" );
goto exit;
}
@@ -169,7 +172,7 @@
if( ( ret = net_recv( &server_fd, buf, n ) ) != (int) n )
{
- printf( " failed\n ! net_recv returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
@@ -177,22 +180,22 @@
if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 )
{
- printf( " failed\n ! dhm_read_params returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_read_params returned %d\n\n", ret );
goto exit;
}
if( dhm.len < 64 || dhm.len > 512 )
{
ret = 1;
- printf( " failed\n ! Invalid DHM modulus size\n\n" );
+ polarssl_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
}
/*
* 5. Check that the server's RSA signature matches
- * the SHA-1 hash of (P,G,Ys)
+ * the SHA-256 hash of (P,G,Ys)
*/
- printf( "\n . Verifying the server's RSA signature" );
+ polarssl_printf( "\n . Verifying the server's RSA signature" );
fflush( stdout );
p += 2;
@@ -200,55 +203,55 @@
if( ( n = (size_t) ( end - p ) ) != rsa.len )
{
ret = 1;
- printf( " failed\n ! Invalid RSA signature size\n\n" );
+ polarssl_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
sha1( buf, (int)( p - 2 - buf ), hash );
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
- POLARSSL_MD_SHA1, 0, hash, p ) ) != 0 )
+ POLARSSL_MD_SHA256, 0, hash, p ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
}
/*
* 6. Send our public value: Yc = G ^ Xc mod P
*/
- printf( "\n . Sending own public value to server" );
+ polarssl_printf( "\n . Sending own public value to server" );
fflush( stdout );
n = dhm.len;
if( ( ret = dhm_make_public( &dhm, (int) dhm.len, buf, n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
goto exit;
}
if( ( ret = net_send( &server_fd, buf, n ) ) != (int) n )
{
- printf( " failed\n ! net_send returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
- printf( "\n . Shared secret: " );
+ polarssl_printf( "\n . Shared secret: " );
fflush( stdout );
n = dhm.len;
if( ( ret = dhm_calc_secret( &dhm, buf, &n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
}
for( n = 0; n < 16; n++ )
- printf( "%02x", buf[n] );
+ polarssl_printf( "%02x", buf[n] );
/*
* 8. Setup the AES-256 decryption key
@@ -258,7 +261,7 @@
* the keying material for the encryption/decryption keys,
* IVs and MACs.
*/
- printf( "...\n . Receiving and decrypting the ciphertext" );
+ polarssl_printf( "...\n . Receiving and decrypting the ciphertext" );
fflush( stdout );
aes_setkey_dec( &aes, buf, 256 );
@@ -267,13 +270,13 @@
if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 )
{
- printf( " failed\n ! net_recv returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf );
buf[16] = '\0';
- printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
+ polarssl_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
exit:
@@ -287,12 +290,12 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+ POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 598940e..b5f9018 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -1,12 +1,9 @@
/*
* Diffie-Hellman-Merkle key exchange (prime generation)
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,12 +26,24 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_GENPRIME)
#include "polarssl/bignum.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
/*
* Note: G = 4 is always a quadratic residue mod P,
* so it is a generator of order Q (with P = 2*Q+1).
@@ -45,18 +54,15 @@
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_GENPRIME)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_GENPRIME not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
int ret = 1;
mpi G, P, Q;
@@ -65,39 +71,36 @@
const char *pers = "dh_genprime";
FILE *fout;
- ((void) argc);
- ((void) argv);
-
mpi_init( &G ); mpi_init( &P ); mpi_init( &Q );
entropy_init( &entropy );
if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
{
- printf( " failed\n ! mpi_read_string returned %d\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_string returned %d\n", ret );
goto exit;
}
- printf( "\nWARNING: You should not generate and use your own DHM primes\n" );
- printf( " unless you are very certain of what you are doing!\n" );
- printf( " Failing to follow this instruction may result in\n" );
- printf( " weak security for your connections! Use the\n" );
- printf( " predefined DHM parameters from dhm.h instead!\n\n" );
- printf( "============================================================\n\n" );
+ polarssl_printf( "\nWARNING: You should not generate and use your own DHM primes\n" );
+ polarssl_printf( " unless you are very certain of what you are doing!\n" );
+ polarssl_printf( " Failing to follow this instruction may result in\n" );
+ polarssl_printf( " weak security for your connections! Use the\n" );
+ polarssl_printf( " predefined DHM parameters from dhm.h instead!\n\n" );
+ polarssl_printf( "============================================================\n\n" );
- printf( " ! Generating large primes may take minutes!\n" );
+ polarssl_printf( " ! Generating large primes may take minutes!\n" );
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n . Generating the modulus, please wait..." );
+ polarssl_printf( " ok\n . Generating the modulus, please wait..." );
fflush( stdout );
/*
@@ -106,49 +109,49 @@
if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
+ polarssl_printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
fflush( stdout );
if( ( ret = mpi_sub_int( &Q, &P, 1 ) ) != 0 )
{
- printf( " failed\n ! mpi_sub_int returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_sub_int returned %d\n\n", ret );
goto exit;
}
if( ( ret = mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
{
- printf( " failed\n ! mpi_div_int returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_div_int returned %d\n\n", ret );
goto exit;
}
if( ( ret = mpi_is_prime( &Q, ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! mpi_is_prime returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_is_prime returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n . Exporting the value in dh_prime.txt..." );
+ polarssl_printf( " ok\n . Exporting the value in dh_prime.txt..." );
fflush( stdout );
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create dh_prime.txt\n\n" );
+ polarssl_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
goto exit;
}
if( ( ret = mpi_write_file( "P = ", &P, 16, fout ) != 0 ) ||
( ret = mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
{
- printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n\n" );
+ polarssl_printf( " ok\n\n" );
fclose( fout );
exit:
@@ -158,7 +161,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 976da4c..0ac91a4 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -1,12 +1,9 @@
/*
* Diffie-Hellman-Merkle key exchange (server side)
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,17 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_AES_C) && defined(POLARSSL_DHM_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_SHA256_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/aes.h"
#include "polarssl/dhm.h"
@@ -40,26 +45,27 @@
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#define SERVER_PORT 11999
#define PLAINTEXT "==Hello there!=="
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
+ polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DBRG_C not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
FILE *f;
@@ -79,9 +85,6 @@
dhm_context dhm;
aes_context aes;
- ((void) argc);
- ((void) argv);
-
memset( &rsa, 0, sizeof( rsa ) );
dhm_init( &dhm );
aes_init( &aes );
@@ -89,7 +92,7 @@
/*
* 1. Setup the RNG
*/
- printf( "\n . Seeding the random number generator" );
+ polarssl_printf( "\n . Seeding the random number generator" );
fflush( stdout );
entropy_init( &entropy );
@@ -97,20 +100,20 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
/*
* 2a. Read the server's private RSA key
*/
- printf( "\n . Reading private key from rsa_priv.txt" );
+ polarssl_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
@@ -126,24 +129,24 @@
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
-
+
fclose( f );
/*
* 2b. Get the DHM modulus and generator
*/
- printf( "\n . Reading DH parameters from dh_prime.txt" );
+ polarssl_printf( "\n . Reading DH parameters from dh_prime.txt" );
fflush( stdout );
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not open dh_prime.txt\n" \
+ polarssl_printf( " failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n" );
goto exit;
}
@@ -151,7 +154,7 @@
if( mpi_read_file( &dhm.P, 16, f ) != 0 ||
mpi_read_file( &dhm.G, 16, f ) != 0 )
{
- printf( " failed\n ! Invalid DH parameter file\n\n" );
+ polarssl_printf( " failed\n ! Invalid DH parameter file\n\n" );
goto exit;
}
@@ -160,25 +163,25 @@
/*
* 3. Wait for a client to connect
*/
- printf( "\n . Waiting for a remote connection" );
+ polarssl_printf( "\n . Waiting for a remote connection" );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 )
{
- printf( " failed\n ! net_bind returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
- printf( " failed\n ! net_accept returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
/*
* 4. Setup the DH parameters (P,G,Ys)
*/
- printf( "\n . Sending the server's DH parameters" );
+ polarssl_printf( "\n . Sending the server's DH parameters" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
@@ -186,7 +189,7 @@
if( ( ret = dhm_make_params( &dhm, (int) mpi_size( &dhm.P ), buf, &n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
goto exit;
}
@@ -198,10 +201,10 @@
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
@@ -212,14 +215,14 @@
if( ( ret = net_send( &client_fd, buf2, 2 ) ) != 2 ||
( ret = net_send( &client_fd, buf, buflen ) ) != (int) buflen )
{
- printf( " failed\n ! net_send returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
/*
* 6. Get the client's public value: Yc = G ^ Xc mod P
*/
- printf( "\n . Receiving the client's public value" );
+ polarssl_printf( "\n . Receiving the client's public value" );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
@@ -227,31 +230,31 @@
if( ( ret = net_recv( &client_fd, buf, n ) ) != (int) n )
{
- printf( " failed\n ! net_recv returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_recv returned %d\n\n", ret );
goto exit;
}
if( ( ret = dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
{
- printf( " failed\n ! dhm_read_public returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_read_public returned %d\n\n", ret );
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
- printf( "\n . Shared secret: " );
+ polarssl_printf( "\n . Shared secret: " );
fflush( stdout );
if( ( ret = dhm_calc_secret( &dhm, buf, &n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
goto exit;
}
for( n = 0; n < 16; n++ )
- printf( "%02x", buf[n] );
+ polarssl_printf( "%02x", buf[n] );
/*
* 8. Setup the AES-256 encryption key
@@ -261,7 +264,7 @@
* the keying material for the encryption/decryption keys
* and MACs.
*/
- printf( "...\n . Encrypting and sending the ciphertext" );
+ polarssl_printf( "...\n . Encrypting and sending the ciphertext" );
fflush( stdout );
aes_setkey_enc( &aes, buf, 256 );
@@ -270,11 +273,11 @@
if( ( ret = net_send( &client_fd, buf, 16 ) ) != 16 )
{
- printf( " failed\n ! net_send returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_send returned %d\n\n", ret );
goto exit;
}
- printf( "\n\n" );
+ polarssl_printf( "\n\n" );
exit:
@@ -288,12 +291,12 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+ POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 67fc710..aa8eafb 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -1,12 +1,9 @@
/*
* Example ECDSA program
*
- * Copyright (C) 2013, Brainspark B.V.
+ * Copyright (C) 2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,12 +26,21 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_ECDSA_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/ecdsa.h"
#include <string.h>
-#include <stdio.h>
+#endif
/*
* Uncomment to show key and signature details
@@ -52,27 +58,23 @@
#if !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_ECDSA_C and/or "
+ polarssl_printf("POLARSSL_ECDSA_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined\n");
return( 0 );
}
#else
-
#if defined(VERBOSE)
static void dump_buf( const char *title, unsigned char *buf, size_t len )
{
size_t i;
- printf( "%s", title );
+ polarssl_printf( "%s", title );
for( i = 0; i < len; i++ )
- printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
+ polarssl_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
"0123456789ABCDEF" [buf[i] % 16] );
- printf( "\n" );
+ polarssl_printf( "\n" );
}
static void dump_pubkey( const char *title, ecdsa_context *key )
@@ -83,7 +85,7 @@
if( ecp_point_write_binary( &key->grp, &key->Q,
POLARSSL_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{
- printf("internal error\n");
+ polarssl_printf("internal error\n");
return;
}
@@ -114,10 +116,10 @@
if( argc != 1 )
{
- printf( "usage: ecdsa\n" );
+ polarssl_printf( "usage: ecdsa\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
@@ -126,7 +128,7 @@
/*
* Generate a key pair for signing
*/
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -134,28 +136,28 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n . Generating key pair..." );
+ polarssl_printf( " ok\n . Generating key pair..." );
fflush( stdout );
if( ( ret = ecdsa_genkey( &ctx_sign, ECPARAMS,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! ecdsa_genkey returned %d\n", ret );
+ polarssl_printf( " failed\n ! ecdsa_genkey returned %d\n", ret );
goto exit;
}
- printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
+ polarssl_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
dump_pubkey( " + Public key: ", &ctx_sign );
/*
* Sign some message hash
*/
- printf( " . Signing message..." );
+ polarssl_printf( " . Signing message..." );
fflush( stdout );
if( ( ret = ecdsa_write_signature( &ctx_sign,
@@ -163,10 +165,10 @@
sig, &sig_len,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! ecdsa_genkey returned %d\n", ret );
+ polarssl_printf( " failed\n ! ecdsa_genkey returned %d\n", ret );
goto exit;
}
- printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
+ polarssl_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
dump_buf( " + Hash: ", hash, sizeof hash );
dump_buf( " + Signature: ", sig, sig_len );
@@ -187,18 +189,18 @@
* chose to use a new one in order to make it clear that the verifying
* context only needs the public key (Q), and not the private key (d).
*/
- printf( " . Preparing verification context..." );
+ polarssl_printf( " . Preparing verification context..." );
fflush( stdout );
if( ( ret = ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
{
- printf( " failed\n ! ecp_group_copy returned %d\n", ret );
+ polarssl_printf( " failed\n ! ecp_group_copy returned %d\n", ret );
goto exit;
}
if( ( ret = ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
{
- printf( " failed\n ! ecp_copy returned %d\n", ret );
+ polarssl_printf( " failed\n ! ecp_copy returned %d\n", ret );
goto exit;
}
@@ -207,23 +209,23 @@
/*
* Verify signature
*/
- printf( " ok\n . Verifying signature..." );
+ polarssl_printf( " ok\n . Verifying signature..." );
fflush( stdout );
if( ( ret = ecdsa_read_signature( &ctx_verify,
hash, sizeof( hash ),
sig, sig_len ) ) != 0 )
{
- printf( " failed\n ! ecdsa_read_signature returned %d\n", ret );
+ polarssl_printf( " failed\n ! ecdsa_read_signature returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
exit:
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9a0d079..fca35e5 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -1,12 +1,9 @@
/*
* Key generation application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,14 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
-#if !defined(_WIN32) && defined(POLARSSL_FS_IO)
-#include <unistd.h>
-#endif /* !_WIN32 && POLARSSL_FS_IO */
-
+#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/error.h"
#include "polarssl/pk.h"
#include "polarssl/ecdsa.h"
@@ -45,49 +43,12 @@
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
-#if !defined(POLARSSL_PK_WRITE_C) || !defined(POLARSSL_FS_IO) || \
- !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
- printf( "POLARSSL_PK_WRITE_C and/or POLARSSL_FS_IO and/or "
- "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C "
- "not defined.\n" );
- return( 0 );
-}
-#else
-
-#define FORMAT_PEM 0
-#define FORMAT_DER 1
-
-#define DFL_TYPE POLARSSL_PK_RSA
-#define DFL_RSA_KEYSIZE 4096
-#define DFL_FILENAME "keyfile.key"
-#define DFL_FORMAT FORMAT_PEM
-#define DFL_USE_DEV_RANDOM 0
-
-#if defined(POLARSSL_ECP_C)
-#define DFL_EC_CURVE ecp_curve_list()->grp_id
-#else
-#define DFL_EC_CURVE 0
-#endif
-
-/*
- * global options
- */
-struct options
-{
- int type; /* the type of key to generate */
- int rsa_keysize; /* length of key in bits */
- int ec_curve; /* curve identifier for EC keys */
- const char *filename; /* filename of the key file */
- int format; /* the output format to use */
- int use_dev_random; /* use /dev/random as entropy source */
-} opt;
-
-#if !defined(_WIN32) && defined(POLARSSL_FS_IO)
+#if !defined(_WIN32)
+#include <unistd.h>
#define DEV_RANDOM_THRESHOLD 32
@@ -124,8 +85,65 @@
return( 0 );
}
+#endif /* !_WIN32 */
+#endif
+
+#if defined(POLARSSL_ECP_C)
+#define DFL_EC_CURVE ecp_curve_list()->grp_id
+#else
+#define DFL_EC_CURVE 0
+#endif
+
+#if !defined(_WIN32) && defined(POLARSSL_FS_IO)
+#define USAGE_DEV_RANDOM \
+ " use_dev_random=0|1 default: 0\n"
+#else
+#define USAGE_DEV_RANDOM ""
#endif /* !_WIN32 && POLARSSL_FS_IO */
+#define FORMAT_PEM 0
+#define FORMAT_DER 1
+
+#define DFL_TYPE POLARSSL_PK_RSA
+#define DFL_RSA_KEYSIZE 4096
+#define DFL_FILENAME "keyfile.key"
+#define DFL_FORMAT FORMAT_PEM
+#define DFL_USE_DEV_RANDOM 0
+
+#define USAGE \
+ "\n usage: gen_key param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " type=rsa|ec default: rsa\n" \
+ " rsa_keysize=%%d default: 4096\n" \
+ " ec_curve=%%s see below\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " format=pem|der default: pem\n" \
+ USAGE_DEV_RANDOM \
+ "\n"
+
+#if !defined(POLARSSL_PK_WRITE_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
+int main( void )
+{
+ polarssl_printf( "POLARSSL_PK_WRITE_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C "
+ "not defined.\n" );
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ int type; /* the type of key to generate */
+ int rsa_keysize; /* length of key in bits */
+ int ec_curve; /* curve identifier for EC keys */
+ const char *filename; /* filename of the key file */
+ int format; /* the output format to use */
+ int use_dev_random; /* use /dev/random as entropy source */
+} opt;
+
static int write_private_key( pk_context *key, const char *output_file )
{
int ret;
@@ -165,24 +183,6 @@
return( 0 );
}
-#if !defined(_WIN32) && defined(POLARSSL_FS_IO)
-#define USAGE_DEV_RANDOM \
- " use_dev_random=0|1 default: 0\n"
-#else
-#define USAGE_DEV_RANDOM ""
-#endif /* !_WIN32 && POLARSSL_FS_IO */
-
-#define USAGE \
- "\n usage: gen_key param=<>...\n" \
- "\n acceptable parameters:\n" \
- " type=rsa|ec default: rsa\n" \
- " rsa_keysize=%%d default: 4096\n" \
- " ec_curve=%%s see below\n" \
- " filename=%%s default: keyfile.key\n" \
- " format=pem|der default: pem\n" \
- USAGE_DEV_RANDOM \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -207,13 +207,13 @@
{
usage:
ret = 1;
- printf( USAGE );
+ polarssl_printf( USAGE );
#if defined(POLARSSL_ECP_C)
- printf( " availabled ec_curve values:\n" );
+ polarssl_printf( " availabled ec_curve values:\n" );
curve_info = ecp_curve_list();
- printf( " %s (default)\n", curve_info->name );
+ polarssl_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
- printf( " %s\n", curve_info->name );
+ polarssl_printf( " %s\n", curve_info->name );
#endif
goto exit;
}
@@ -277,7 +277,7 @@
goto usage;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -287,11 +287,11 @@
if( ( ret = entropy_add_source( &entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD ) ) != 0 )
{
- printf( " failed\n ! entropy_add_source returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! entropy_add_source returned -0x%04x\n", -ret );
goto exit;
}
- printf("\n Using /dev/random, so can take a long time! " );
+ polarssl_printf("\n Using /dev/random, so can take a long time! " );
fflush( stdout );
}
#endif /* !_WIN32 && POLARSSL_FS_IO */
@@ -300,19 +300,19 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
goto exit;
}
/*
* 1.1. Generate the key
*/
- printf( "\n . Generating the private key ..." );
+ polarssl_printf( "\n . Generating the private key ..." );
fflush( stdout );
if( ( ret = pk_init_ctx( &key, pk_info_from_type( opt.type ) ) ) != 0 )
{
- printf( " failed\n ! pk_init_ctx returned -0x%04x", -ret );
+ polarssl_printf( " failed\n ! pk_init_ctx returned -0x%04x", -ret );
goto exit;
}
@@ -323,7 +323,7 @@
opt.rsa_keysize, 65537 );
if( ret != 0 )
{
- printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
+ polarssl_printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
goto exit;
}
}
@@ -336,21 +336,21 @@
ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
- printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
+ polarssl_printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
goto exit;
}
}
else
#endif /* POLARSSL_ECP_C */
{
- printf( " failed\n ! key type not supported\n" );
+ polarssl_printf( " failed\n ! key type not supported\n" );
goto exit;
}
/*
* 1.2 Print the key
*/
- printf( " ok\n . Key information:\n" );
+ polarssl_printf( " ok\n . Key information:\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &key ) == POLARSSL_PK_RSA )
@@ -371,7 +371,7 @@
if( pk_get_type( &key ) == POLARSSL_PK_ECKEY )
{
ecp_keypair *ecp = pk_ec( key );
- printf( "curve: %s\n",
+ polarssl_printf( "curve: %s\n",
ecp_curve_info_from_grp_id( ecp->grp.id )->name );
mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
@@ -379,20 +379,20 @@
}
else
#endif
- printf(" ! key type not supported\n");
+ polarssl_printf(" ! key type not supported\n");
/*
* 1.3 Export key
*/
- printf( " . Writing key to file..." );
+ polarssl_printf( " . Writing key to file..." );
if( ( ret = write_private_key( &key, opt.filename ) ) != 0 )
{
- printf( " failed\n" );
+ polarssl_printf( " failed\n" );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
exit:
@@ -400,9 +400,9 @@
{
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, sizeof( buf ) );
- printf( " - %s\n", buf );
+ polarssl_printf( " - %s\n", buf );
#else
- printf("\n");
+ polarssl_printf("\n");
#endif
}
@@ -411,7 +411,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 27199ba..f8a2d2d 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -1,12 +1,9 @@
/*
* Key reading application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,26 +26,21 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && \
+ defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_FS_IO)
#include "polarssl/error.h"
#include "polarssl/rsa.h"
#include "polarssl/x509.h"
-#if !defined(POLARSSL_BIGNUM_C) || \
- !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or "
- "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
- return( 0 );
-}
-#else
+#include <string.h>
+#endif
#define MODE_NONE 0
#define MODE_PRIVATE 1
@@ -60,6 +52,25 @@
#define DFL_PASSWORD_FILE ""
#define DFL_DEBUG_LEVEL 0
+#define USAGE \
+ "\n usage: key_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " password=%%s default: \"\"\n" \
+ " password_file=%%s default: \"\"\n" \
+ "\n"
+
+
+#if !defined(POLARSSL_BIGNUM_C) || \
+ !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or "
+ "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
/*
* global options
*/
@@ -71,15 +82,6 @@
const char *password_file; /* password_file for the private key */
} opt;
-#define USAGE \
- "\n usage: key_app param=<>...\n" \
- "\n acceptable parameters:\n" \
- " mode=private|public default: none\n" \
- " filename=%%s default: keyfile.key\n" \
- " password=%%s default: \"\"\n" \
- " password_file=%%s default: \"\"\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -97,7 +99,7 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
goto exit;
}
@@ -136,7 +138,7 @@
{
if( strlen( opt.password ) && strlen( opt.password_file ) )
{
- printf( "Error: cannot have both password and password_file\n" );
+ polarssl_printf( "Error: cannot have both password and password_file\n" );
goto usage;
}
@@ -144,16 +146,16 @@
{
FILE *f;
- printf( "\n . Loading the password file ..." );
+ polarssl_printf( "\n . Loading the password file ..." );
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
{
- printf( " failed\n ! fopen returned NULL\n" );
+ polarssl_printf( " failed\n ! fopen returned NULL\n" );
goto exit;
}
if( fgets( buf, sizeof(buf), f ) == NULL )
{
fclose( f );
- printf( "Error: fgets() failed to retrieve password\n" );
+ polarssl_printf( "Error: fgets() failed to retrieve password\n" );
goto exit;
}
fclose( f );
@@ -167,23 +169,23 @@
/*
* 1.1. Load the key
*/
- printf( "\n . Loading the private key ..." );
+ polarssl_printf( "\n . Loading the private key ..." );
fflush( stdout );
ret = pk_parse_keyfile( &pk, opt.filename, opt.password );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_keyfile returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%04x\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the key
*/
- printf( " . Key information ...\n" );
+ polarssl_printf( " . Key information ...\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &pk ) == POLARSSL_PK_RSA )
{
@@ -211,7 +213,7 @@
else
#endif
{
- printf("Do not know how to print key information for this type\n" );
+ polarssl_printf("Do not know how to print key information for this type\n" );
goto exit;
}
}
@@ -220,20 +222,20 @@
/*
* 1.1. Load the key
*/
- printf( "\n . Loading the public key ..." );
+ polarssl_printf( "\n . Loading the public key ..." );
fflush( stdout );
ret = pk_parse_public_keyfile( &pk, opt.filename );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
- printf( " . Key information ...\n" );
+ polarssl_printf( " . Key information ...\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &pk ) == POLARSSL_PK_RSA )
{
@@ -254,7 +256,7 @@
else
#endif
{
- printf("Do not know how to print key information for this type\n" );
+ polarssl_printf("Do not know how to print key information for this type\n" );
goto exit;
}
}
@@ -265,13 +267,13 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, buf, sizeof(buf) );
- printf( " ! Last error was: %s\n", buf );
+ polarssl_printf( " ! Last error was: %s\n", buf );
#endif
pk_free( &pk );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 983b64e..3be1ce0 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -1,12 +1,9 @@
/*
* Key writing application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,24 +26,44 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_FS_IO)
#include "polarssl/error.h"
#include "polarssl/pk.h"
#include "polarssl/error.h"
-#if !defined(POLARSSL_PK_WRITE_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf( "POLARSSL_PK_WRITE_C and/or POLARSSL_FS_IO not defined.\n" );
- return( 0 );
-}
+#if defined(POLARSSL_PEM_WRITE_C)
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.pem\n" \
+ " output_format=pem|der default: pem\n"
#else
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.der\n" \
+ " output_format=der default: der\n"
+#endif
+
+#if defined(POLARSSL_PEM_WRITE_C)
+#define DFL_OUTPUT_FILENAME "keyfile.pem"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
+#else
+#define DFL_OUTPUT_FILENAME "keyfile.der"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
+#endif
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "keyfile.key"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
#define MODE_NONE 0
#define MODE_PRIVATE 1
@@ -59,18 +76,22 @@
#define OUTPUT_FORMAT_PEM 0
#define OUTPUT_FORMAT_DER 1
-#define DFL_MODE MODE_NONE
-#define DFL_FILENAME "keyfile.key"
-#define DFL_DEBUG_LEVEL 0
-#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
-#if defined(POLARSSL_PEM_WRITE_C)
-#define DFL_OUTPUT_FILENAME "keyfile.pem"
-#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
-#else
-#define DFL_OUTPUT_FILENAME "keyfile.der"
-#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
-#endif
+#define USAGE \
+ "\n usage: key_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " output_mode=private|public default: none\n" \
+ USAGE_OUT \
+ "\n"
+#if !defined(POLARSSL_PK_WRITE_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf( "POLARSSL_PK_WRITE_C and/or POLARSSL_FS_IO not defined.\n" );
+ return( 0 );
+}
+#else
/*
* global options
*/
@@ -167,25 +188,6 @@
return( 0 );
}
-#if defined(POLARSSL_PEM_WRITE_C)
-#define USAGE_OUT \
- " output_file=%%s default: keyfile.pem\n" \
- " output_format=pem|der default: pem\n"
-#else
-#define USAGE_OUT \
- " output_file=%%s default: keyfile.der\n" \
- " output_format=der default: der\n"
-#endif
-
-#define USAGE \
- "\n usage: key_app param=<>...\n" \
- "\n acceptable parameters:\n" \
- " mode=private|public default: none\n" \
- " filename=%%s default: keyfile.key\n" \
- " output_mode=private|public default: none\n" \
- USAGE_OUT \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -204,7 +206,7 @@
{
usage:
ret = 1;
- printf( USAGE );
+ polarssl_printf( USAGE );
goto exit;
}
@@ -261,13 +263,13 @@
if( opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE )
{
- printf( "\nCannot output a key without reading one.\n");
+ polarssl_printf( "\nCannot output a key without reading one.\n");
goto exit;
}
if( opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE )
{
- printf( "\nCannot output a private key from a public key.\n");
+ polarssl_printf( "\nCannot output a private key from a public key.\n");
goto exit;
}
@@ -276,7 +278,7 @@
/*
* 1.1. Load the key
*/
- printf( "\n . Loading the private key ..." );
+ polarssl_printf( "\n . Loading the private key ..." );
fflush( stdout );
ret = pk_parse_keyfile( &key, opt.filename, NULL );
@@ -284,16 +286,16 @@
if( ret != 0 )
{
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " failed\n ! pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the key
*/
- printf( " . Key information ...\n" );
+ polarssl_printf( " . Key information ...\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &key ) == POLARSSL_PK_RSA )
@@ -321,7 +323,7 @@
}
else
#endif
- printf("key type not supported yet\n");
+ polarssl_printf("key type not supported yet\n");
}
else if( opt.mode == MODE_PUBLIC )
@@ -329,7 +331,7 @@
/*
* 1.1. Load the key
*/
- printf( "\n . Loading the public key ..." );
+ polarssl_printf( "\n . Loading the public key ..." );
fflush( stdout );
ret = pk_parse_public_keyfile( &key, opt.filename );
@@ -337,16 +339,16 @@
if( ret != 0 )
{
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " failed\n ! pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the key
*/
- printf( " . Key information ...\n" );
+ polarssl_printf( " . Key information ...\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &key ) == POLARSSL_PK_RSA )
@@ -367,7 +369,7 @@
}
else
#endif
- printf("key type not supported yet\n");
+ polarssl_printf("key type not supported yet\n");
}
else
goto usage;
@@ -387,16 +389,16 @@
{
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, sizeof( buf ) );
- printf( " - %s\n", buf );
+ polarssl_printf( " - %s\n", buf );
#else
- printf("\n");
+ polarssl_printf("\n");
#endif
}
pk_free( &key );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 2e9bf93..95267fc 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -1,12 +1,9 @@
/*
* Simple MPI demonstration program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,74 +26,85 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_FS_IO)
#include "polarssl/bignum.h"
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#endif
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
+ int ret;
mpi E, P, Q, N, H, D, X, Y, Z;
- ((void) argc);
- ((void) argv);
-
mpi_init( &E ); mpi_init( &P ); mpi_init( &Q ); mpi_init( &N );
mpi_init( &H ); mpi_init( &D ); mpi_init( &X ); mpi_init( &Y );
mpi_init( &Z );
- mpi_read_string( &P, 10, "2789" );
- mpi_read_string( &Q, 10, "3203" );
- mpi_read_string( &E, 10, "257" );
- mpi_mul_mpi( &N, &P, &Q );
+ MPI_CHK( mpi_read_string( &P, 10, "2789" ) );
+ MPI_CHK( mpi_read_string( &Q, 10, "3203" ) );
+ MPI_CHK( mpi_read_string( &E, 10, "257" ) );
+ MPI_CHK( mpi_mul_mpi( &N, &P, &Q ) );
- printf( "\n Public key:\n\n" );
- mpi_write_file( " N = ", &N, 10, NULL );
- mpi_write_file( " E = ", &E, 10, NULL );
+ polarssl_printf( "\n Public key:\n\n" );
+ MPI_CHK( mpi_write_file( " N = ", &N, 10, NULL ) );
+ MPI_CHK( mpi_write_file( " E = ", &E, 10, NULL ) );
- printf( "\n Private key:\n\n" );
- mpi_write_file( " P = ", &P, 10, NULL );
- mpi_write_file( " Q = ", &Q, 10, NULL );
+ polarssl_printf( "\n Private key:\n\n" );
+ MPI_CHK( mpi_write_file( " P = ", &P, 10, NULL ) );
+ MPI_CHK( mpi_write_file( " Q = ", &Q, 10, NULL ) );
#if defined(POLARSSL_GENPRIME)
- mpi_sub_int( &P, &P, 1 );
- mpi_sub_int( &Q, &Q, 1 );
- mpi_mul_mpi( &H, &P, &Q );
- mpi_inv_mod( &D, &E, &H );
+ MPI_CHK( mpi_sub_int( &P, &P, 1 ) );
+ MPI_CHK( mpi_sub_int( &Q, &Q, 1 ) );
+ MPI_CHK( mpi_mul_mpi( &H, &P, &Q ) );
+ MPI_CHK( mpi_inv_mod( &D, &E, &H ) );
mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL );
#else
- printf("\nTest skipped (POLARSSL_GENPRIME not defined).\n\n");
+ polarssl_printf("\nTest skipped (POLARSSL_GENPRIME not defined).\n\n");
#endif
- mpi_read_string( &X, 10, "55555" );
- mpi_exp_mod( &Y, &X, &E, &N, NULL );
- mpi_exp_mod( &Z, &Y, &D, &N, NULL );
+ MPI_CHK( mpi_read_string( &X, 10, "55555" ) );
+ MPI_CHK( mpi_exp_mod( &Y, &X, &E, &N, NULL ) );
+ MPI_CHK( mpi_exp_mod( &Z, &Y, &D, &N, NULL ) );
- printf( "\n RSA operation:\n\n" );
- mpi_write_file( " X (plaintext) = ", &X, 10, NULL );
- mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL );
- mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL );
- printf( "\n" );
+ polarssl_printf( "\n RSA operation:\n\n" );
+ MPI_CHK( mpi_write_file( " X (plaintext) = ", &X, 10, NULL ) );
+ MPI_CHK( mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ) );
+ MPI_CHK( mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
+ polarssl_printf( "\n" );
+cleanup:
mpi_free( &E ); mpi_free( &P ); mpi_free( &Q ); mpi_free( &N );
mpi_free( &H ); mpi_free( &D ); mpi_free( &X ); mpi_free( &Y );
mpi_free( &Z );
+ if( ret != 0 )
+ {
+ polarssl_printf( "\nAn error occurred.\n" );
+ ret = 1;
+ }
+
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
- return( 0 );
+ return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 2ecb1d8..bafa4a9 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -1,12 +1,9 @@
/*
* Public key-based simple decryption program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,23 +26,32 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_PK_PARSE_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/error.h"
#include "polarssl/pk.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -69,16 +75,16 @@
if( argc != 2 )
{
- printf( "usage: pk_decrypt <key_file>\n" );
+ polarssl_printf( "usage: pk_decrypt <key_file>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -86,18 +92,18 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( "\n . Reading private key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
pk_init( &pk );
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
- printf( " failed\n ! pk_parse_keyfile returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%04x\n", -ret );
goto exit;
}
@@ -108,7 +114,7 @@
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
- printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ polarssl_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -123,19 +129,19 @@
/*
* Decrypt the encrypted RSA data and print the result.
*/
- printf( "\n . Decrypting the encrypted data" );
+ polarssl_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
if( ( ret = pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! pk_decrypt returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_decrypt returned -0x%04x\n", -ret );
goto exit;
}
- printf( "\n . OK\n\n" );
+ polarssl_printf( "\n . OK\n\n" );
- printf( "The decrypted result is: '%s'\n\n", result );
+ polarssl_printf( "The decrypted result is: '%s'\n\n", result );
ret = 0;
@@ -145,11 +151,11 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " ! Last error was: %s\n", buf );
+ polarssl_printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 2eb139c..ad94159 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -1,12 +1,9 @@
/*
* RSA simple data encryption program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,23 +26,32 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_PK_PARSE_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/error.h"
#include "polarssl/pk.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -67,16 +73,16 @@
if( argc != 3 )
{
- printf( "usage: pk_encrypt <key_file> <string of max 100 characters>\n" );
+ polarssl_printf( "usage: pk_encrypt <key_file> <string of max 100 characters>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -84,24 +90,24 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
goto exit;
}
- printf( "\n . Reading public key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
pk_init( &pk );
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
- printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
goto exit;
}
if( strlen( argv[2] ) > 100 )
{
- printf( " Input data larger than 100 characters.\n\n" );
+ polarssl_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -110,14 +116,14 @@
/*
* Calculate the RSA encryption of the hash.
*/
- printf( "\n . Generating the encrypted value" );
+ polarssl_printf( "\n . Generating the encrypted value" );
fflush( stdout );
if( ( ret = pk_encrypt( &pk, input, strlen( argv[2] ),
buf, &olen, sizeof(buf),
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! pk_encrypt returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_encrypt returned -0x%04x\n", -ret );
goto exit;
}
@@ -127,17 +133,17 @@
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ polarssl_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
for( i = 0; i < olen; i++ )
- fprintf( f, "%02X%s", buf[i],
+ polarssl_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
fclose( f );
- printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ polarssl_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
exit:
ctr_drbg_free( &ctr_drbg );
@@ -145,11 +151,11 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " ! Last error was: %s\n", buf );
+ polarssl_printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index d80cbd7..7ccc70b 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -1,12 +1,9 @@
/*
* Public key-based signature creation program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,19 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_snprintf snprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SHA256_C) && \
+ defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/error.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
@@ -39,21 +46,22 @@
#include "polarssl/pk.h"
#include "polarssl/sha1.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SHA1_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -77,77 +85,77 @@
if( argc != 3 )
{
- printf( "usage: pk_sign <key_file> <filename>\n" );
+ polarssl_printf( "usage: pk_sign <key_file> <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
goto exit;
}
- printf( "\n . Reading private key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
- printf( " failed\n ! Could not open '%s'\n", argv[1] );
+ polarssl_printf( " failed\n ! Could not open '%s'\n", argv[1] );
goto exit;
}
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash.
*/
- printf( "\n . Generating the SHA-1 signature" );
+ polarssl_printf( "\n . Generating the SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
- if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
+ if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
- snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+ polarssl_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create %s\n\n", filename );
+ polarssl_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
- printf( "failed\n ! fwrite failed\n\n" );
+ polarssl_printf( "failed\n ! fwrite failed\n\n" );
goto exit;
}
fclose( f );
- printf( "\n . Done (created \"%s\")\n\n", filename );
+ polarssl_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:
pk_free( &pk );
@@ -156,16 +164,16 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " ! Last error was: %s\n", buf );
+ polarssl_printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C &&
- POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
+ POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index e970520..3afa34a 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -1,12 +1,9 @@
/*
* Public key-based signature verification program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,28 +26,38 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_snprintf snprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && \
+ defined(POLARSSL_SHA256_C) && defined(POLARSSL_PK_PARSE_C) && \
+ defined(POLARSSL_FS_IO)
#include "polarssl/error.h"
#include "polarssl/md.h"
#include "polarssl/pk.h"
#include "polarssl/sha1.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
#if !defined(POLARSSL_BIGNUM_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n");
return( 0 );
}
@@ -69,21 +76,21 @@
if( argc != 3 )
{
- printf( "usage: pk_verify <key_file> <filename>\n" );
+ polarssl_printf( "usage: pk_verify <key_file> <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Reading public key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
- printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
goto exit;
}
@@ -91,11 +98,11 @@
* Extract the signature from the text file
*/
ret = 1;
- snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+ polarssl_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "\n ! Could not open %s\n\n", filename );
+ polarssl_printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
@@ -105,26 +112,26 @@
fclose( f );
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the signature.
*/
- printf( "\n . Verifying the SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
- if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
+ if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
- printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
+ polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
goto exit;
}
- printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
@@ -133,15 +140,15 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
- printf( " ! Last error was: %s\n", buf );
+ polarssl_printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index c79f1e4..dfa475c 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -1,12 +1,9 @@
/*
* RSA simple decryption program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,22 +26,30 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/rsa.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_FS_IO and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -68,16 +73,16 @@
if( argc != 1 )
{
- printf( "usage: rsa_decrypt\n" );
+ polarssl_printf( "usage: rsa_decrypt\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -85,16 +90,16 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( "\n . Reading private key from rsa_priv.txt" );
+ polarssl_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
- printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
@@ -110,7 +115,7 @@
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
@@ -125,7 +130,7 @@
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
- printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ polarssl_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
@@ -139,27 +144,27 @@
if( i != rsa.len )
{
- printf( "\n ! Invalid RSA signature format\n\n" );
+ polarssl_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
* Decrypt the encrypted RSA data and print the result.
*/
- printf( "\n . Decrypting the encrypted data" );
+ polarssl_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
RSA_PRIVATE, &i, buf, result,
1024 ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
goto exit;
}
- printf( "\n . OK\n\n" );
+ polarssl_printf( "\n . OK\n\n" );
- printf( "The decrypted result is: '%s'\n\n", result );
+ polarssl_printf( "The decrypted result is: '%s'\n\n", result );
ret = 0;
@@ -168,7 +173,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 677ce76..6831833 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -1,12 +1,9 @@
/*
* RSA simple data encryption program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,22 +26,31 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/rsa.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -66,16 +72,16 @@
if( argc != 2 )
{
- printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
+ polarssl_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -83,27 +89,27 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( "\n . Reading public key from rsa_pub.txt" );
+ polarssl_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
+
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
@@ -113,7 +119,7 @@
if( strlen( argv[1] ) > 100 )
{
- printf( " Input data larger than 100 characters.\n\n" );
+ polarssl_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -122,14 +128,14 @@
/*
* Calculate the RSA encryption of the hash.
*/
- printf( "\n . Generating the RSA encrypted value" );
+ polarssl_printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg,
RSA_PUBLIC, strlen( argv[1] ),
input, buf ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto exit;
}
@@ -139,24 +145,24 @@
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ polarssl_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
goto exit;
}
for( i = 0; i < rsa.len; i++ )
- fprintf( f, "%02X%s", buf[i],
+ polarssl_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
fclose( f );
- printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+ polarssl_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
exit:
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 48d8c5e..0270b53 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -1,12 +1,9 @@
/*
* Example RSA key generation program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,32 +26,41 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/bignum.h"
#include "polarssl/x509.h"
#include "polarssl/rsa.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#define KEY_SIZE 1024
#define EXPONENT 65537
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_GENPRIME) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_RSA_C and/or POLARSSL_GENPRIME and/or "
"POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
-int main( int argc, char *argv[] )
+int main( void )
{
int ret;
rsa_context rsa;
@@ -64,10 +70,7 @@
FILE *fpriv = NULL;
const char *pers = "rsa_genkey";
- ((void) argc);
- ((void) argv);
-
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -75,28 +78,28 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
+ polarssl_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
fflush( stdout );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
+
if( ( ret = rsa_gen_key( &rsa, ctr_drbg_random, &ctr_drbg, KEY_SIZE,
EXPONENT ) ) != 0 )
{
- printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
+ polarssl_printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
fflush( stdout );
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
- printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
+ polarssl_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
ret = 1;
goto exit;
}
@@ -104,16 +107,16 @@
if( ( ret = mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 ||
( ret = mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 )
{
- printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
+ polarssl_printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
fflush( stdout );
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
- printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
+ polarssl_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
ret = 1;
goto exit;
}
@@ -127,11 +130,11 @@
( ret = mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 )
{
- printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
/*
- printf( " ok\n . Generating the certificate..." );
+ polarssl_printf( " ok\n . Generating the certificate..." );
x509write_init_raw( &cert );
x509write_add_pubkey( &cert, &rsa );
@@ -143,7 +146,7 @@
x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
x509write_free_raw( &cert );
*/
- printf( " ok\n\n" );
+ polarssl_printf( " ok\n\n" );
exit:
@@ -158,7 +161,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 0689557..d9a9a6e 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -1,12 +1,9 @@
/*
- * RSA/SHA-1 signature creation program
+ * RSA/SHA-256 signature creation program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,21 +26,29 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_SHA256_C) && defined(POLARSSL_FS_IO)
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -60,28 +65,28 @@
if( argc != 2 )
{
- printf( "usage: rsa_sign <filename>\n" );
+ polarssl_printf( "usage: rsa_sign <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Reading private key from rsa_priv.txt" );
+ polarssl_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0 );
-
+
if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
@@ -91,7 +96,7 @@
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
@@ -99,31 +104,31 @@
fclose( f );
- printf( "\n . Checking the private key" );
+ polarssl_printf( "\n . Checking the private key" );
fflush( stdout );
if( ( ret = rsa_check_privkey( &rsa ) ) != 0 )
{
- printf( " failed\n ! rsa_check_privkey failed with -0x%0x\n", -ret );
+ polarssl_printf( " failed\n ! rsa_check_privkey failed with -0x%0x\n", -ret );
goto exit;
}
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- printf( "\n . Generating the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
20, hash, buf ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
goto exit;
}
@@ -135,26 +140,26 @@
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create %s\n\n", argv[1] );
+ polarssl_printf( " failed\n ! Could not create %s\n\n", argv[1] );
goto exit;
}
for( i = 0; i < rsa.len; i++ )
- fprintf( f, "%02X%s", buf[i],
+ polarssl_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
fclose( f );
- printf( "\n . Done (created \"%s\")\n\n", argv[1] );
+ polarssl_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
exit:
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e3e56c6..7c0c7ca 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -1,12 +1,9 @@
/*
- * RSASSA-PSS/SHA-1 signature creation program
+ * RSASSA-PSS/SHA-256 signature creation program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,19 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_snprintf snprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_SHA256_C) && \
+ defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/md.h"
@@ -39,21 +46,22 @@
#include "polarssl/sha1.h"
#include "polarssl/x509.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_RSA_C and/or POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -77,87 +85,87 @@
if( argc != 3 )
{
- printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
+ polarssl_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( "\n . Reading private key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
- printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
- printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ polarssl_printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
}
if( !pk_can_do( &pk, POLARSSL_PK_RSA ) )
{
ret = 1;
- printf( " failed\n ! Key is not an RSA key\n" );
+ polarssl_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
- rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/*
- * Compute the SHA-1 hash of the input file,
+ * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
- printf( "\n . Generating the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
- if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
+ if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! pk_sign returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
- snprintf( filename, 512, "%s.sig", argv[2] );
+ polarssl_snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
- printf( " failed\n ! Could not create %s\n\n", filename );
+ polarssl_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
- printf( "failed\n ! fwrite failed\n\n" );
+ polarssl_printf( "failed\n ! fwrite failed\n\n" );
goto exit;
}
fclose( f );
- printf( "\n . Done (created \"%s\")\n\n", filename );
+ polarssl_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:
pk_free( &pk );
@@ -165,12 +173,12 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
- POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
+ POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 9c7c5ee..374a5f1 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -1,12 +1,9 @@
/*
- * RSA/SHA-1 signature verification program
+ * RSA/SHA-256 signature verification program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,21 +26,28 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_SHA256_C) && defined(POLARSSL_FS_IO)
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#include <stdio.h>
+#include <string.h>
+#endif
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -59,21 +63,21 @@
ret = 1;
if( argc != 2 )
{
- printf( "usage: rsa_verify <filename>\n" );
+ polarssl_printf( "usage: rsa_verify <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Reading public key from rsa_pub.txt" );
+ polarssl_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
- printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ polarssl_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
@@ -83,7 +87,7 @@
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
- printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
@@ -100,7 +104,7 @@
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
{
- printf( "\n ! Could not open %s\n\n", argv[1] );
+ polarssl_printf( "\n ! Could not open %s\n\n", argv[1] );
goto exit;
}
@@ -114,42 +118,42 @@
if( i != rsa.len )
{
- printf( "\n ! Invalid RSA signature format\n\n" );
+ polarssl_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
- printf( "\n . Verifying the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
- POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 )
+ POLARSSL_MD_SHA256, 20, hash, buf ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
goto exit;
}
- printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
exit:
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 84945c3..217b713 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -1,12 +1,9 @@
/*
- * RSASSA-PSS/SHA-1 signature verification program
+ * RSASSA-PSS/SHA-256 signature verification program
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,29 +26,39 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_snprintf snprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_SHA256_C) && defined(POLARSSL_PK_PARSE_C) && \
+ defined(POLARSSL_FS_IO)
#include "polarssl/md.h"
#include "polarssl/pem.h"
#include "polarssl/pk.h"
#include "polarssl/sha1.h"
#include "polarssl/x509.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \
+ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n");
return( 0 );
}
@@ -70,43 +77,43 @@
if( argc != 3 )
{
- printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
+ polarssl_printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
#if defined(_WIN32)
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( "\n . Reading public key from '%s'", argv[1] );
+ polarssl_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
- printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
- printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ polarssl_printf( " ! pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
}
if( !pk_can_do( &pk, POLARSSL_PK_RSA ) )
{
ret = 1;
- printf( " failed\n ! Key is not an RSA key\n" );
+ polarssl_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
- rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 );
+ rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/*
* Extract the RSA signature from the text file
*/
ret = 1;
- snprintf( filename, 512, "%s.sig", argv[2] );
+ polarssl_snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- printf( "\n ! Could not open %s\n\n", filename );
+ polarssl_printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
@@ -116,26 +123,26 @@
fclose( f );
/*
- * Compute the SHA-1 hash of the input file and compare
+ * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
- printf( "\n . Verifying the RSA/SHA-1 signature" );
+ polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
- printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
- if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
+ if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
- printf( " failed\n ! pk_verify returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret );
goto exit;
}
- printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
+ polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0;
@@ -143,11 +150,11 @@
pk_free( &pk );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index ae02bd1..30933d8 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -1,11 +1,11 @@
add_executable(gen_random_havege gen_random_havege.c)
-target_link_libraries(gen_random_havege polarssl)
+target_link_libraries(gen_random_havege mbedtls)
add_executable(gen_random_ctr_drbg gen_random_ctr_drbg.c)
-target_link_libraries(gen_random_ctr_drbg polarssl)
+target_link_libraries(gen_random_ctr_drbg mbedtls)
add_executable(gen_entropy gen_entropy.c)
-target_link_libraries(gen_entropy polarssl)
+target_link_libraries(gen_entropy mbedtls)
install(TARGETS gen_random_havege gen_random_ctr_drbg gen_entropy
DESTINATION "bin"
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 67679c8..573a13b 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -1,12 +1,9 @@
/**
* \brief Use and generate multiple entropies calls into a file
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,17 +26,24 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include <stdio.h>
+#endif
-#if !defined(POLARSSL_ENTROPY_C)
-int main( int argc, char *argv[] )
+#if !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_ENTROPY_C not defined.\n");
+ polarssl_printf("POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -52,13 +56,13 @@
if( argc < 2 )
{
- fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ polarssl_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
- printf( "failed to open '%s' for writing.\n", argv[0] );
+ polarssl_printf( "failed to open '%s' for writing.\n", argv[1] );
return( 1 );
}
@@ -69,20 +73,21 @@
ret = entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
- printf("failed!\n");
+ polarssl_printf("failed!\n");
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
- printf( "Generating 32Mb of data in file '%s'... %04.1f" \
- "%% done\r", argv[1], (100 * (float) (i + 1)) / k );
+ polarssl_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
ret = 0;
cleanup:
+ polarssl_printf( "\n" );
fclose( f );
entropy_free( &entropy );
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 94e200d..e96e37b 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -1,12 +1,9 @@
/**
* \brief Use and generate random data into a file via the CTR_DBRG based on AES
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,27 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include <stdio.h>
+#endif
-#if !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_ENTROPY_C)
-int main( int argc, char *argv[] )
+#if !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_CTR_DRBG_C or POLARSSL_ENTROPY_C not defined.\n");
+ polarssl_printf("POLARSSL_CTR_DRBG_C and/or POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -54,13 +60,13 @@
if( argc < 2 )
{
- fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ polarssl_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
- printf( "failed to open '%s' for writing.\n", argv[0] );
+ polarssl_printf( "failed to open '%s' for writing.\n", argv[1] );
return( 1 );
}
@@ -68,7 +74,7 @@
ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) "RANDOM_GEN", 10 );
if( ret != 0 )
{
- printf( "failed in ctr_drbg_init: %d\n", ret );
+ polarssl_printf( "failed in ctr_drbg_init: %d\n", ret );
goto cleanup;
}
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF );
@@ -78,17 +84,17 @@
if( ret == POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR )
{
- printf( "Failed to open seedfile. Generating one.\n" );
+ polarssl_printf( "Failed to open seedfile. Generating one.\n" );
ret = ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
if( ret != 0 )
{
- printf( "failed in ctr_drbg_write_seed_file: %d\n", ret );
+ polarssl_printf( "failed in ctr_drbg_write_seed_file: %d\n", ret );
goto cleanup;
}
}
else if( ret != 0 )
{
- printf( "failed in ctr_drbg_update_seed_file: %d\n", ret );
+ polarssl_printf( "failed in ctr_drbg_update_seed_file: %d\n", ret );
goto cleanup;
}
#endif
@@ -98,21 +104,21 @@
ret = ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) );
if( ret != 0 )
{
- printf("failed!\n");
+ polarssl_printf("failed!\n");
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
- printf( "Generating 32Mb of data in file '%s'... %04.1f" \
- "%% done\r", argv[1], (100 * (float) (i + 1)) / k );
+ polarssl_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
ret = 0;
cleanup:
- printf("\n");
+ polarssl_printf("\n");
fclose( f );
ctr_drbg_free( &ctr_drbg );
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index e9152fa..e5a5356 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -1,12 +1,9 @@
/**
* \brief Generate random data into a file
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_HAVEGE_C) && defined(POLARSSL_FS_IO)
#include "polarssl/havege.h"
-#include <time.h>
#include <stdio.h>
+#include <time.h>
+#endif
-#if !defined(POLARSSL_HAVEGE_C)
-int main( int argc, char *argv[] )
+#if !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_HAVEGE_C not defined.\n");
+ polarssl_printf("POLARSSL_HAVEGE_C not defined.\n");
return( 0 );
}
#else
@@ -54,13 +58,13 @@
if( argc < 2 )
{
- fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ polarssl_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
- printf( "failed to open '%s' for writing.\n", argv[0] );
+ polarssl_printf( "failed to open '%s' for writing.\n", argv[1] );
return( 1 );
}
@@ -72,7 +76,7 @@
{
if( havege_random( &hs, buf, sizeof( buf ) ) != 0 )
{
- printf( "Failed to get random from source.\n" );
+ polarssl_printf( "Failed to get random from source.\n" );
ret = 1;
goto exit;
@@ -80,15 +84,15 @@
fwrite( buf, sizeof( buf ), 1, f );
- printf( "Generating 32Mb of data in file '%s'... %04.1f" \
- "%% done\r", argv[1], (100 * (float) (i + 1)) / k );
+ polarssl_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
if( t == time( NULL ) )
t--;
- printf(" \n ");
+ polarssl_printf(" \n ");
exit:
havege_free( &hs );
diff --git a/programs/ssl/CA-HOWTO.txt b/programs/ssl/CA-HOWTO.txt
deleted file mode 100644
index 6f05211..0000000
--- a/programs/ssl/CA-HOWTO.txt
+++ /dev/null
@@ -1,144 +0,0 @@
-
-
-
- How to setup your own Certificate Authority
- ===========================================
-
-
-Note: this howto requires the openssl binary, as well as classic
-UNIX tools (cat, touch, echo). If you use Windows, please consider
-installing Cygwin -- see http://cygwin.com/
-
-
- 1. Configure OpenSSL
- --------------------
-
-First of all, create sslconf.txt in the current directory
-(a basic example is provided at the end of this file).
-
-cat > sslconf.txt <<"EOF"
-[paste contents here]
-EOF
-
-Then you need to create the database and a starting serial number:
-
-touch index
-echo "01" > serial
-mkdir newcerts
-
-
- 2. Generate the CA certificate
- ------------------------------
-
-openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
- -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
-
-
- 3. Generate the private keys and certificate requests
- -----------------------------------------------------
-
-openssl genrsa -out server1.key 2048
-openssl genrsa -out server2.key 2048
-openssl genrsa -out client1.key 2048
-openssl genrsa -out client2.key 2048
-
-openssl req -config sslconf.txt -new -key server1.key -out server1.req
-openssl req -config sslconf.txt -new -key server2.key -out server2.req
-openssl req -config sslconf.txt -new -key client1.key -out client1.req
-openssl req -config sslconf.txt -new -key client2.key -out client2.req
-
-
- 4. Issue and sign the certificates
- ----------------------------------
-
-openssl ca -config sslconf.txt -in server1.req -out server1.crt
-openssl ca -config sslconf.txt -in server2.req -out server2.crt
-openssl ca -config sslconf.txt -in client1.req -out client1.crt
-openssl ca -config sslconf.txt -in client2.req -out client2.crt
-
-
- 5. To revoke a certificate and update the CRL
- ---------------------------------------------
-
-openssl ca -config sslconf.txt -revoke server1.crt
-openssl ca -config sslconf.txt -revoke client1.crt
-openssl ca -config sslconf.txt -gencrl -out crl.pem
-
-
- 6. To display a certificate and verify its validity
- ---------------------------------------------------
-
-openssl x509 -in server2.crt -text -noout
-cat test-ca.crt crl.pem > ca_crl.pem
-openssl verify -CAfile ca_crl.pem -crl_check server2.crt
-rm ca_crl.pem
-
-
- 7. To export a certificate into a .pfx file
- -------------------------------------------
-
-openssl pkcs12 -export -in client2.crt -inkey client2.key \
- -out client2.pfx
-
-
-##================================================================
-##============== Example OpenSSL configuration file ==============
-##================================================================
-
-# References:
-#
-# /etc/ssl/openssl.conf
-# http://www.openssl.org/docs/apps/config.html
-# http://www.openssl.org/docs/apps/x509v3_config.html
-
-[ ca ]
-default_ca = my_ca
-
-[ my_ca ]
-certificate = test-ca.crt
-private_key = test-ca.key
-database = index
-serial = serial
-
-new_certs_dir = newcerts
-default_crl_days = 60
-default_days = 730
-default_md = sha1
-policy = my_policy
-x509_extensions = v3_usr
-
-[ my_policy ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-[ req ]
-distinguished_name = my_req_dn
-x509_extensions = v3_ca
-
-[ my_req_dn ]
-countryName = Country Name..............
-countryName_min = 2
-countryName_max = 2
-stateOrProvinceName = State or Province Name....
-localityName = Locality Name.............
-0.organizationName = Organization Name.........
-organizationalUnitName = Org. Unit Name............
-commonName = Common Name (required)....
-commonName_max = 64
-emailAddress = Email Address.............
-emailAddress_max = 64
-
-[ v3_ca ]
-basicConstraints = CA:TRUE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-
-[ v3_usr ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index e0cfba0..b1b9fa8 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -2,7 +2,7 @@
find_package(Threads)
set(libs
- polarssl
+ mbedtls
)
set(targets
@@ -11,6 +11,7 @@
ssl_server
ssl_fork_server
ssl_mail_client
+ mini_client
)
if(USE_PKCS11_HELPER_LIBRARY)
@@ -39,6 +40,9 @@
add_executable(ssl_mail_client ssl_mail_client.c)
target_link_libraries(ssl_mail_client ${libs})
+add_executable(mini_client mini_client.c)
+target_link_libraries(mini_client ${libs})
+
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
new file mode 100644
index 0000000..c48969b
--- /dev/null
+++ b/programs/ssl/mini_client.c
@@ -0,0 +1,270 @@
+/*
+ * Minimal SSL client, used for memory measurements.
+ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
+ *
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "polarssl/config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
+/*
+ * We're creating and connecting the socket "manually" rather than using the
+ * NET module, in order to avoid the overhead of getaddrinfo() which tends to
+ * dominate memory usage in small configurations. For the sake of simplicity,
+ * only a Unix version is implemented.
+ */
+#if defined(unix) || defined(__unix__) || defined(__unix)
+#define UNIX
+#endif
+
+#if !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(UNIX)
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif
+int main( void )
+{
+ polarssl_printf( "POLARSSL_CTR_DRBG_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_SSL_CLI_C and/or UNIX "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#include <string.h>
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+/*
+ * Hardcoded values for server host and port
+ */
+#define PORT_BE 0x1151 /* 4433 */
+#define PORT_LE 0x5111
+#define ADDR_BE 0x7f000001 /* 127.0.0.1 */
+#define ADDR_LE 0x0100007f
+#define HOSTNAME "localhost" /* for cert verification if enabled */
+
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+const char *pers = "mini_client";
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/* This is tests/data_files/test-ca2.crt, a CA using EC secp384r1 */
+const unsigned char ca_cert[] = {
+ 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8,
+ 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39,
+ 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32,
+ 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f,
+ 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e,
+ 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95,
+ 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95,
+ 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a,
+ 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2,
+ 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47,
+ 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66,
+ 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20,
+ 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24,
+ 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01,
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb,
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61,
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20,
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09,
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
+ 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56,
+ 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8,
+ 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a,
+ 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67,
+ 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67,
+ 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6,
+ 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f,
+ 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c,
+ 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20,
+};
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+enum exit_codes
+{
+ exit_ok = 0,
+ ctr_drbg_init_failed,
+ ssl_init_failed,
+ socket_failed,
+ connect_failed,
+ x509_crt_parse_failed,
+ ssl_handshake_failed,
+ ssl_write_failed,
+};
+
+int main( void )
+{
+ int ret = exit_ok;
+ int server_fd = -1;
+ struct sockaddr_in addr;
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt ca;
+#endif
+
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
+ ssl_context ssl;
+
+ /*
+ * 0. Initialize and setup stuff
+ */
+ memset( &ssl, 0, sizeof( ssl_context ) );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt_init( &ca );
+#endif
+
+ entropy_init( &entropy );
+ if( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ {
+ ret = ssl_init_failed;
+ goto exit;
+ }
+
+ if( ssl_init( &ssl ) != 0 )
+ {
+ ret = ssl_init_failed;
+ goto exit;
+ }
+
+ ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ ssl_set_psk( &ssl, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
+ {
+ ret = x509_crt_parse_failed;
+ goto exit;
+ }
+
+ ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
+ ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );
+#endif
+
+ /*
+ * 1. Start the connection
+ */
+ memset( &addr, 0, sizeof( addr ) );
+ addr.sin_family = AF_INET;
+
+ ret = 1; /* for endianness detection */
+ addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE;
+ addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
+ ret = 0;
+
+ if( ( server_fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+ {
+ ret = socket_failed;
+ goto exit;
+ }
+
+ if( connect( server_fd,
+ (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
+ {
+ ret = connect_failed;
+ goto exit;
+ }
+
+ ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd );
+
+ if( ssl_handshake( &ssl ) != 0 )
+ {
+ ret = ssl_handshake_failed;
+ goto exit;
+ }
+
+ /*
+ * 2. Write the GET request and close the connection
+ */
+ if( ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
+ sizeof( GET_REQUEST ) - 1 ) <= 0 )
+ {
+ ret = ssl_write_failed;
+ goto exit;
+ }
+
+ ssl_close_notify( &ssl );
+
+exit:
+ if( server_fd != -1 )
+ net_close( server_fd );
+
+ ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
+ entropy_free( &entropy );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt_free( &ca );
+#endif
+
+ return( ret );
+}
+#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 1b369a6..057b842 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -1,12 +1,9 @@
/*
* SSL client demonstration program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,18 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C)
#include "polarssl/net.h"
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
@@ -40,23 +46,9 @@
#include "polarssl/error.h"
#include "polarssl/certs.h"
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
-#else
+#include <stdio.h>
+#include <string.h>
+#endif
#define SERVER_PORT 4433
#define SERVER_NAME "localhost"
@@ -64,15 +56,29 @@
#define DEBUG_LEVEL 1
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len, server_fd = -1;
unsigned char buf[1024];
@@ -83,9 +89,6 @@
ssl_context ssl;
x509_crt cacert;
- ((void) argc);
- ((void) argv);
-
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#endif
@@ -96,7 +99,7 @@
memset( &ssl, 0, sizeof( ssl_context ) );
x509_crt_init( &cacert );
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -104,16 +107,16 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 0. Initialize certificates
*/
- printf( " . Loading the CA root certificate ..." );
+ polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_CERTS_C)
@@ -121,46 +124,46 @@
strlen( test_ca_list ) );
#else
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
#endif
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok (%d skipped)\n", ret );
+ polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1. Start the connection
*/
- printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
+ polarssl_printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
- printf( " failed\n ! net_connect returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Setup stuff
*/
- printf( " . Setting up the SSL/TLS structure..." );
+ polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
@@ -168,6 +171,11 @@
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+ /* RC4 is deprecated, disable it */
+ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
@@ -176,51 +184,43 @@
/*
* 4. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 5. Verify the server certificate
*/
- printf( " . Verifying peer X.509 certificate..." );
+ polarssl_printf( " . Verifying peer X.509 certificate..." );
- /* In real life, we may want to bail out when ret != 0 */
+ /* In real life, we probably want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
- printf( " failed\n" );
+ char vrfy_buf[512];
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
+ polarssl_printf( " failed\n" );
- if( ( ret & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
- if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- printf( "\n" );
+ polarssl_printf( "%s\n", vrfy_buf );
}
else
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3. Write the GET request
*/
- printf( " > Write to server:" );
+ polarssl_printf( " > Write to server:" );
fflush( stdout );
len = sprintf( (char *) buf, GET_REQUEST );
@@ -229,18 +229,18 @@
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
- printf( " %d bytes written\n\n%s", len, (char *) buf );
+ polarssl_printf( " %d bytes written\n\n%s", len, (char *) buf );
/*
* 7. Read the HTTP response
*/
- printf( " < Read from server:" );
+ polarssl_printf( " < Read from server:" );
fflush( stdout );
do
@@ -257,18 +257,18 @@
if( ret < 0 )
{
- printf( "failed\n ! ssl_read returned %d\n\n", ret );
+ polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
break;
}
if( ret == 0 )
{
- printf( "\n\nEOF\n\n" );
+ polarssl_printf( "\n\nEOF\n\n" );
break;
}
len = ret;
- printf( " %d bytes read\n\n%s", len, (char *) buf );
+ polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 1 );
@@ -281,7 +281,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: %d - %s\n\n", ret, error_buf );
+ polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -296,7 +296,7 @@
memset( &ssl, 0, sizeof( ssl ) );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5b7a488..cdadf59 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1,12 +1,9 @@
/*
* SSL client with certificate authentication
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,26 +26,19 @@
#include POLARSSL_CONFIG_FILE
#endif
-#if !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
-#include <stdio.h>
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
#else
-
-#include <string.h>
-#include <stdlib.h>
#include <stdio.h>
+#define polarssl_printf printf
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/entropy.h"
@@ -58,6 +48,11 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_TIMING_C)
#include "polarssl/timing.h"
#endif
@@ -83,22 +78,179 @@
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_FORCE_CIPHER 0
#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
-#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
+#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
#define DFL_EXCHANGES 1
-#define DFL_MIN_VERSION -1
+#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
#define DFL_MAX_VERSION -1
+#define DFL_ARC4 SSL_ARC4_DISABLED
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
-#define DFL_TRUNC_HMAC 0
+#define DFL_TRUNC_HMAC -1
+#define DFL_RECSPLIT -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL
+#define DFL_FALLBACK -1
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+#if defined(POLARSSL_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (POLARSSL_FS_IO not defined)\n"
+#endif /* POLARSSL_FS_IO */
+#else
+#define USAGE_IO ""
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#define USAGE_PSK \
+ " psk=%%s default: \"\" (in hex, without 0x)\n" \
+ " psk_identity=%%s default: \"Client_identity\"\n"
+#else
+#define USAGE_PSK ""
+#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+#define USAGE_TICKETS \
+ " tickets=%%d default: 1 (enabled)\n"
+#else
+#define USAGE_TICKETS ""
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+#define USAGE_TRUNC_HMAC \
+ " trunc_hmac=%%d default: library default\n"
+#else
+#define USAGE_TRUNC_HMAC ""
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+#define USAGE_MAX_FRAG_LEN \
+ " max_frag_len=%%d default: 16384 (tls default)\n" \
+ " options: 512, 1024, 2048, 4096\n"
+#else
+#define USAGE_MAX_FRAG_LEN ""
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+#define USAGE_RECSPLIT \
+ " recplit=%%d default: (library default)\n"
+#else
+#define USAGE_RECSPLIT
+#endif
+
+#if defined(POLARSSL_TIMING_C)
+#define USAGE_TIME \
+ " reco_delay=%%d default: 0 seconds\n"
+#else
+#define USAGE_TIME ""
+#endif /* POLARSSL_TIMING_C */
+
+#if defined(POLARSSL_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* POLARSSL_SSL_ALPN */
+
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+#define USAGE_FALLBACK \
+ " fallback=0/1 default: (library default: off)\n"
+#else
+#define USAGE_FALLBACK ""
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
+#define USAGE \
+ "\n usage: ssl_client2 param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_addr=%%s default: given by name\n" \
+ " server_port=%%d default: 4433\n" \
+ " request_page=%%s default: \".\"\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
+ " (minimum: 0, max: 16384)\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ "\n" \
+ " auth_mode=%%s default: \"required\"\n" \
+ " options: none, optional, required\n" \
+ USAGE_IO \
+ "\n" \
+ USAGE_PSK \
+ "\n" \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
+ " exchanges=%%d default: 1\n" \
+ " reconnect=%%d default: 0 (disabled)\n" \
+ USAGE_TIME \
+ USAGE_TICKETS \
+ USAGE_MAX_FRAG_LEN \
+ USAGE_TRUNC_HMAC \
+ USAGE_ALPN \
+ USAGE_FALLBACK \
+ USAGE_EMS \
+ USAGE_ETM \
+ USAGE_RECSPLIT \
+ "\n" \
+ " min_version=%%s default: \"\" (ssl3)\n" \
+ " max_version=%%s default: \"\" (tls1_2)\n" \
+ " arc4=%%d default: 0 (disabled)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: ssl3, tls1, tls1_1, tls1_2\n" \
+ "\n" \
+ " force_ciphersuite=<name> default: all enabled\n"\
+ " acceptable ciphersuite names:\n"
+
+#if !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
/*
* global options
*/
@@ -125,20 +277,25 @@
int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
+ int recsplit; /* enable record splitting? */
int reconnect; /* attempt to resume session */
int reco_delay; /* delay in seconds before resuming session */
int tickets; /* enable / disable session tickets */
const char *alpn_string; /* ALPN supported protocols */
+ int fallback; /* is this a fallback connection? */
+ int extended_ms; /* negotiate extended master secret? */
+ int etm; /* negotiate encrypt then mac? */
} opt;
static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@@ -189,141 +346,22 @@
char buf[1024];
((void) data);
- printf( "\nVerify requested for (Depth %d):\n", depth );
+ polarssl_printf( "\nVerify requested for (Depth %d):\n", depth );
x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- printf( "%s", buf );
-
- if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
-
- if( ( (*flags) & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
-
- if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch\n" );
-
- if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
- printf( " ! CRL not trusted\n" );
-
- if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
- printf( " ! CRL expired\n" );
-
- if( ( (*flags) & BADCERT_OTHER ) != 0 )
- printf( " ! other (unknown) flag\n" );
+ polarssl_printf( "%s", buf );
if ( ( *flags ) == 0 )
- printf( " This certificate has no flags\n" );
+ polarssl_printf( " This certificate has no flags\n" );
+ else
+ {
+ x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
+ polarssl_printf( "%s\n", buf );
+ }
return( 0 );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
-#if defined(POLARSSL_X509_CRT_PARSE_C)
-#if defined(POLARSSL_FS_IO)
-#define USAGE_IO \
- " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
- " default: \"\" (pre-loaded)\n" \
- " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
- " default: \"\" (pre-loaded) (overrides ca_file)\n" \
- " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
- " default: \"\" (pre-loaded)\n" \
- " key_file=%%s default: \"\" (pre-loaded)\n"
-#else
-#define USAGE_IO \
- " No file operations available (POLARSSL_FS_IO not defined)\n"
-#endif /* POLARSSL_FS_IO */
-#else
-#define USAGE_IO ""
-#endif /* POLARSSL_X509_CRT_PARSE_C */
-
-#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
-#define USAGE_PSK \
- " psk=%%s default: \"\" (in hex, without 0x)\n" \
- " psk_identity=%%s default: \"Client_identity\"\n"
-#else
-#define USAGE_PSK ""
-#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(POLARSSL_SSL_SESSION_TICKETS)
-#define USAGE_TICKETS \
- " tickets=%%d default: 1 (enabled)\n"
-#else
-#define USAGE_TICKETS ""
-#endif /* POLARSSL_SSL_SESSION_TICKETS */
-
-#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
-#define USAGE_TRUNC_HMAC \
- " trunc_hmac=%%d default: 0 (disabled)\n"
-#else
-#define USAGE_TRUNC_HMAC ""
-#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
-
-#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
-#define USAGE_MAX_FRAG_LEN \
- " max_frag_len=%%d default: 16384 (tls default)\n" \
- " options: 512, 1024, 2048, 4096\n"
-#else
-#define USAGE_MAX_FRAG_LEN ""
-#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(POLARSSL_TIMING_C)
-#define USAGE_TIME \
- " reco_delay=%%d default: 0 seconds\n"
-#else
-#define USAGE_TIME ""
-#endif /* POLARSSL_TIMING_C */
-
-#if defined(POLARSSL_SSL_ALPN)
-#define USAGE_ALPN \
- " alpn=%%s default: \"\" (disabled)\n" \
- " example: spdy/1,http/1.1\n"
-#else
-#define USAGE_ALPN ""
-#endif /* POLARSSL_SSL_ALPN */
-
-#define USAGE \
- "\n usage: ssl_client2 param=<>...\n" \
- "\n acceptable parameters:\n" \
- " server_name=%%s default: localhost\n" \
- " server_addr=%%s default: given by name\n" \
- " server_port=%%d default: 4433\n" \
- " request_page=%%s default: \".\"\n" \
- " request_size=%%d default: about 34 (basic request)\n" \
- " (minimum: 0, max: 16384)\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " nbio=%%d default: 0 (blocking I/O)\n" \
- " options: 1 (non-blocking), 2 (added delays)\n" \
- "\n" \
- " auth_mode=%%s default: \"optional\"\n" \
- " options: none, optional, required\n" \
- USAGE_IO \
- "\n" \
- USAGE_PSK \
- "\n" \
- " renegotiation=%%d default: 1 (enabled)\n" \
- " allow_legacy=%%d default: 0 (disabled)\n" \
- " renegotiate=%%d default: 0 (disabled)\n" \
- " exchanges=%%d default: 1\n" \
- " reconnect=%%d default: 0 (disabled)\n" \
- USAGE_TIME \
- USAGE_TICKETS \
- USAGE_MAX_FRAG_LEN \
- USAGE_TRUNC_HMAC \
- USAGE_ALPN \
- "\n" \
- " min_version=%%s default: \"\" (ssl3)\n" \
- " max_version=%%s default: \"\" (tls1_2)\n" \
- " force_version=%%s default: \"\" (none)\n" \
- " options: ssl3, tls1, tls1_1, tls1_2\n" \
- " auth_mode=%%s default: \"required\"\n" \
- " options: none, optional, required\n" \
- "\n" \
- " force_ciphersuite=<name> default: all enabled\n"\
- " acceptable ciphersuite names:\n"
-
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, server_fd, i, written, frags;
@@ -370,19 +408,19 @@
if( ret == 0 )
ret = 1;
- printf( USAGE );
+ polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
- printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
- printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
- printf("\n");
+ polarssl_printf("\n");
goto exit;
}
@@ -406,13 +444,18 @@
opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
+ opt.arc4 = DFL_ARC4;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
+ opt.recsplit = DFL_RECSPLIT;
opt.reconnect = DFL_RECONNECT;
opt.reco_delay = DFL_RECO_DELAY;
opt.tickets = DFL_TICKETS;
opt.alpn_string = DFL_ALPN_STRING;
+ opt.fallback = DFL_FALLBACK;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
for( i = 1; i < argc; i++ )
{
@@ -481,9 +524,13 @@
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
- opt.allow_legacy = atoi( q );
- if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
- goto usage;
+ switch( atoi( q ) )
+ {
+ case -1: opt.allow_legacy = SSL_LEGACY_BREAK_HANDSHAKE; break;
+ case 0: opt.allow_legacy = SSL_LEGACY_NO_RENEGOTIATION; break;
+ case 1: opt.allow_legacy = SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ default: goto usage;
+ }
}
else if( strcmp( p, "renegotiate" ) == 0 )
{
@@ -519,6 +566,33 @@
{
opt.alpn_string = q;
}
+ else if( strcmp( p, "fallback" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.fallback = SSL_IS_NOT_FALLBACK; break;
+ case 1: opt.fallback = SSL_IS_FALLBACK; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "extended_ms" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.extended_ms = SSL_EXTENDED_MS_DISABLED; break;
+ case 1: opt.extended_ms = SSL_EXTENDED_MS_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "etm" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.etm = SSL_ETM_DISABLED; break;
+ case 1: opt.etm = SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -545,6 +619,15 @@
else
goto usage;
}
+ else if( strcmp( p, "arc4" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
+ case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -596,8 +679,17 @@
}
else if( strcmp( p, "trunc_hmac" ) == 0 )
{
- opt.trunc_hmac = atoi( q );
- if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "recsplit" ) == 0 )
+ {
+ opt.recsplit = atoi( q );
+ if( opt.recsplit < 0 || opt.recsplit > 1 )
goto usage;
}
else
@@ -616,14 +708,14 @@
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
- printf("forced ciphersuite not allowed with this protocol version\n");
+ polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
- printf("forced ciphersuite not allowed with this protocol version\n");
+ polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
@@ -644,7 +736,7 @@
if( strlen( opt.psk ) % 2 != 0 )
{
- printf("pre-shared key not valid hex\n");
+ polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
@@ -661,7 +753,7 @@
c -= 'A' - 10;
else
{
- printf("pre-shared key not valid hex\n");
+ polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] = c << 4;
@@ -675,7 +767,7 @@
c -= 'A' - 10;
else
{
- printf("pre-shared key not valid hex\n");
+ polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] |= c;
@@ -706,7 +798,7 @@
/*
* 0. Initialize the RNG and the session data
*/
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -714,17 +806,17 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 1.1. Load the trusted CA
*/
- printf( " . Loading the CA root certificate ..." );
+ polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -746,23 +838,23 @@
#else
{
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok (%d skipped)\n", ret );
+ polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
- printf( " . Loading the client cert. and key..." );
+ polarssl_printf( " . Loading the client cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -779,12 +871,12 @@
#else
{
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
@@ -802,16 +894,16 @@
#else
{
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/*
@@ -820,14 +912,14 @@
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
- printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
+ polarssl_printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
- printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
goto exit;
}
@@ -837,25 +929,25 @@
ret = net_set_block( server_fd );
if( ret != 0 )
{
- printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
- printf( " . Setting up the SSL/TLS structure..." );
+ polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
@@ -868,25 +960,38 @@
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
{
- printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
goto exit;
}
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != 0 )
- if( ( ret = ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ) ) != 0 )
- {
- printf( " failed\n ! ssl_set_truncated_hmac returned %d\n\n", ret );
- goto exit;
- }
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ if( opt.extended_ms != DFL_EXTENDED_MS )
+ ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ if( opt.etm != DFL_ETM )
+ ssl_set_encrypt_then_mac( &ssl, opt.etm );
+#endif
+
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ if( opt.recsplit != DFL_RECSPLIT )
+ ssl_set_cbc_record_splitting( &ssl, opt.recsplit
+ ? SSL_CBC_RECORD_SPLITTING_ENABLED
+ : SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
{
- printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
}
#endif
@@ -902,16 +1007,22 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
{
- printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
goto exit;
}
#endif
+ /* RC4 setting is redundant if we use only one ciphersuite */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ else
+ ssl_set_arc4_support( &ssl, opt.arc4 );
+ if( opt.allow_legacy != DFL_ALLOW_LEGACY )
+ ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl_set_renegotiation( &ssl, opt.renegotiation );
- ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( strcmp( opt.ca_path, "none" ) != 0 &&
@@ -924,7 +1035,7 @@
{
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
}
@@ -935,7 +1046,7 @@
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{
- printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
goto exit;
}
#endif
@@ -943,7 +1054,7 @@
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
- printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
@@ -952,121 +1063,119 @@
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
if( opt.max_version != -1 )
ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+#if defined(POLARSSL_SSL_FALLBACK_SCSV)
+ if( opt.fallback != DFL_FALLBACK )
+ ssl_set_fallback( &ssl, opt.fallback );
+#endif
/*
* 4. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
- printf(
+ polarssl_printf(
" Unable to verify the server's certificate. "
"Either it is invalid,\n"
" or you didn't set ca_file or ca_path "
"to an appropriate value.\n"
" Alternatively, you may want to use "
"auth_mode=optional for testing purposes.\n" );
- printf( "\n" );
+ polarssl_printf( "\n" );
goto exit;
}
}
- printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ polarssl_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
{
const char *alp = ssl_get_alpn_protocol( &ssl );
- printf( " [ Application Layer Protocol is %s ]\n",
+ polarssl_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
#endif
if( opt.reconnect != 0 )
{
- printf(" . Saving session for reuse..." );
+ polarssl_printf(" . Saving session for reuse..." );
fflush( stdout );
if( ( ret = ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
- printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 5. Verify the server certificate
*/
- printf( " . Verifying peer X.509 certificate..." );
+ polarssl_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
- printf( " failed\n" );
+ char vrfy_buf[512];
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
+ polarssl_printf( " failed\n" );
- if( ( ret & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
- if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- printf( "\n" );
+ polarssl_printf( "%s\n", vrfy_buf );
}
else
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
if( ssl_get_peer_cert( &ssl ) != NULL )
{
- printf( " . Peer certificate information ...\n" );
+ polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( &ssl ) );
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( opt.renegotiate )
{
/*
* Perform renegotiation (this must be done when the server is waiting
* for input from our side).
*/
- printf( " . Performing renegotiation..." );
+ polarssl_printf( " . Performing renegotiation..." );
fflush( stdout );
while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/*
* 6. Write the GET request
*/
send_request:
- printf( " > Write to server:" );
+ polarssl_printf( " > Write to server:" );
fflush( stdout );
- len = snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
+ len = polarssl_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
opt.request_page );
tail_len = strlen( GET_REQUEST_END );
@@ -1098,19 +1207,19 @@
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
goto exit;
}
}
}
buf[written] = '\0';
- printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ polarssl_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
/*
* 7. Read the HTTP response
*/
- printf( " < Read from server:" );
+ polarssl_printf( " < Read from server:" );
fflush( stdout );
do
@@ -1128,25 +1237,25 @@
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " connection was closed gracefully\n" );
+ polarssl_printf( " connection was closed gracefully\n" );
ret = 0;
goto close_notify;
case 0:
case POLARSSL_ERR_NET_CONN_RESET:
- printf( " connection was reset by peer\n" );
+ polarssl_printf( " connection was reset by peer\n" );
ret = 0;
goto reconnect;
default:
- printf( " ssl_read returned -0x%x\n", -ret );
+ polarssl_printf( " ssl_read returned -0x%x\n", -ret );
goto exit;
}
}
len = ret;
buf[len] = '\0';
- printf( " %d bytes read\n\n%s", len, (char *) buf );
+ polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
@@ -1168,26 +1277,14 @@
* 8. Done, cleanly close the connection
*/
close_notify:
- printf( " . Closing the connection..." );
+ polarssl_printf( " . Closing the connection..." );
- while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
- {
- if( ret == POLARSSL_ERR_NET_CONN_RESET )
- {
- printf( " ok (already closed by peer)\n" );
- ret = 0;
- goto reconnect;
- }
+ /* No error checking, the connection might be closed already */
+ do ret = ssl_close_notify( &ssl );
+ while( ret == POLARSSL_ERR_NET_WANT_WRITE );
+ ret = 0;
- if( ret != POLARSSL_ERR_NET_WANT_READ &&
- ret != POLARSSL_ERR_NET_WANT_WRITE )
- {
- printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
- goto reconnect;
- }
- }
-
- printf( " ok\n" );
+ polarssl_printf( " done\n" );
/*
* 9. Reconnect?
@@ -1204,25 +1301,25 @@
m_sleep( 1000 * opt.reco_delay );
#endif
- printf( " . Reconnecting with saved session..." );
+ polarssl_printf( " . Reconnecting with saved session..." );
fflush( stdout );
if( ( ret = ssl_session_reset( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
- printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
goto exit;
}
- if( ( ret = net_connect( &server_fd, opt.server_name,
- opt.server_port ) ) != 0 )
+ if( ( ret = net_connect( &server_fd, opt.server_addr,
+ opt.server_port ) ) != 0 )
{
- printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1231,12 +1328,12 @@
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
goto send_request;
}
@@ -1250,7 +1347,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
+ polarssl_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
}
#endif
@@ -1268,7 +1365,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 706cdd4..654dbc9 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -1,12 +1,9 @@
/*
* SSL server demonstration program using fork() for handling multiple clients
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,19 +26,24 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-
-#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
-#include <unistd.h>
-#endif
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_TIMING_C) && \
+ defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -50,22 +52,32 @@
#include "polarssl/net.h"
#include "polarssl/timing.h"
+#include <string.h>
+#include <stdio.h>
+#include <signal.h>
+#endif
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>PolarSSL Test Server</h2>\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C)
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C) || \
+ !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
@@ -73,12 +85,9 @@
return( 0 );
}
#elif defined(_WIN32)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("_WIN32 defined. This application requires fork() and signals "
+ polarssl_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
return( 0 );
}
@@ -90,12 +99,12 @@
{
if( level < DEBUG_LEVEL )
{
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len, cnt = 0, pid;
int listen_fd;
@@ -109,9 +118,6 @@
x509_crt srvcert;
pk_context pkey;
- ((void) argc);
- ((void) argv);
-
memset( &ssl, 0, sizeof(ssl_context) );
entropy_init( &entropy );
@@ -123,23 +129,23 @@
/*
* 0. Initial seeding of the RNG
*/
- printf( "\n . Initial seeding of the random generator..." );
+ polarssl_printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1. Load the certificates and private RSA key
*/
- printf( " . Loading the server cert. and key..." );
+ polarssl_printf( " . Loading the server cert. and key..." );
fflush( stdout );
/*
@@ -151,7 +157,7 @@
strlen( test_srv_crt ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -159,7 +165,7 @@
strlen( test_ca_list ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -167,25 +173,25 @@
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
- printf( " . Bind on https://localhost:4433/ ..." );
+ polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
- printf( " failed\n ! net_bind returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
while( 1 )
{
@@ -195,16 +201,16 @@
client_fd = -1;
memset( &ssl, 0, sizeof( ssl ) );
- printf( " . Waiting for a remote connection ..." );
+ polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
- printf( " failed\n ! net_accept returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3.5. Forking server thread
@@ -212,16 +218,16 @@
pid = fork();
- printf( " . Forking to handle connection ..." );
+ polarssl_printf( " . Forking to handle connection ..." );
fflush( stdout );
if( pid < 0 )
{
- printf(" failed\n ! fork returned %d\n\n", pid );
+ polarssl_printf(" failed\n ! fork returned %d\n\n", pid );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
if( pid != 0 )
{
@@ -229,7 +235,7 @@
(const unsigned char *) "parent",
6 ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
@@ -242,28 +248,34 @@
/*
* 4. Setup stuff
*/
- printf( " . Setting up the SSL data...." );
+ polarssl_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "child",
5 ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_1 );
+ /* RC4 is deprecated, disable it */
+ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
@@ -272,31 +284,31 @@
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
/*
* 5. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
- printf( " < Read from client:" );
+ polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -313,15 +325,15 @@
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " connection was closed gracefully\n" );
+ polarssl_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
- printf( " connection was reset by peer\n" );
+ polarssl_printf( " connection was reset by peer\n" );
break;
default:
- printf( " ssl_read returned %d\n", ret );
+ polarssl_printf( " ssl_read returned %d\n", ret );
break;
}
@@ -329,14 +341,17 @@
}
len = ret;
- printf( " %d bytes read\n\n%s", len, (char *) buf );
+ polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
+
+ if( ret > 0 )
+ break;
}
- while( 0 );
+ while( 1 );
/*
* 7. Write the 200 Response
*/
- printf( " > Write to client:" );
+ polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -348,18 +363,18 @@
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
- printf( " failed\n ! peer closed the connection\n\n" );
+ polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
- printf( " %d bytes written\n\n%s\n", len, (char *) buf );
+ polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
m_sleep( 1000 );
}
@@ -380,7 +395,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 4cf59d0..27c57a1 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -1,12 +1,9 @@
/*
* SSL client for SMTP servers
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,32 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C) && \
+ defined(POLARSSL_FS_IO)
+#include "polarssl/base64.h"
+#include "polarssl/error.h"
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/certs.h"
+#include "polarssl/x509.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
#include <unistd.h>
@@ -42,7 +62,6 @@
#endif
#if defined(_WIN32) || defined(_WIN32_WCE)
-
#include <winsock2.h>
#include <windows.h>
@@ -55,33 +74,6 @@
#endif /* _MSC_VER */
#endif
-#include "polarssl/base64.h"
-#include "polarssl/error.h"
-#include "polarssl/net.h"
-#include "polarssl/ssl.h"
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/certs.h"
-#include "polarssl/x509.h"
-
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
-#else
-
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_PORT 465
#define DFL_USER_NAME "user"
@@ -99,6 +91,55 @@
#define MODE_SSL_TLS 0
#define MODE_STARTTLS 0
+#if defined(POLARSSL_BASE64_C)
+#define USAGE_AUTH \
+ " authentication=%%d default: 0 (disabled)\n" \
+ " user_name=%%s default: \"user\"\n" \
+ " user_pwd=%%s default: \"password\"\n"
+#else
+#define USAGE_AUTH \
+ " authentication options disabled. (Require POLARSSL_BASE64_C)\n"
+#endif /* POLARSSL_BASE64_C */
+
+#if defined(POLARSSL_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s default: \"\" (pre-loaded)\n" \
+ " crt_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (POLARSSL_FS_IO not defined)\n"
+#endif /* POLARSSL_FS_IO */
+
+#define USAGE \
+ "\n usage: ssl_mail_client param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
+ USAGE_AUTH \
+ " mail_from=%%s default: \"\"\n" \
+ " mail_to=%%s default: \"\"\n" \
+ USAGE_IO \
+ " force_ciphersuite=<name> default: all enabled\n"\
+ " acceptable ciphersuite names:\n"
+
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
/*
* global options
*/
@@ -123,12 +164,12 @@
{
if( level < opt.debug_level )
{
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
-static int do_handshake( ssl_context *ssl, struct options *opt )
+static int do_handshake( ssl_context *ssl )
{
int ret;
unsigned char buf[1024];
@@ -137,7 +178,7 @@
/*
* 4. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( ssl ) ) != 0 )
@@ -147,45 +188,37 @@
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, 1024 );
#endif
- printf( " failed\n ! ssl_handshake returned %d: %s\n\n", ret, buf );
+ polarssl_printf( " failed\n ! ssl_handshake returned %d: %s\n\n", ret, buf );
return( -1 );
}
}
- printf( " ok\n [ Ciphersuite is %s ]\n",
+ polarssl_printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( ssl ) );
/*
* 5. Verify the server certificate
*/
- printf( " . Verifying peer X.509 certificate..." );
+ polarssl_printf( " . Verifying peer X.509 certificate..." );
- /* In real life, we may want to bail out when ret != 0 */
+ /* In real life, we probably want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( ssl ) ) != 0 )
{
- printf( " failed\n" );
+ char vrfy_buf[512];
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
+ polarssl_printf( " failed\n" );
- if( ( ret & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
- if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch (expected CN=%s)\n", opt->server_name );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- printf( "\n" );
+ polarssl_printf( "%s\n", vrfy_buf );
}
else
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
- printf( " . Peer certificate information ...\n" );
+ polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( ssl ) );
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
return( 0 );
}
@@ -194,12 +227,12 @@
{
int ret;
- printf("\n%s", buf);
+ polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
}
@@ -214,12 +247,12 @@
char code[4];
size_t i, idx = 0;
- printf("\n%s", buf);
+ polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
}
@@ -238,11 +271,11 @@
if( ret <= 0 )
{
- printf( "failed\n ! ssl_read returned %d\n\n", ret );
+ polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
return -1;
}
- printf("\n%s", data);
+ polarssl_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@@ -272,10 +305,10 @@
char code[4];
size_t i, idx = 0;
- printf("\n%s", buf);
+ polarssl_printf("\n%s", buf);
if( len && ( ret = write( sock_fd, buf, len ) ) <= 0 )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
@@ -287,12 +320,12 @@
if( ret <= 0 )
{
- printf( "failed\n ! read returned %d\n\n", ret );
+ polarssl_printf( "failed\n ! read returned %d\n\n", ret );
return -1;
}
data[len] = '\0';
- printf("\n%s", data);
+ polarssl_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@@ -308,47 +341,13 @@
code[3] = '\0';
return atoi( code );
}
-
+
idx = 0;
}
}
while( 1 );
}
-#if defined(POLARSSL_BASE64_C)
-#define USAGE_AUTH \
- " authentication=%%d default: 0 (disabled)\n" \
- " user_name=%%s default: \"user\"\n" \
- " user_pwd=%%s default: \"password\"\n"
-#else
-#define USAGE_AUTH \
- " authentication options disabled. (Require POLARSSL_BASE64_C)\n"
-#endif /* POLARSSL_BASE64_C */
-
-#if defined(POLARSSL_FS_IO)
-#define USAGE_IO \
- " ca_file=%%s default: \"\" (pre-loaded)\n" \
- " crt_file=%%s default: \"\" (pre-loaded)\n" \
- " key_file=%%s default: \"\" (pre-loaded)\n"
-#else
-#define USAGE_IO \
- " No file operations available (POLARSSL_FS_IO not defined)\n"
-#endif /* POLARSSL_FS_IO */
-
-#define USAGE \
- "\n usage: ssl_mail_client param=<>...\n" \
- "\n acceptable parameters:\n" \
- " server_name=%%s default: localhost\n" \
- " server_port=%%d default: 4433\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
- USAGE_AUTH \
- " mail_from=%%s default: \"\"\n" \
- " mail_to=%%s default: \"\"\n" \
- USAGE_IO \
- " force_ciphersuite=<name> default: all enabled\n"\
- " acceptable ciphersuite names:\n"
-
int main( int argc, char *argv[] )
{
int ret = 0, len, server_fd;
@@ -383,15 +382,15 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
- printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
- printf("\n");
+ polarssl_printf("\n");
goto exit;
}
@@ -474,7 +473,7 @@
/*
* 0. Initialize the RNG and the session data
*/
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -482,16 +481,16 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.1. Load the trusted CA
*/
- printf( " . Loading the CA root certificate ..." );
+ polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -505,23 +504,23 @@
#else
{
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
- printf( " ok (%d skipped)\n", ret );
+ polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
- printf( " . Loading the client cert. and key..." );
+ polarssl_printf( " . Loading the client cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -535,12 +534,12 @@
#else
{
ret = -1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -555,52 +554,57 @@
#else
{
ret = -1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Start the connection
*/
- printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
+ polarssl_printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port ) ) != 0 )
{
- printf( " failed\n ! net_connect returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
- printf( " . Setting up the SSL/TLS structure..." );
+ polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+ /* RC4 is deprecated, disable it */
+ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
@@ -612,36 +616,36 @@
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
- printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
if( opt.mode == MODE_SSL_TLS )
{
- if( do_handshake( &ssl, &opt ) != 0 )
+ if( do_handshake( &ssl ) != 0 )
goto exit;
- printf( " > Get header from server:" );
+ polarssl_printf( " > Get header from server:" );
fflush( stdout );
ret = write_ssl_and_get_response( &ssl, buf, 0 );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write EHLO to server:" );
+ polarssl_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -649,25 +653,25 @@
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
}
else
{
- printf( " > Get header from server:" );
+ polarssl_printf( " > Get header from server:" );
fflush( stdout );
ret = write_and_get_response( server_fd, buf, 0 );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write EHLO to server:" );
+ polarssl_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -675,13 +679,13 @@
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write STARTTLS to server:" );
+ polarssl_printf( " > Write STARTTLS to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -689,120 +693,121 @@
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- if( do_handshake( &ssl, &opt ) != 0 )
+ if( do_handshake( &ssl ) != 0 )
goto exit;
}
#if defined(POLARSSL_BASE64_C)
if( opt.authentication )
{
- printf( " > Write AUTH LOGIN to server:" );
+ polarssl_printf( " > Write AUTH LOGIN to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write username to server: %s", opt.user_name );
+ polarssl_printf( " > Write username to server: %s", opt.user_name );
fflush( stdout );
- n = sizeof( buf );
+ n = sizeof( base );
ret = base64_encode( base, &n, (const unsigned char *) opt.user_name,
strlen( opt.user_name ) );
if( ret != 0 ) {
- printf( " failed\n ! base64_encode returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write password to server: %s", opt.user_pwd );
+ polarssl_printf( " > Write password to server: %s", opt.user_pwd );
fflush( stdout );
+ n = sizeof( base );
ret = base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
strlen( opt.user_pwd ) );
if( ret != 0 ) {
- printf( " failed\n ! base64_encode returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
}
#endif
- printf( " > Write MAIL FROM to server:" );
+ polarssl_printf( " > Write MAIL FROM to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write RCPT TO to server:" );
+ polarssl_printf( " > Write RCPT TO to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write DATA to server:" );
+ polarssl_printf( " > Write DATA to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "DATA\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
- printf( " > Write content to server:" );
+ polarssl_printf( " > Write content to server:" );
fflush( stdout );
- len = sprintf( (char *) buf, "From: %s\r\nSubject: PolarSSL Test mail\r\n\r\n"
+ len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "PolarSSL mail client example.\r\n"
+ "mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from );
ret = write_ssl_data( &ssl, buf, len );
@@ -811,11 +816,11 @@
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
- printf( " failed\n ! server responded with %d\n\n", ret );
+ polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
- printf(" ok\n" );
+ polarssl_printf(" ok\n" );
ssl_close_notify( &ssl );
@@ -831,7 +836,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9a4c554..75071b8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -2,12 +2,9 @@
* SSL server demonstration program using pthread for handling multiple
* clients.
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,14 +27,25 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_THREADING_C) && defined(POLARSSL_THREADING_PTHREAD)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -46,26 +54,37 @@
#include "polarssl/net.h"
#include "polarssl/error.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-#include "polarssl/memory.h"
+#include "polarssl/memory_buffer_alloc.h"
#endif
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+#define MAX_NUM_THREADS 5
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_THREADING_C) || !defined(POLARSSL_THREADING_PTHREAD)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
@@ -74,14 +93,6 @@
return( 0 );
}
#else
-
-#define HTTP_RESPONSE \
- "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>PolarSSL Test Server</h2>\r\n" \
- "<p>Successful connection using: %s</p>\r\n"
-
-#define DEBUG_LEVEL 0
-
threading_mutex_t debug_mutex;
static void my_mutexed_debug( void *ctx, int level, const char *str )
@@ -89,7 +100,7 @@
polarssl_mutex_lock( &debug_mutex );
if( level < DEBUG_LEVEL )
{
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
polarssl_mutex_unlock( &debug_mutex );
@@ -113,8 +124,6 @@
pthread_t thread;
} pthread_info_t;
-#define MAX_NUM_THREADS 5
-
static thread_info_t base_info;
static pthread_info_t threads[MAX_NUM_THREADS];
@@ -133,9 +142,9 @@
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &ctr_drbg, 0, sizeof( ctr_drbg_context ) );
- snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
- printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
- printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
+ polarssl_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
+ polarssl_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
+ polarssl_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
/* entropy_func() is thread-safe if POLARSSL_THREADING_C is set
*/
@@ -143,21 +152,21 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
- printf( " [ #%d ] ok\n", thread_id );
+ polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 4. Setup stuff
*/
- printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
+ polarssl_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " [ #%d ] failed: ssl_init returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] failed: ssl_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
@@ -165,6 +174,11 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+ /* RC4 is deprecated, disable it */
+ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
@@ -179,38 +193,38 @@
ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto thread_exit;
}
- printf( " [ #%d ] ok\n", thread_id );
+ polarssl_printf( " [ #%d ] ok\n", thread_id );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
- printf( " [ #%d ] ok\n", thread_id );
+ polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 5. Handshake
*/
- printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
+ polarssl_printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " [ #%d ] failed: ssl_handshake returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] failed: ssl_handshake returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
- printf( " [ #%d ] ok\n", thread_id );
+ polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 6. Read the HTTP Request
*/
- printf( " [ #%d ] < Read from client\n", thread_id );
+ polarssl_printf( " [ #%d ] < Read from client\n", thread_id );
do
{
@@ -226,24 +240,24 @@
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " [ #%d ] connection was closed gracefully\n",
+ polarssl_printf( " [ #%d ] connection was closed gracefully\n",
thread_id );
goto thread_exit;
case POLARSSL_ERR_NET_CONN_RESET:
- printf( " [ #%d ] connection was reset by peer\n",
+ polarssl_printf( " [ #%d ] connection was reset by peer\n",
thread_id );
goto thread_exit;
default:
- printf( " [ #%d ] ssl_read returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] ssl_read returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
len = ret;
- printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
+ polarssl_printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
if( ret > 0 )
@@ -254,7 +268,7 @@
/*
* 7. Write the 200 Response
*/
- printf( " [ #%d ] > Write to client:\n", thread_id );
+ polarssl_printf( " [ #%d ] > Write to client:\n", thread_id );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
@@ -263,37 +277,37 @@
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
- printf( " [ #%d ] failed: peer closed the connection\n",
+ polarssl_printf( " [ #%d ] failed: peer closed the connection\n",
thread_id );
goto thread_exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " [ #%d ] failed: ssl_write returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] failed: ssl_write returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
len = ret;
- printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
+ polarssl_printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
- printf( " [ #%d ] . Closing the connection...", thread_id );
+ polarssl_printf( " [ #%d ] . Closing the connection...", thread_id );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
+ polarssl_printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
ret = 0;
@@ -304,7 +318,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
+ polarssl_printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
thread_id, -ret, error_buf );
}
#endif
@@ -332,7 +346,7 @@
if( threads[i].data.thread_complete == 1 )
{
- printf( " [ main ] Cleaning up thread %d\n", i );
+ polarssl_printf( " [ main ] Cleaning up thread %d\n", i );
pthread_join(threads[i].thread, NULL );
memset( &threads[i], 0, sizeof(pthread_info_t) );
break;
@@ -357,7 +371,7 @@
return( 0 );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret;
int listen_fd;
@@ -373,9 +387,6 @@
ssl_cache_context cache;
#endif
- ((void) argc);
- ((void) argv);
-
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
@@ -398,7 +409,7 @@
/*
* 1. Load the certificates and private RSA key
*/
- printf( "\n . Loading the server cert. and key..." );
+ polarssl_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
x509_crt_init( &srvcert );
@@ -412,7 +423,7 @@
strlen( test_srv_crt ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -420,7 +431,7 @@
strlen( test_ca_list ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -429,7 +440,7 @@
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
@@ -437,21 +448,21 @@
base_info.server_cert = &srvcert;
base_info.server_key = &pkey;
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
- printf( " . Bind on https://localhost:4433/ ..." );
+ polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
- printf( " failed\n ! net_bind returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
@@ -459,7 +470,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
+ polarssl_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
}
#endif
@@ -468,20 +479,20 @@
*/
client_fd = -1;
- printf( " [ main ] Waiting for a remote connection\n" );
+ polarssl_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
- printf( " [ main ] failed: net_accept returned -0x%04x\n", ret );
+ polarssl_printf( " [ main ] failed: net_accept returned -0x%04x\n", ret );
goto exit;
}
- printf( " [ main ] ok\n" );
- printf( " [ main ] Creating a new thread\n" );
+ polarssl_printf( " [ main ] ok\n" );
+ polarssl_printf( " [ main ] Creating a new thread\n" );
if( ( ret = thread_create( client_fd ) ) != 0 )
{
- printf( " [ main ] failed: thread_create returned %d\n", ret );
+ polarssl_printf( " [ main ] failed: thread_create returned %d\n", ret );
net_close( client_fd );
goto reset;
}
@@ -504,7 +515,7 @@
#endif
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 9e09799..185e788 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -1,12 +1,9 @@
/*
* SSL server demonstration program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,14 +26,23 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -46,21 +52,30 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
@@ -68,23 +83,15 @@
return( 0 );
}
#else
-
-#define HTTP_RESPONSE \
- "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>PolarSSL Test Server</h2>\r\n" \
- "<p>Successful connection using: %s</p>\r\n"
-
-#define DEBUG_LEVEL 0
-
static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len;
int listen_fd;
@@ -101,9 +108,6 @@
ssl_cache_context cache;
#endif
- ((void) argc);
- ((void) argv);
-
memset( &ssl, 0, sizeof(ssl_context) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
@@ -119,7 +123,7 @@
/*
* 1. Load the certificates and private RSA key
*/
- printf( "\n . Loading the server cert. and key..." );
+ polarssl_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
/*
@@ -131,7 +135,7 @@
strlen( test_srv_crt ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -139,7 +143,7 @@
strlen( test_ca_list ) );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -147,57 +151,62 @@
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
- printf( " . Bind on https://localhost:4433/ ..." );
+ polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
- printf( " failed\n ! net_bind returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
- printf( " . Seeding the random number generator..." );
+ polarssl_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 4. Setup stuff
*/
- printf( " . Setting up the SSL data...." );
+ polarssl_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+ /* RC4 is deprecated, disable it */
+ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
@@ -209,11 +218,11 @@
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
@@ -221,7 +230,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: %d - %s\n\n", ret, error_buf );
+ polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -235,41 +244,41 @@
*/
client_fd = -1;
- printf( " . Waiting for a remote connection ..." );
+ polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
- printf( " failed\n ! net_accept returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 5. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto reset;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
- printf( " < Read from client:" );
+ polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -286,15 +295,15 @@
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " connection was closed gracefully\n" );
+ polarssl_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
- printf( " connection was reset by peer\n" );
+ polarssl_printf( " connection was reset by peer\n" );
break;
default:
- printf( " ssl_read returned -0x%x\n", -ret );
+ polarssl_printf( " ssl_read returned -0x%x\n", -ret );
break;
}
@@ -302,7 +311,7 @@
}
len = ret;
- printf( " %d bytes read\n\n%s", len, (char *) buf );
+ polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
if( ret > 0 )
break;
@@ -312,7 +321,7 @@
/*
* 7. Write the 200 Response
*/
- printf( " > Write to client:" );
+ polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -322,33 +331,33 @@
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
- printf( " failed\n ! peer closed the connection\n\n" );
+ polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
- printf( " %d bytes written\n\n%s\n", len, (char *) buf );
+ polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
- printf( " . Closing the connection..." );
+ polarssl_printf( " . Closing the connection..." );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
goto reset;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
ret = 0;
goto reset;
@@ -360,7 +369,7 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: %d - %s\n\n", ret, error_buf );
+ polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -377,7 +386,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 721dab4..095fabd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1,12 +1,9 @@
/*
* SSL client with options
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,45 +26,27 @@
#include POLARSSL_CONFIG_FILE
#endif
-#if !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
-#include <stdio.h>
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
-#else
-
-#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
-#define POLARSSL_SNI
-#endif
-
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_malloc malloc
+#include <stdio.h>
#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
+#define POLARSSL_SNI
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#if !defined(_WIN32)
-#include <signal.h>
-#endif
-
+#if defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_SRV_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/entropy.h"
@@ -77,12 +56,21 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#if !defined(_WIN32)
+#include <signal.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-#include "polarssl/memory.h"
+#include "polarssl/memory_buffer_alloc.h"
#endif
#define DFL_SERVER_ADDR NULL
@@ -101,14 +89,17 @@
#define DFL_FORCE_CIPHER 0
#define DFL_VERSION_SUITES NULL
#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
-#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
+#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
#define DFL_RENEGO_DELAY -2
+#define DFL_RENEGO_PERIOD -1
#define DFL_EXCHANGES 1
-#define DFL_MIN_VERSION -1
+#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
#define DFL_MAX_VERSION -1
+#define DFL_ARC4 SSL_ARC4_DISABLED
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_TICKET_TIMEOUT -1
#define DFL_CACHE_MAX -1
@@ -116,6 +107,8 @@
#define DFL_SNI NULL
#define DFL_ALPN_STRING NULL
#define DFL_DHM_FILE NULL
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -129,7 +122,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>PolarSSL Test Server</h2>\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
@@ -140,90 +133,6 @@
*/
#define IO_BUF_LEN 200
-/*
- * global options
- */
-struct options
-{
- const char *server_addr; /* address on which the ssl service runs */
- int server_port; /* port on which the ssl service runs */
- int debug_level; /* level of debugging */
- int nbio; /* should I/O be blocking? */
- const char *ca_file; /* the file with the CA certificate(s) */
- const char *ca_path; /* the path with the CA certificate(s) reside */
- const char *crt_file; /* the file with the server certificate */
- const char *key_file; /* the file with the server key */
- const char *crt_file2; /* the file with the 2nd server certificate */
- const char *key_file2; /* the file with the 2nd server key */
- const char *psk; /* the pre-shared key */
- const char *psk_identity; /* the pre-shared key identity */
- char *psk_list; /* list of PSK id/key pairs for callback */
- int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
- const char *version_suites; /* per-version ciphersuites */
- int renegotiation; /* enable / disable renegotiation */
- int allow_legacy; /* allow legacy renegotiation */
- int renegotiate; /* attempt renegotiation? */
- int renego_delay; /* delay before enforcing renegotiation */
- int exchanges; /* number of data exchanges */
- int min_version; /* minimum protocol version accepted */
- int max_version; /* maximum protocol version accepted */
- int auth_mode; /* verify mode for connection */
- unsigned char mfl_code; /* code for maximum fragment length */
- int tickets; /* enable / disable session tickets */
- int ticket_timeout; /* session ticket lifetime */
- int cache_max; /* max number of session cache entries */
- int cache_timeout; /* expiration delay of session cache entries */
- char *sni; /* string describing sni information */
- const char *alpn_string; /* ALPN supported protocols */
- const char *dhm_file; /* the file with the DH parameters */
-} opt;
-
-static void my_debug( void *ctx, int level, const char *str )
-{
- ((void) level);
-
- fprintf( (FILE *) ctx, "%s", str );
- fflush( (FILE *) ctx );
-}
-
-/*
- * Test recv/send functions that make sure each try returns
- * WANT_READ/WANT_WRITE at least once before sucesseding
- */
-static int my_recv( void *ctx, unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_READ );
- }
-
- ret = net_recv( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_READ )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
-static int my_send( void *ctx, const unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_WRITE );
- }
-
- ret = net_send( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_WRITE )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
@@ -291,6 +200,13 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+#define USAGE_TRUNC_HMAC \
+ " trunc_hmac=%%d default: library default\n"
+#else
+#define USAGE_TRUNC_HMAC ""
+#endif
+
#if defined(POLARSSL_SSL_ALPN)
#define USAGE_ALPN \
" alpn=%%s default: \"\" (disabled)\n" \
@@ -299,6 +215,30 @@
#define USAGE_ALPN ""
#endif /* POLARSSL_SSL_ALPN */
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n" \
+ " renego_delay=%%d default: -2 (library default)\n" \
+ " renego_period=%%d default: (library default)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
#define USAGE \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
@@ -315,18 +255,20 @@
"\n" \
USAGE_PSK \
"\n" \
- " renegotiation=%%d default: 1 (enabled)\n" \
- " allow_legacy=%%d default: 0 (disabled)\n" \
- " renegotiate=%%d default: 0 (disabled)\n" \
- " renego_delay=%%d default: -2 (library default)\n" \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
USAGE_TICKETS \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
+ USAGE_TRUNC_HMAC \
USAGE_ALPN \
+ USAGE_EMS \
+ USAGE_ETM \
"\n" \
" min_version=%%s default: \"ssl3\"\n" \
" max_version=%%s default: \"tls1_2\"\n" \
+ " arc4=%%d default: 0 (disabled)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2\n" \
"\n" \
@@ -336,6 +278,107 @@
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
+#if !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
+#include <stdio.h>
+int main( void )
+{
+ polarssl_printf("POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_addr; /* address on which the ssl service runs */
+ int server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the server certificate */
+ const char *key_file; /* the file with the server key */
+ const char *crt_file2; /* the file with the 2nd server certificate */
+ const char *key_file2; /* the file with the 2nd server key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ char *psk_list; /* list of PSK id/key pairs for callback */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+ const char *version_suites; /* per-version ciphersuites */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ int renego_period; /* period for automatic renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* accept truncated hmac? */
+ int tickets; /* enable / disable session tickets */
+ int ticket_timeout; /* session ticket lifetime */
+ int cache_max; /* max number of session cache entries */
+ int cache_timeout; /* expiration delay of session cache entries */
+ char *sni; /* string describing sni information */
+ const char *alpn_string; /* ALPN supported protocols */
+ const char *dhm_file; /* the file with the DH parameters */
+ int extended_ms; /* allow negotiation of extended MS? */
+ int etm; /* allow negotiation of encrypt-then-MAC? */
+} opt;
+
+static void my_debug( void *ctx, int level, const char *str )
+{
+ ((void) level);
+
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
+ fflush( (FILE *) ctx );
+}
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before sucesseding
+ */
+static int my_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+
+ ret = net_recv( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_READ )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+static int my_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_WRITE );
+ }
+
+ ret = net_send( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_WRITE )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
/*
* Used by sni_parse and psk_parse to handle coma-separated lists
*/
@@ -343,7 +386,7 @@
dst = p; \
while( *p != ',' ) \
if( ++p > end ) \
- return( NULL ); \
+ goto error; \
*p++ = '\0';
#if defined(POLARSSL_SNI)
@@ -356,53 +399,6 @@
sni_entry *next;
};
-/*
- * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]]
- * into a usable sni_entry list.
- *
- * Modifies the input string! This is not production quality!
- * (leaks memory if parsing fails, no error reporting, ...)
- */
-sni_entry *sni_parse( char *sni_string )
-{
- sni_entry *cur = NULL, *new = NULL;
- char *p = sni_string;
- char *end = p;
- char *crt_file, *key_file;
-
- while( *end != '\0' )
- ++end;
- *end = ',';
-
- while( p <= end )
- {
- if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL )
- return( NULL );
-
- memset( new, 0, sizeof( sni_entry ) );
-
- if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
- ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
- return( NULL );
-
- x509_crt_init( new->cert );
- pk_init( new->key );
-
- GET_ITEM( new->name );
- GET_ITEM( crt_file );
- GET_ITEM( key_file );
-
- if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
- pk_parse_keyfile( new->key, key_file, "" ) != 0 )
- return( NULL );
-
- new->next = cur;
- cur = new;
- }
-
- return( cur );
-}
-
void sni_free( sni_entry *head )
{
sni_entry *cur = head, *next;
@@ -422,6 +418,67 @@
}
/*
+ * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]]
+ * into a usable sni_entry list.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+sni_entry *sni_parse( char *sni_string )
+{
+ sni_entry *cur = NULL, *new = NULL;
+ char *p = sni_string;
+ char *end = p;
+ char *crt_file, *key_file;
+
+ while( *end != '\0' )
+ ++end;
+ *end = ',';
+
+ while( p <= end )
+ {
+ if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL )
+ {
+ sni_free( cur );
+ return( NULL );
+ }
+
+ memset( new, 0, sizeof( sni_entry ) );
+
+ if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
+ ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
+ {
+ polarssl_free( new->cert );
+ polarssl_free( new );
+ sni_free( cur );
+ return( NULL );
+ }
+
+ x509_crt_init( new->cert );
+ pk_init( new->key );
+
+ GET_ITEM( new->name );
+ GET_ITEM( crt_file );
+ GET_ITEM( key_file );
+
+ if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
+ pk_parse_keyfile( new->key, key_file, "" ) != 0 )
+ {
+ goto error;
+ }
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return( cur );
+
+error:
+ sni_free( new );
+ sni_free( cur );
+ return( NULL );
+}
+
+/*
* SNI callback.
*/
int sni_callback( void *p_info, ssl_context *ssl,
@@ -496,11 +553,25 @@
};
/*
+ * Free a list of psk_entry's
+ */
+void psk_free( psk_entry *head )
+{
+ psk_entry *next;
+
+ while( head != NULL )
+ {
+ next = head->next;
+ polarssl_free( head );
+ head = next;
+ }
+}
+
+/*
* Parse a string of pairs name1,key1[,name2,key2[,...]]
* into a usable psk_entry list.
*
* Modifies the input string! This is not production quality!
- * (leaks memory if parsing fails, no error reporting, ...)
*/
psk_entry *psk_parse( char *psk_string )
{
@@ -516,7 +587,7 @@
while( p <= end )
{
if( ( new = polarssl_malloc( sizeof( psk_entry ) ) ) == NULL )
- return( NULL );
+ goto error;
memset( new, 0, sizeof( psk_entry ) );
@@ -524,28 +595,18 @@
GET_ITEM( key_hex );
if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
- return( NULL );
+ goto error;
new->next = cur;
cur = new;
}
return( cur );
-}
-/*
- * Free a list of psk_entry's
- */
-void psk_free( psk_entry *head )
-{
- psk_entry *next;
-
- while( head != NULL )
- {
- next = head->next;
- polarssl_free( head );
- head = next;
- }
+error:
+ psk_free( new );
+ psk_free( cur );
+ return( 0 );
}
/*
@@ -572,7 +633,7 @@
}
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
-static int listen_fd;
+static int listen_fd, client_fd = -1;
/* Interruption handler to ensure clean exit (for valgrind testing) */
#if !defined(_WIN32)
@@ -582,13 +643,13 @@
((void) sig);
received_sigterm = 1;
net_close( listen_fd ); /* causes net_accept() to abort */
+ net_close( client_fd ); /* causes net_read() to abort */
}
#endif
int main( int argc, char *argv[] )
{
- int ret = 0, len, written, frags, exchanges;
- int client_fd = -1;
+ int ret = 0, len, written, frags, exchanges_left;
int version_suites[4][2];
unsigned char buf[IO_BUF_LEN];
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -601,6 +662,9 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ unsigned char renego_period[8] = { 0 };
+#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt cacert;
x509_crt srvcert;
@@ -656,8 +720,9 @@
#endif
#if !defined(_WIN32)
- /* Abort cleanly on SIGTERM */
+ /* Abort cleanly on SIGTERM and SIGINT */
signal( SIGTERM, term_handler );
+ signal( SIGINT, term_handler );
#endif
if( argc == 0 )
@@ -666,19 +731,19 @@
if( ret == 0 )
ret = 1;
- printf( USAGE );
+ polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
- printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
- printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
- printf("\n");
+ polarssl_printf("\n");
goto exit;
}
@@ -701,11 +766,14 @@
opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE;
opt.renego_delay = DFL_RENEGO_DELAY;
+ opt.renego_period = DFL_RENEGO_PERIOD;
opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
+ opt.arc4 = DFL_ARC4;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.tickets = DFL_TICKETS;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
opt.cache_max = DFL_CACHE_MAX;
@@ -713,6 +781,8 @@
opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING;
opt.dhm_file = DFL_DHM_FILE;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
for( i = 1; i < argc; i++ )
{
@@ -781,9 +851,13 @@
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
- opt.allow_legacy = atoi( q );
- if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
- goto usage;
+ switch( atoi( q ) )
+ {
+ case -1: opt.allow_legacy = SSL_LEGACY_BREAK_HANDSHAKE; break;
+ case 0: opt.allow_legacy = SSL_LEGACY_NO_RENEGOTIATION; break;
+ case 1: opt.allow_legacy = SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ default: goto usage;
+ }
}
else if( strcmp( p, "renegotiate" ) == 0 )
{
@@ -795,6 +869,12 @@
{
opt.renego_delay = atoi( q );
}
+ else if( strcmp( p, "renego_period" ) == 0 )
+ {
+ opt.renego_period = atoi( q );
+ if( opt.renego_period < 2 || opt.renego_period > 255 )
+ goto usage;
+ }
else if( strcmp( p, "exchanges" ) == 0 )
{
opt.exchanges = atoi( q );
@@ -827,6 +907,15 @@
else
goto usage;
}
+ else if( strcmp( p, "arc4" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
+ case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -880,6 +969,33 @@
{
opt.alpn_string = q;
}
+ else if( strcmp( p, "trunc_hmac" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "extended_ms" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.extended_ms = SSL_EXTENDED_MS_DISABLED; break;
+ case 1: opt.extended_ms = SSL_EXTENDED_MS_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "etm" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.etm = SSL_ETM_DISABLED; break;
+ case 1: opt.etm = SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
@@ -924,14 +1040,14 @@
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
- printf("forced ciphersuite not allowed with this protocol version\n");
+ polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
- printf("forced ciphersuite not allowed with this protocol version\n");
+ polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
@@ -961,7 +1077,7 @@
if( i != 4 )
{
- printf( "too few values for version_suites\n" );
+ polarssl_printf( "too few values for version_suites\n" );
ret = 1;
goto exit;
}
@@ -975,7 +1091,7 @@
if( version_suites[i][0] == 0 )
{
- printf( "unknown ciphersuite: '%s'\n", name[i] );
+ polarssl_printf( "unknown ciphersuite: '%s'\n", name[i] );
ret = 2;
goto usage;
}
@@ -988,7 +1104,7 @@
*/
if( unhexify( psk, opt.psk, &psk_len ) != 0 )
{
- printf( "pre-shared key not valid hex\n" );
+ polarssl_printf( "pre-shared key not valid hex\n" );
goto exit;
}
@@ -996,7 +1112,7 @@
{
if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
{
- printf( "psk_list invalid" );
+ polarssl_printf( "psk_list invalid" );
goto exit;
}
}
@@ -1025,7 +1141,7 @@
/*
* 0. Initialize the RNG and the session data
*/
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -1033,17 +1149,17 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 1.1. Load the trusted CA
*/
- printf( " . Loading the CA root certificate ..." );
+ polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -1065,21 +1181,21 @@
#else
{
ret = 1;
- printf("POLARSSL_CERTS_C not defined.");
+ polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok (%d skipped)\n", ret );
+ polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*/
- printf( " . Loading the server cert. and key..." );
+ polarssl_printf( " . Loading the server cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -1088,7 +1204,7 @@
key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
- printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
+ polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
-ret );
goto exit;
}
@@ -1098,13 +1214,13 @@
key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
- printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
if( key_cert_init == 1 )
{
- printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
+ polarssl_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
goto exit;
}
@@ -1113,7 +1229,7 @@
key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
- printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
+ polarssl_printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
-ret );
goto exit;
}
@@ -1123,14 +1239,14 @@
key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
- printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
+ polarssl_printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( key_cert_init2 == 1 )
{
- printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
+ polarssl_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
goto exit;
}
#endif
@@ -1142,7 +1258,7 @@
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(POLARSSL_CERTS_C)
- printf( "Not certificated or key provided, and \n"
+ polarssl_printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit;
#else
@@ -1151,14 +1267,14 @@
(const unsigned char *) test_srv_crt_rsa,
strlen( test_srv_crt_rsa ) ) ) != 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey,
(const unsigned char *) test_srv_key_rsa,
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
- printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init = 2;
@@ -1168,14 +1284,14 @@
(const unsigned char *) test_srv_crt_ec,
strlen( test_srv_crt_ec ) ) ) != 0 )
{
- printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey2,
(const unsigned char *) test_srv_key_ec,
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
- printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init2 = 2;
@@ -1183,66 +1299,66 @@
#endif /* POLARSSL_CERTS_C */
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
if( opt.dhm_file != NULL )
{
- printf( " . Loading DHM parameters..." );
+ polarssl_printf( " . Loading DHM parameters..." );
fflush( stdout );
if( ( ret = dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
{
- printf( " failed\n ! dhm_parse_dhmfile returned -0x%04X\n\n",
+ polarssl_printf( " failed\n ! dhm_parse_dhmfile returned -0x%04X\n\n",
-ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
#endif
#if defined(POLARSSL_SNI)
if( opt.sni != NULL )
{
- printf( " . Setting up SNI information..." );
+ polarssl_printf( " . Setting up SNI information..." );
fflush( stdout );
if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
{
- printf( " failed\n" );
+ polarssl_printf( " failed\n" );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_SNI */
/*
* 2. Setup the listening TCP socket
*/
- printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
+ polarssl_printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
- printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
- printf( " . Setting up the SSL/TLS structure..." );
+ polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1252,16 +1368,31 @@
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
{
- printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
goto exit;
};
#endif
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+#endif
+
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ if( opt.extended_ms != DFL_EXTENDED_MS )
+ ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+#endif
+
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+ if( opt.etm != DFL_ETM )
+ ssl_set_encrypt_then_mac( &ssl, opt.etm );
+#endif
+
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
{
- printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1283,7 +1414,7 @@
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
{
- printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
goto exit;
}
@@ -1293,6 +1424,8 @@
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ else
+ ssl_set_arc4_support( &ssl, opt.arc4 );
if( opt.version_suites != NULL )
{
@@ -1310,11 +1443,21 @@
SSL_MINOR_VERSION_3 );
}
+ if( opt.allow_legacy != DFL_ALLOW_LEGACY )
+ ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl_set_renegotiation( &ssl, opt.renegotiation );
- ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+
if( opt.renego_delay != DFL_RENEGO_DELAY )
ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+ if( opt.renego_period != DFL_RENEGO_PERIOD )
+ {
+ renego_period[7] = opt.renego_period;
+ ssl_set_renegotiation_period( &ssl, renego_period );
+ }
+#endif
+
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
@@ -1324,13 +1467,13 @@
if( key_cert_init )
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
if( key_cert_init2 )
if( ( ret = ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1348,7 +1491,7 @@
strlen( opt.psk_identity ) );
if( ret != 0 )
{
- printf( " failed\n ssl_set_psk returned -0x%04X\n\n", - ret );
+ polarssl_printf( " failed\n ssl_set_psk returned -0x%04X\n\n", - ret );
goto exit;
}
}
@@ -1371,7 +1514,7 @@
if( ret != 0 )
{
- printf( " failed\n ssl_set_dh_param returned -0x%04X\n\n", - ret );
+ polarssl_printf( " failed\n ssl_set_dh_param returned -0x%04X\n\n", - ret );
goto exit;
}
#endif
@@ -1382,15 +1525,24 @@
if( opt.max_version != -1 )
ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
reset:
+#if !defined(_WIN32)
+ if( received_sigterm )
+ {
+ polarssl_printf( " interrupted by SIGTERM\n" );
+ ret = 0;
+ goto exit;
+ }
+#endif
+
#ifdef POLARSSL_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: %d - %s\n\n", ret, error_buf );
+ polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -1404,7 +1556,7 @@
*/
client_fd = -1;
- printf( " . Waiting for a remote connection ..." );
+ polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
@@ -1412,13 +1564,13 @@
#if !defined(_WIN32)
if( received_sigterm )
{
- printf( " interrupted by SIGTERM\n" );
+ polarssl_printf( " interrupted by signal\n" );
ret = 0;
goto exit;
}
#endif
- printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1428,7 +1580,7 @@
ret = net_set_block( client_fd );
if( ret != 0 )
{
- printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1437,31 +1589,31 @@
else
ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd );
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 4. Handshake
*/
- printf( " . Performing the SSL/TLS handshake..." );
+ polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto reset;
}
}
- printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ polarssl_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
{
const char *alp = ssl_get_alpn_protocol( &ssl );
- printf( " [ Application Layer Protocol is %s ]\n",
+ polarssl_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
#endif
@@ -1470,44 +1622,36 @@
/*
* 5. Verify the server certificate
*/
- printf( " . Verifying peer X.509 certificate..." );
+ polarssl_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
- printf( " failed\n" );
+ char vrfy_buf[512];
- if( !ssl_get_peer_cert( &ssl ) )
- printf( " ! no client certificate sent\n" );
+ polarssl_printf( " failed\n" );
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- printf( " ! client certificate has expired\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
- if( ( ret & BADCERT_REVOKED ) != 0 )
- printf( " ! client certificate has been revoked\n" );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- printf( "\n" );
+ polarssl_printf( "%s\n", vrfy_buf );
}
else
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
if( ssl_get_peer_cert( &ssl ) )
{
- printf( " . Peer certificate information ...\n" );
+ polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( &ssl ) );
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
- exchanges = opt.exchanges;
+ exchanges_left = opt.exchanges;
data_exchange:
/*
* 6. Read the HTTP Request
*/
- printf( " < Read from client:" );
+ polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -1526,17 +1670,17 @@
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
- printf( " connection was closed gracefully\n" );
+ polarssl_printf( " connection was closed gracefully\n" );
goto close_notify;
case 0:
case POLARSSL_ERR_NET_CONN_RESET:
- printf( " connection was reset by peer\n" );
+ polarssl_printf( " connection was reset by peer\n" );
ret = POLARSSL_ERR_NET_CONN_RESET;
goto reset;
default:
- printf( " ssl_read returned -0x%x\n", -ret );
+ polarssl_printf( " ssl_read returned -0x%x\n", -ret );
goto reset;
}
}
@@ -1545,7 +1689,7 @@
{
len = ret;
buf[len] = '\0';
- printf( " %d bytes read\n\n%s\n", len, (char *) buf );
+ polarssl_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
@@ -1563,7 +1707,7 @@
larger_buf = polarssl_malloc( ori_len + extra_len + 1 );
if( larger_buf == NULL )
{
- printf( " ! memory allocation failed\n" );
+ polarssl_printf( " ! memory allocation failed\n" );
ret = 1;
goto reset;
}
@@ -1576,13 +1720,13 @@
if( ret != extra_len ||
ssl_get_bytes_avail( &ssl ) != 0 )
{
- printf( " ! ssl_read failed on cached data\n" );
+ polarssl_printf( " ! ssl_read failed on cached data\n" );
ret = 1;
goto reset;
}
larger_buf[ori_len + extra_len] = '\0';
- printf( " %u bytes read (%u + %u)\n\n%s\n",
+ polarssl_printf( " %u bytes read (%u + %u)\n\n%s\n",
ori_len + extra_len, ori_len, extra_len,
(char *) larger_buf );
@@ -1606,9 +1750,10 @@
* 7a. Request renegotiation while client is waiting for input from us.
* (only if we're going to exhange more data afterwards)
*/
- if( opt.renegotiate && exchanges > 1 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( opt.renegotiate && exchanges_left > 1 )
{
- printf( " . Requestion renegotiation..." );
+ polarssl_printf( " . Requestion renegotiation..." );
fflush( stdout );
while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
@@ -1616,18 +1761,19 @@
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
goto reset;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/*
* 7. Write the 200 Response
*/
- printf( " > Write to client:" );
+ polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -1639,52 +1785,41 @@
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
- printf( " failed\n ! peer closed the connection\n\n" );
+ polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto reset;
}
}
}
buf[written] = '\0';
- printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
-
+ polarssl_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ ret = 0;
/*
* 7b. Continue doing data exchanges?
*/
- if( --exchanges > 0 )
+ if( --exchanges_left > 0 )
goto data_exchange;
/*
* 8. Done, cleanly close the connection
*/
close_notify:
- printf( " . Closing the connection..." );
+ polarssl_printf( " . Closing the connection..." );
- while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
- {
- if( ret == POLARSSL_ERR_NET_CONN_RESET )
- {
- printf( " ok (already closed by peer)\n" );
- ret = 0;
- goto reset;
- }
+ /* No error checking, the connection might be closed already */
+ do ret = ssl_close_notify( &ssl );
+ while( ret == POLARSSL_ERR_NET_WANT_WRITE );
+ ret = 0;
- if( ret != POLARSSL_ERR_NET_WANT_READ &&
- ret != POLARSSL_ERR_NET_WANT_WRITE )
- {
- printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
- goto reset;
- }
- }
+ polarssl_printf( " done\n" );
- printf( " ok\n" );
goto reset;
/*
@@ -1696,10 +1831,13 @@
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
- printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
+ polarssl_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
}
#endif
+ polarssl_printf( " . Cleaning up..." );
+ fflush( stdout );
+
if( client_fd != -1 )
net_close( client_fd );
@@ -1738,8 +1876,10 @@
memory_buffer_alloc_free();
#endif
+ polarssl_printf( " done.\n" );
+
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/ssl/test-ca/cert_digest.key b/programs/ssl/test-ca/cert_digest.key
deleted file mode 100644
index e3da8a0..0000000
--- a/programs/ssl/test-ca/cert_digest.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZBJre+Ea1ccxYM
-ZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVEmvHLr2Eu30kN
-nQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsDL6IJ7fAzjwvO
-EO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sWVrfc7NFVV6Vu
-7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sBpWWi4B42t6Zc
-zDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABAoIBACV0r5n2zDvTnzRG
-X2jfsFSmeq5jj6grTrdySxJNLT3d1EfhOXgylmGMaiL5EGIoI7BY5kAVgZKTxGRB
-4urT02M7CXKQ0QKKhE+4ZHsAUbOQ7y1vVDVg9bQ2vYJLorziHJxUUCjLXn4dntVQ
-Sdz0FO+pncfwAk1/aTfI3kgPd/qIsvnXfwnfSPkbn9JZeHSFuWR1nfaQzaz8y+h0
-g+gNrEzweix+llPk1s7WtficQdIOhiuD4+f7uQmCiUpNlFgojRc+CxVGtw0eCB1o
-74hNxswPGj9ianEGstzWWV2g4h83laTA2RvnGKsiZ0BisLw5KRmHkf0RPx+eZOBC
-gMS/ruECgYEA9K00uYKDSNq8dlmTaiOM9ppKPDr2B++0xNf+8TKNhsLIDxnsJulW
-LgZegCl6gExfyLbYT6XrG5FjNADSk5uD9oGqa1mPq6J7KAzpkZ1dvF/NtiHo4MAK
-Obj/jo084HCWIqMEhfve6UmkMiGg+6ht40LWYdeqlEd2Lwe6QUHSqmMCgYEAwc7c
-ZR+5kYeSjnLIxVbfHgBCcE44zcGnRI2wuzgZDQ+65rPnx5l6mEECmlzLudk7OSK7
-XGZODu1W7l/CUja8io6cuhZPMsnSrm1KJ+mMe3qKUH+eaeeisEMxsK4ZdvCKsGTe
-dg41Yi/V+TvsQocRqkSjq3bLaW3F/rQLJeZzpl0CgYEAmGL70IIhpBFfiVJWxqcn
-lzsW+xY5v02ix2pDRROYI5NSqF0bwExZOUcMOkQbIKbwjQCcDlcm67+MCopsnDQi
-Zzfw3PUlzt7eV15bZi6df8InS8Uo1jmk5Lh8qdr7TEmyqBXhrlTlS2RrGDHronEP
-J5isDroUak9rovTsItKNE0MCgYEAwOZyOzyeaRk1aA8bgj97B9NeTYWtyC3tnLAi
-rdWiKXv0nVeHZQWAHjbmrlmadLqg1beaINe67eSRV+V79nSAqLBVkmpOHdD/n5kr
-7BnrN6O6M3EybVqedS4MMTy4H8g/Yl6jhYGS5M2T/eQEvhrOHFkBRtKQl7kpDuCJ
-EAoWJgkCgYEA7Ey6LpS40L/fU5BosQwPGu82Sh/V+WRwR3QZZHxiyKoh1v3qAA/6
-3jw/xsrM0Br311DUTUPRQQLnyAzmzZqWmJWEZU7YS55NdTG3R75NzB2ZAffV4W+Y
-lE0G2DglzGeZQV8n3FK3fEu1hVkIoYfq4+6YqO6YPbpa49xbwZ2AJdU=
------END RSA PRIVATE KEY-----
diff --git a/programs/ssl/test-ca/cert_example.crt b/programs/ssl/test-ca/cert_example.crt
deleted file mode 100644
index d563882..0000000
--- a/programs/ssl/test-ca/cert_example.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 13 (0xd)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 83:f7:04:f3:bd:08:cf:81:f9:a1:b0:54:a4:5f:91:1d:15:9f:
- 03:ab:9a:07:0d:bd:ad:fa:ce:44:79:58:9c:88:d1:6e:48:fd:
- 2b:f2:6e:fc:1f:c6:3a:28:4d:2a:f7:31:27:e4:64:6d:1c:d2:
- a7:64:18:9e:0a:07:cd:4c:44:31:e2:8f:c4:4d:d9:e5:38:85:
- 32:44:ba:3d:0a:97:c8:3f:59:14:8e:aa:98:e1:69:24:49:8a:
- 0e:3e:01:b5:fd:88:66:bb:ad:0c:fb:da:87:01:8d:f7:72:30:
- 78:a8:eb:29:4f:3b:20:6b:3e:83:2c:ee:08:88:b1:e9:e2:37:
- 48:77:76:bf:f2:92:98:58:21:04:02:1c:23:70:ff:10:45:1e:
- 69:ac:67:23:0f:1e:62:ef:35:d3:c3:94:dc:99:48:7c:05:ad:
- c1:1c:1a:2a:e6:e3:d7:89:f5:44:25:1a:aa:7a:d4:8f:b7:5a:
- ae:03:4b:be:5e:e8:43:35:12:e8:b9:95:64:81:ef:26:1a:cd:
- e4:82:22:de:2e:ac:93:4f:32:f9:0b:0d:b2:5f:69:21:b9:1b:
- f8:54:c0:df:11:17:23:85:ae:71:cb:ae:17:e8:36:2f:aa:fe:
- 04:04:2b:33:1b:12:2b:80:19:11:6f:ce:cb:bb:6c:fe:a5:80:
- a7:4a:6d:0f
------BEGIN CERTIFICATE-----
-MIIDOTCCAiGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA2MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZB
-Jre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVE
-mvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsD
-L6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sW
-Vrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sB
-pWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABo00wSzAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAfBgNVHSME
-GDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOCAQEAg/cE
-870Iz4H5obBUpF+RHRWfA6uaBw29rfrORHlYnIjRbkj9K/Ju/B/GOihNKvcxJ+Rk
-bRzSp2QYngoHzUxEMeKPxE3Z5TiFMkS6PQqXyD9ZFI6qmOFpJEmKDj4Btf2IZrut
-DPvahwGN93IweKjrKU87IGs+gyzuCIix6eI3SHd2v/KSmFghBAIcI3D/EEUeaaxn
-Iw8eYu8108OU3JlIfAWtwRwaKubj14n1RCUaqnrUj7dargNLvl7oQzUS6LmVZIHv
-JhrN5IIi3i6sk08y+QsNsl9pIbkb+FTA3xEXI4WuccuuF+g2L6r+BAQrMxsSK4AZ
-EW/Oy7ts/qWAp0ptDw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_example_multi.crt b/programs/ssl/test-ca/cert_example_multi.crt
deleted file mode 100644
index c1e1998..0000000
--- a/programs/ssl/test-ca/cert_example_multi.crt
+++ /dev/null
@@ -1,80 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17 (0x11)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: May 10 13:23:41 2012 GMT
- Not After : May 11 13:23:41 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- X509v3 Subject Alternative Name:
- DNS:example.com, DNS:example.net, DNS:*.example.org
- Signature Algorithm: sha1WithRSAEncryption
- 4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
- b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
- 3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
- cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
- 89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
- 29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
- a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
- 8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
- fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
- 16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
- 71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
- d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
- a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
- 1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
- 1b:f1:94:e6
------BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
-gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
-A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
-bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
-AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
-5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
-KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
-wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
-96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
-HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_example_wildcard.crt b/programs/ssl/test-ca/cert_example_wildcard.crt
deleted file mode 100644
index 4895e8a..0000000
--- a/programs/ssl/test-ca/cert_example_wildcard.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 12 (0xc)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=*.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
- 6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
- 3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
- bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
- 7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
- c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
- 28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
- fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
- 32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
- e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
- 4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
- c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
- f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
- 57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
- ce:bb:0f:36
------BEGIN CERTIFICATE-----
-MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
-tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
-5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
-CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
-axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
-ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
-IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
-s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
-VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
-DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
-MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
-sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
-lpedzJR7gwkXpu7Ouw82
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_example_www.crt b/programs/ssl/test-ca/cert_example_www.crt
deleted file mode 100644
index 9f4d8a9..0000000
--- a/programs/ssl/test-ca/cert_example_www.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 14 (0xe)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 3e:b2:e4:9b:c0:8b:a0:d1:e8:66:f4:03:7b:76:7f:7e:0f:6b:
- e5:78:ef:2f:6c:14:d6:22:5c:0c:bf:c8:70:09:ca:c5:64:a8:
- 77:ed:e2:8d:ab:27:cc:40:ba:a5:95:d7:ec:a1:cc:41:3d:6b:
- e3:69:c5:cb:10:c6:75:59:2c:6f:3d:2d:b3:c3:f8:75:4a:d4:
- 31:2e:e9:fc:72:4b:42:ed:c8:f7:6e:cd:da:98:db:3f:e2:3b:
- ea:26:1b:73:eb:59:f5:10:48:07:45:a3:20:40:2c:c6:95:59:
- 08:82:26:ab:13:9f:ea:66:b1:05:e5:99:1d:26:0f:21:0f:b5:
- 2e:52:82:99:53:85:a8:fe:b7:6e:e9:ed:44:01:f8:c8:08:d0:
- 64:25:43:70:da:3f:1b:0d:97:81:1b:2a:5d:e4:17:10:20:b0:
- eb:56:44:be:ec:55:4a:66:c1:c9:69:7b:36:01:66:36:14:22:
- 37:a4:96:d2:db:0e:bd:01:e9:3e:6a:ef:94:94:63:69:ea:27:
- 7c:40:29:4a:38:f0:06:dd:4a:06:ef:8b:92:98:ad:02:60:a0:
- 3c:6c:53:4c:a1:5b:ae:c7:a2:61:ee:0e:18:c6:f8:46:80:c6:
- 2f:55:38:2a:33:84:da:9a:a4:69:ae:c3:8a:a1:e2:07:6c:71:
- 9b:56:fd:93
------BEGIN CERTIFICATE-----
-MIIDPTCCAiWgAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaNN
-MEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEwwHwYD
-VR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEB
-AD6y5JvAi6DR6Gb0A3t2f34Pa+V47y9sFNYiXAy/yHAJysVkqHft4o2rJ8xAuqWV
-1+yhzEE9a+NpxcsQxnVZLG89LbPD+HVK1DEu6fxyS0LtyPduzdqY2z/iO+omG3Pr
-WfUQSAdFoyBALMaVWQiCJqsTn+pmsQXlmR0mDyEPtS5SgplThaj+t27p7UQB+MgI
-0GQlQ3DaPxsNl4EbKl3kFxAgsOtWRL7sVUpmwclpezYBZjYUIjekltLbDr0B6T5q
-75SUY2nqJ3xAKUo48AbdSgbvi5KYrQJgoDxsU0yhW67HomHuDhjG+EaAxi9VOCoz
-hNqapGmuw4qh4gdscZtW/ZM=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_md2.crt b/programs/ssl/test-ca/cert_md2.crt
deleted file mode 100644
index e69de29..0000000
--- a/programs/ssl/test-ca/cert_md2.crt
+++ /dev/null
diff --git a/programs/ssl/test-ca/cert_md4.crt b/programs/ssl/test-ca/cert_md4.crt
deleted file mode 100644
index 16f166b..0000000
--- a/programs/ssl/test-ca/cert_md4.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: md4WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md4WithRSAEncryption
- 94:db:e1:86:71:2d:43:d6:51:61:a7:95:bc:e8:73:da:ff:e4:
- fd:41:0f:5c:de:14:f4:c4:ba:5d:2c:30:2c:a6:dc:2d:e8:87:
- 45:f1:c5:fe:d1:4a:64:99:19:09:2f:72:7c:3f:8d:c8:31:22:
- dd:0a:69:03:3d:12:8c:4d:c3:f7:a3:c5:d1:5d:c9:ff:4b:83:
- 6b:d6:b4:e5:d8:ce:94:5e:ec:bf:68:c5:b2:63:8e:5c:cb:f3:
- 8d:62:73:82:62:7e:df:db:7d:0b:8d:21:10:db:9a:a1:62:4d:
- 46:42:d1:bb:38:32:ef:c1:fc:a1:e2:7f:60:08:37:32:20:2c:
- 7c:a2:c9:12:0d:89:fe:2b:15:08:91:79:e2:a9:79:a4:da:cd:
- 81:43:01:e2:09:2d:1a:f4:16:ef:af:4d:50:46:5e:2d:dd:48:
- 27:10:c0:42:b7:a5:9e:c2:1f:6e:50:36:03:ed:95:77:9a:a3:
- d9:4c:d7:23:93:b1:24:2a:63:27:28:7a:de:3d:59:d2:92:c8:
- 8f:f6:39:1d:65:ab:09:78:05:46:90:a9:f6:10:b1:ef:c8:8c:
- 4d:7d:8d:f2:78:b7:88:15:09:7e:df:e9:87:a8:64:c1:95:53:
- fb:da:05:b7:62:bc:ad:fb:d9:a4:a9:06:6c:6b:98:01:b9:39:
- 78:d3:4e:87
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC
-AQEAlNvhhnEtQ9ZRYaeVvOhz2v/k/UEPXN4U9MS6XSwwLKbcLeiHRfHF/tFKZJkZ
-CS9yfD+NyDEi3QppAz0SjE3D96PF0V3J/0uDa9a05djOlF7sv2jFsmOOXMvzjWJz
-gmJ+39t9C40hENuaoWJNRkLRuzgy78H8oeJ/YAg3MiAsfKLJEg2J/isVCJF54ql5
-pNrNgUMB4gktGvQW769NUEZeLd1IJxDAQrelnsIfblA2A+2Vd5qj2UzXI5OxJCpj
-Jyh63j1Z0pLIj/Y5HWWrCXgFRpCp9hCx78iMTX2N8ni3iBUJft/ph6hkwZVT+9oF
-t2K8rfvZpKkGbGuYAbk5eNNOhw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_md5.crt b/programs/ssl/test-ca/cert_md5.crt
deleted file mode 100644
index 13d43f1..0000000
--- a/programs/ssl/test-ca/cert_md5.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 6 (0x6)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md5WithRSAEncryption
- 92:13:81:0c:ff:ac:ab:98:52:6c:28:c9:c6:3e:80:c6:ec:77:
- d0:13:e1:a2:29:1d:2f:b7:c5:95:41:83:60:d9:50:9c:d0:d6:
- 09:f7:0f:97:cd:c0:e6:b2:68:fa:31:c9:2a:a3:d3:1e:53:ae:
- 79:dc:35:ba:b0:d9:e5:7a:37:1b:2a:92:fa:d2:59:90:43:1b:
- 6a:91:c1:db:36:da:e9:39:d3:f5:ac:e3:46:01:ca:55:04:17:
- 1a:b1:97:28:e8:ff:1b:e7:e1:10:c9:b5:31:d8:ce:a6:89:6a:
- 4a:df:78:7b:02:2f:83:b3:41:d5:ef:0b:b6:44:ff:32:a6:cf:
- 1b:c2:f4:b0:75:66:a9:da:6f:7c:a5:e3:c6:c1:3a:2f:bf:f8:
- 12:6f:04:2c:37:f2:4e:fc:b9:09:ff:a4:5b:40:19:e9:58:91:
- 64:82:d6:ad:b9:7f:c0:12:c2:ce:b7:b6:ba:fb:10:a2:3f:74:
- 97:10:39:d4:dc:4a:e5:5c:f7:e5:3a:d9:68:d7:17:6b:f5:51:
- 08:b4:a2:30:0d:cc:36:10:6d:4e:1d:22:cc:48:d1:38:44:ba:
- cc:2b:47:99:f7:c6:8b:41:24:f3:f1:2c:10:1a:f2:88:bb:b2:
- e0:fd:44:26:3d:ad:ea:af:1d:d0:00:56:41:4e:f4:b0:3b:9d:
- 32:6f:48:c7
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
-AQEAkhOBDP+sq5hSbCjJxj6Axux30BPhoikdL7fFlUGDYNlQnNDWCfcPl83A5rJo
-+jHJKqPTHlOuedw1urDZ5Xo3GyqS+tJZkEMbapHB2zba6TnT9azjRgHKVQQXGrGX
-KOj/G+fhEMm1MdjOpolqSt94ewIvg7NB1e8LtkT/MqbPG8L0sHVmqdpvfKXjxsE6
-L7/4Em8ELDfyTvy5Cf+kW0AZ6ViRZILWrbl/wBLCzre2uvsQoj90lxA51NxK5Vz3
-5TrZaNcXa/VRCLSiMA3MNhBtTh0izEjROES6zCtHmffGi0Ek8/EsEBryiLuy4P1E
-Jj2t6q8d0ABWQU70sDudMm9Ixw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_sha1.crt b/programs/ssl/test-ca/cert_sha1.crt
deleted file mode 100644
index 718b2f2..0000000
--- a/programs/ssl/test-ca/cert_sha1.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 93:26:40:68:3d:e7:62:ea:d1:6a:78:2b:c2:07:f3:0d:3b:f6:
- 69:18:cd:08:5e:31:e7:48:60:08:2a:46:b6:de:d1:35:0a:ec:
- 31:36:83:7d:eb:7c:d8:63:09:c3:e4:c5:10:ca:7c:7b:2f:20:
- 4d:d2:0e:5f:ee:09:e3:84:4f:28:cc:08:74:9a:11:23:5f:de:
- 0e:3a:0f:8b:2d:64:91:05:f6:d5:c7:30:c8:20:ee:6c:c4:62:
- 7c:8d:a8:4d:2e:70:8c:ac:b5:5d:de:9b:10:5c:98:fd:a1:78:
- 9b:9c:f0:73:33:de:2f:8c:59:fa:dc:af:4c:df:97:e3:9d:00:
- 37:9a:fa:d3:67:77:b9:2f:b9:4a:23:ad:f9:b4:a1:b7:ac:c5:
- a8:0f:62:8c:e6:7e:b4:94:2a:db:f2:fc:52:92:a4:9e:4e:51:
- 4f:9d:c0:ce:ae:3d:17:1c:94:6c:5f:e8:16:b5:ce:2e:e2:5a:
- cf:6a:db:dd:b0:d4:be:62:a5:46:92:30:7c:7c:fc:05:f8:78:
- 30:93:30:28:ab:69:a1:72:31:dc:3b:97:63:3a:5b:b3:e1:34:
- 86:80:4a:28:f5:dc:d5:84:8c:13:a4:6c:d2:c1:2d:a6:25:d7:
- 6f:c9:93:78:a5:16:ba:d9:17:6e:3e:ca:96:f2:9e:5c:e3:ae:
- 12:2e:a5:11
------BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA9MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGzAZBgNVBAMTElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfH
-tW2M/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgY
-LYAbVPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZh
-Z7ouB2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8
-kq7r3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTV
-wd+4Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEA
-AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEww
-HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
-ggEBAJMmQGg952Lq0Wp4K8IH8w079mkYzQheMedIYAgqRrbe0TUK7DE2g33rfNhj
-CcPkxRDKfHsvIE3SDl/uCeOETyjMCHSaESNf3g46D4stZJEF9tXHMMgg7mzEYnyN
-qE0ucIystV3emxBcmP2heJuc8HMz3i+MWfrcr0zfl+OdADea+tNnd7kvuUojrfm0
-obesxagPYozmfrSUKtvy/FKSpJ5OUU+dwM6uPRcclGxf6Ba1zi7iWs9q292w1L5i
-pUaSMHx8/AX4eDCTMCiraaFyMdw7l2M6W7PhNIaASij13NWEjBOkbNLBLaYl12/J
-k3ilFrrZF24+ypbynlzjrhIupRE=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_sha224.crt b/programs/ssl/test-ca/cert_sha224.crt
deleted file mode 100644
index 7283c28..0000000
--- a/programs/ssl/test-ca/cert_sha224.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 8 (0x8)
- Signature Algorithm: sha224WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha224WithRSAEncryption
- b8:9b:0a:d1:b4:d1:a4:ce:05:39:42:7a:3b:7b:5e:fd:97:57:
- 8a:36:60:42:39:d0:e6:0c:9c:7e:2f:2b:be:ef:e7:45:34:77:
- 48:7a:10:4a:fd:76:ca:42:39:25:3c:fa:19:f8:63:6c:e7:36:
- 27:9a:ec:06:ce:e4:f7:2c:2e:c6:36:c1:25:bd:ab:09:aa:e2:
- da:4e:de:ae:b5:f5:ba:9e:90:24:52:34:96:96:61:4c:26:b5:
- 57:65:b1:10:ed:13:2b:54:90:ce:d3:21:cb:8c:d3:4c:6c:e5:
- e1:78:22:16:3f:e1:be:f1:ee:5d:39:48:a1:e6:80:46:f4:46:
- f2:79:03:3e:f1:fc:51:47:d9:05:e8:85:81:1b:0b:4f:fa:85:
- 9d:ce:e7:76:5a:6f:da:98:9f:43:f1:f3:2f:2f:57:28:aa:70:
- 14:82:7f:d5:69:14:8c:f9:82:b6:2f:a6:df:b5:6b:0e:43:c9:
- 96:91:64:3d:8b:a8:17:15:9a:88:42:a4:d0:90:c0:a3:a2:e1:
- dd:f6:95:6d:3b:9d:71:a6:1e:9e:2c:1e:db:f6:5f:93:43:2c:
- ed:53:70:55:50:56:df:cd:96:6c:d5:91:0f:b1:a7:f4:b7:17:
- 9d:1f:0b:f6:0b:f8:fe:e7:7c:de:c1:20:b7:fc:69:13:ba:e2:
- 61:9b:a5:62
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
-AAOCAQEAuJsK0bTRpM4FOUJ6O3te/ZdXijZgQjnQ5gycfi8rvu/nRTR3SHoQSv12
-ykI5JTz6GfhjbOc2J5rsBs7k9ywuxjbBJb2rCari2k7errX1up6QJFI0lpZhTCa1
-V2WxEO0TK1SQztMhy4zTTGzl4XgiFj/hvvHuXTlIoeaARvRG8nkDPvH8UUfZBeiF
-gRsLT/qFnc7ndlpv2pifQ/HzLy9XKKpwFIJ/1WkUjPmCti+m37VrDkPJlpFkPYuo
-FxWaiEKk0JDAo6Lh3faVbTudcaYeniwe2/Zfk0Ms7VNwVVBW382WbNWRD7Gn9LcX
-nR8L9gv4/ud83sEgt/xpE7riYZulYg==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_sha256.crt b/programs/ssl/test-ca/cert_sha256.crt
deleted file mode 100644
index 03a7521..0000000
--- a/programs/ssl/test-ca/cert_sha256.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 9 (0x9)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha256WithRSAEncryption
- 69:ce:f9:a9:d5:e2:32:db:fe:a9:f9:92:7a:d6:76:37:05:51:
- c9:e3:a1:03:72:b2:bc:2c:86:4b:31:16:02:10:e8:43:d4:c0:
- 33:3c:4f:ea:9d:12:6b:57:51:bc:d7:d9:42:56:cf:c7:29:e7:
- d7:52:24:49:29:ac:9c:de:8f:cc:ab:1a:a9:62:07:5a:6b:f7:
- fb:19:ab:f5:b1:2c:a4:aa:dc:5d:03:73:17:7c:ea:52:44:80:
- ca:70:d3:10:c5:2e:fd:9f:d2:0d:65:c4:f2:cc:ef:1b:18:e1:
- 0a:08:4e:67:d0:56:7f:24:54:2e:73:31:b5:4d:22:74:f8:30:
- f9:92:c4:64:c9:46:80:d4:e1:bd:d6:e7:26:ea:bb:c4:fe:6f:
- a2:c5:10:e4:64:2f:b0:44:04:2c:b3:44:39:cf:b4:de:ac:83:
- 43:5e:0b:ca:cd:fb:4e:18:e6:38:39:e7:10:3f:d6:59:17:e7:
- 42:ef:00:e3:88:c6:43:bc:21:12:bf:20:a8:64:c6:30:dc:8c:
- 6b:b8:6a:ce:6b:8a:22:3b:d8:af:0c:b4:bb:4d:be:96:dd:40:
- d9:87:3e:95:2e:1a:27:23:62:e8:6e:bd:e0:89:d0:a7:28:16:
- 95:ea:cb:89:a3:f7:7f:fb:0f:ac:ab:d6:a8:b4:cb:43:92:d9:
- cb:3e:8a:11
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
-AAOCAQEAac75qdXiMtv+qfmSetZ2NwVRyeOhA3KyvCyGSzEWAhDoQ9TAMzxP6p0S
-a1dRvNfZQlbPxynn11IkSSmsnN6PzKsaqWIHWmv3+xmr9bEspKrcXQNzF3zqUkSA
-ynDTEMUu/Z/SDWXE8szvGxjhCghOZ9BWfyRULnMxtU0idPgw+ZLEZMlGgNThvdbn
-Juq7xP5vosUQ5GQvsEQELLNEOc+03qyDQ14Lys37ThjmODnnED/WWRfnQu8A44jG
-Q7whEr8gqGTGMNyMa7hqzmuKIjvYrwy0u02+lt1A2Yc+lS4aJyNi6G694InQpygW
-lerLiaP3f/sPrKvWqLTLQ5LZyz6KEQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_sha384.crt b/programs/ssl/test-ca/cert_sha384.crt
deleted file mode 100644
index 73caac9..0000000
--- a/programs/ssl/test-ca/cert_sha384.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 10 (0xa)
- Signature Algorithm: sha384WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha384WithRSAEncryption
- 68:e6:03:f0:ba:44:e7:cc:e1:b2:07:6c:56:c8:be:b7:ba:80:
- 61:c8:f9:66:57:e1:cb:60:7d:cd:8d:0f:66:b0:f2:61:45:fd:
- fc:c8:93:95:bb:b4:14:00:76:c7:e1:57:a6:e2:60:31:8b:fc:
- e1:0f:68:24:4c:bb:1d:c5:b6:77:ec:23:e1:5b:4f:10:6c:6a:
- e0:6d:e7:34:f8:72:14:ae:16:57:25:8b:e8:b9:71:a1:d0:78:
- ea:18:c1:51:c4:2e:26:6d:cb:80:8d:a5:b9:de:e7:37:c1:2b:
- ec:e8:98:c6:f9:1a:bf:fe:a3:de:3d:d6:59:98:45:dc:4a:a6:
- ad:0a:af:73:50:43:23:5a:9b:9a:f9:8f:ff:41:15:e5:9c:12:
- 9e:29:55:5c:79:9c:89:0c:c8:8a:82:86:b1:96:ae:7c:7d:4f:
- 0b:fd:e3:9e:8b:a5:4d:88:55:05:ad:6c:63:aa:74:0c:41:0d:
- 47:22:cc:1a:45:02:92:5e:d1:e0:b9:31:52:ff:f6:30:f0:87:
- 2c:dd:fa:fa:b9:cc:45:cb:36:33:5b:35:7f:5f:05:4f:e0:8f:
- 9a:e4:d2:fa:c9:d4:fc:62:99:ac:59:fb:fd:04:bc:5a:c0:47:
- 5e:5d:3d:df:31:8c:7f:dc:00:cb:cb:c0:f4:62:41:44:db:1d:
- ba:c0:ad:8a
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
-AAOCAQEAaOYD8LpE58zhsgdsVsi+t7qAYcj5Zlfhy2B9zY0PZrDyYUX9/MiTlbu0
-FAB2x+FXpuJgMYv84Q9oJEy7HcW2d+wj4VtPEGxq4G3nNPhyFK4WVyWL6LlxodB4
-6hjBUcQuJm3LgI2lud7nN8Er7OiYxvkav/6j3j3WWZhF3EqmrQqvc1BDI1qbmvmP
-/0EV5ZwSnilVXHmciQzIioKGsZaufH1PC/3jnoulTYhVBa1sY6p0DEENRyLMGkUC
-kl7R4LkxUv/2MPCHLN36+rnMRcs2M1s1f18FT+CPmuTS+snU/GKZrFn7/QS8WsBH
-Xl093zGMf9wAy8vA9GJBRNsdusCtig==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/cert_sha512.crt b/programs/ssl/test-ca/cert_sha512.crt
deleted file mode 100644
index 4bb4eed..0000000
--- a/programs/ssl/test-ca/cert_sha512.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11 (0xb)
- Signature Algorithm: sha512WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha512WithRSAEncryption
- 84:68:78:72:54:00:bf:8a:45:28:35:be:18:47:d8:69:f6:67:
- de:a6:f8:a6:d0:fd:9f:79:f7:e8:02:8a:c3:83:5d:85:45:cc:
- b6:98:77:a7:18:3f:6b:d2:e4:d0:af:d5:52:d9:db:7e:4a:d3:
- 68:b0:08:64:14:de:c2:3b:1d:7b:ac:79:ad:49:5a:4c:f6:d2:
- 35:ef:a4:8c:b7:5b:d1:0b:7b:50:c6:9c:48:3e:96:3b:1b:0b:
- 0e:e8:10:3f:8c:3b:4f:6b:1d:5c:3a:27:f3:43:22:ac:37:11:
- 71:b8:07:66:b0:f8:71:c3:22:cf:f4:96:83:93:fb:42:b0:1a:
- 43:f9:4b:df:cb:5f:0f:ba:9e:80:f1:ff:08:3a:46:51:dc:d0:
- 36:bd:b1:c4:ca:fb:00:12:e7:e0:37:70:40:0e:73:19:63:c2:
- e5:da:56:77:07:68:a5:40:9e:d6:0f:ad:b5:b3:b2:f5:3f:01:
- e8:68:e7:a3:b0:d7:f3:dd:ff:b6:d7:8f:75:4e:25:ab:12:32:
- 99:45:ad:57:40:de:d7:b4:0d:d0:c3:66:89:47:f2:0c:b2:b5:
- df:52:0e:fa:63:62:65:89:07:4a:80:69:0e:4e:ba:c0:43:5d:
- 05:75:22:cf:50:f9:ac:bd:ef:8d:8c:10:08:b6:8b:62:4f:a1:
- 60:55:a3:0d
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
-AAOCAQEAhGh4clQAv4pFKDW+GEfYafZn3qb4ptD9n3n36AKKw4NdhUXMtph3pxg/
-a9Lk0K/VUtnbfkrTaLAIZBTewjsde6x5rUlaTPbSNe+kjLdb0Qt7UMacSD6WOxsL
-DugQP4w7T2sdXDon80MirDcRcbgHZrD4ccMiz/SWg5P7QrAaQ/lL38tfD7qegPH/
-CDpGUdzQNr2xxMr7ABLn4DdwQA5zGWPC5dpWdwdopUCe1g+ttbOy9T8B6Gjno7DX
-893/ttePdU4lqxIymUWtV0De17QN0MNmiUfyDLK131IO+mNiZYkHSoBpDk66wENd
-BXUiz1D5rL3vjYwQCLaLYk+hYFWjDQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/client1.crt b/programs/ssl/test-ca/client1.crt
deleted file mode 100644
index e532a13..0000000
--- a/programs/ssl/test-ca/client1.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:95:31:a2:ea:fb:4a:e0:94:a5:e4:49:69:b9:50:
- 7c:de:24:a0:26:f7:4a:a2:a5:c8:da:a4:a3:0e:a2:
- 82:5d:11:d1:4e:30:48:ca:c2:2e:41:8b:ce:ca:8c:
- 50:76:2e:22:d6:ad:b0:98:c5:d6:a3:0b:f9:93:83:
- 2a:47:23:01:b3:93:c9:51:61:a8:f5:27:a6:b8:fb:
- cc:88:20:0b:61:f4:19:77:3c:24:92:94:85:4a:ae:
- be:89:69:c0:12:22:b0:5f:19:7c:c6:0c:80:a9:c9:
- c6:7f:ea:9b:13:cf:ca:56:f5:5d:86:46:10:a3:17:
- c7:28:1a:96:e4:3b:78:49:f0:44:e5:71:0b:e6:ee:
- b4:39:8c:e6:36:1b:bd:6b:63:7a:dc:74:5a:53:99:
- c9:d6:1c:c2:45:04:2a:4b:95:42:c6:8e:a9:79:69:
- e6:b7:d3:6f:df:f2:fa:6f:65:e8:d7:13:68:88:70:
- 0e:6e:cd:aa:2d:be:13:c4:df:d7:f3:8f:97:88:2c:
- 70:0e:cc:dd:14:d7:db:d0:8b:12:a6:e4:3f:e6:43:
- bb:10:4e:d6:70:80:a7:99:af:52:24:fe:39:81:c2:
- a1:39:a8:63:ed:81:07:b2:09:49:9c:9d:bd:2e:69:
- 14:25:a2:9f:f3:ef:42:6a:62:2f:b7:ae:2c:71:ba:
- d9:59
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- DC:6E:4E:97:49:B9:7C:E5:B3:EA:E3:F9:85:A2:D2:F9:45:4C:CC:3B
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 06:a1:49:14:9c:4a:be:34:50:2b:a5:9f:04:3a:09:23:fb:ec:
- 04:e8:a3:f7:c5:80:1d:87:f6:3d:46:ca:dd:14:5d:e9:06:69:
- 72:9b:8c:c5:18:f2:2b:b9:7c:ed:1b:41:8d:f5:8e:c8:0a:fd:
- c0:7b:3e:72:f0:1c:d0:eb:0d:de:04:87:8a:35:44:a0:c5:68:
- 6b:8f:0e:5c:ee:d9:fb:de:99:9b:94:42:f6:b1:14:24:5e:77:
- 0a:9c:1d:94:55:c8:85:08:6d:2e:6d:65:4e:6f:62:ef:4d:f0:
- 7b:c6:eb:7e:e9:5a:65:1c:aa:d1:f5:36:39:81:37:cf:90:14:
- be:ce:a8:fe:bf:53:e1:ee:06:ee:42:a1:d8:19:58:a2:02:26:
- b8:96:92:e8:e8:62:5b:c2:a1:33:bc:f1:5b:03:8b:25:67:40:
- de:e7:f5:f5:af:cd:8c:86:18:8d:66:c7:5d:0e:c0:57:f1:dc:
- c2:24:58:0c:40:14:93:6b:6b:17:34:f1:cd:07:35:d0:76:68:
- 1b:9b:7a:b0:a7:a6:8a:3a:cc:e9:e1:a5:5a:8d:c6:16:7d:c9:
- f7:80:33:20:ae:5d:8b:8b:f3:52:8a:2c:7f:6d:a9:c2:3a:41:
- 44:e3:41:c1:69:6f:aa:53:41:39:69:1e:a8:8f:2e:47:70:06:
- 62:f7:da:77
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTGi6vtK4JSl5ElpuVB83iSgJvdK
-oqXI2qSjDqKCXRHRTjBIysIuQYvOyoxQdi4i1q2wmMXWowv5k4MqRyMBs5PJUWGo
-9SemuPvMiCALYfQZdzwkkpSFSq6+iWnAEiKwXxl8xgyAqcnGf+qbE8/KVvVdhkYQ
-oxfHKBqW5Dt4SfBE5XEL5u60OYzmNhu9a2N63HRaU5nJ1hzCRQQqS5VCxo6peWnm
-t9Nv3/L6b2Xo1xNoiHAObs2qLb4TxN/X84+XiCxwDszdFNfb0IsSpuQ/5kO7EE7W
-cICnma9SJP45gcKhOahj7YEHsglJnJ29LmkUJaKf8+9CamIvt64scbrZWQIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTcbk6XSbl85bPq4/mFotL5RUzMOzAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEABqFJFJxKvjRQK6WfBDoJI/vsBOij98WAHYf2PUbK3RRd6QZpcpuMxRjyK7l8
-7RtBjfWOyAr9wHs+cvAc0OsN3gSHijVEoMVoa48OXO7Z+96Zm5RC9rEUJF53Cpwd
-lFXIhQhtLm1lTm9i703we8brfulaZRyq0fU2OYE3z5AUvs6o/r9T4e4G7kKh2BlY
-ogImuJaS6OhiW8KhM7zxWwOLJWdA3uf19a/NjIYYjWbHXQ7AV/HcwiRYDEAUk2tr
-FzTxzQc10HZoG5t6sKemijrM6eGlWo3GFn3J94AzIK5di4vzUoosf22pwjpBRONB
-wWlvqlNBOWkeqI8uR3AGYvfadw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/client1.key b/programs/ssl/test-ca/client1.key
deleted file mode 100644
index 8a55d88..0000000
--- a/programs/ssl/test-ca/client1.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAlTGi6vtK4JSl5ElpuVB83iSgJvdKoqXI2qSjDqKCXRHRTjBI
-ysIuQYvOyoxQdi4i1q2wmMXWowv5k4MqRyMBs5PJUWGo9SemuPvMiCALYfQZdzwk
-kpSFSq6+iWnAEiKwXxl8xgyAqcnGf+qbE8/KVvVdhkYQoxfHKBqW5Dt4SfBE5XEL
-5u60OYzmNhu9a2N63HRaU5nJ1hzCRQQqS5VCxo6peWnmt9Nv3/L6b2Xo1xNoiHAO
-bs2qLb4TxN/X84+XiCxwDszdFNfb0IsSpuQ/5kO7EE7WcICnma9SJP45gcKhOahj
-7YEHsglJnJ29LmkUJaKf8+9CamIvt64scbrZWQIDAQABAoIBAAnyv1xP2VRUVSN9
-ybDzrv/ZDVzLzIw/5b6+j6jgKTUvhPdjvNbYT+FLA0T6Sjs3JFeQSWBGgONqXv/5
-FQ6dRPXGevwUOQHv3OwkziSdjmS/tBsBRacIhELQmB/tj0MmUQBmYK2ME+A+dh/9
-cs3FY0adIdlcPqvBYCRKcZlSZdj4NG9Ysmaw4GxxHDSOaFawShmdqXwPojy7SFi2
-z7kcFcR8KXkgnnWZvLHOfWqZXgpt+B1FZ5H2/trsJXRz2MpuJz1bk1bPiw608i+7
-dHaah+puj3/VKdBVOf6e1EKnyVw6UnJqZeUnp963zVFeld3UxzMr6fTsOxw/pVXg
-FFDK0SECgYEAxXn5symC/qe5xffw65VCy697joowClkeu6xtJmxqFDLuH99UiA7b
-Y9M2l4pJkdenGuPEpdEm/GZaJ30dV7ppBsKbdCUTXcroPhEWcc3dYWaA/QLrFzbp
-lg6j4EppiJovnT9iu9ZUXRo647pXYXqsSvfdShqvdIU5DnED9FI8wdUCgYEAwWiW
-htIVaZI0GTuNxQBi87ikueCLtSgT3zrKxnu1f9qhtipOGcFxwveTxsVQUo62UW/b
-g12lsYhqWETfIgIlackIkOvIJncLGNiMopoNZlnjq0iEkruUWsdVypN14FrDezSv
-yaAL6wKteSWmH+zB/22PI+NubtkqcXF2qBRLt3UCgYEAq7arrOHM2VjJTl6RrJhm
-s6zMuJ5qtaTW94QwiTe+af/7VdWhsImStdPkZZNG871cviIOTc13pAPwIuRFTpJ2
-Xv17pVvT4jvdBJNhO+YxuU8jnF4cRFxocyYZ05+A8tp3yrliRklRpH95c6oF72p3
-RN0RHC3mIWDywx78vEeCM10CgYEAsDfa7nv7hnTvgw3/3b68adOSQsmUgTpC4OFw
-X+fXNua88H0bK9xVCo8I1dJxnMbq1shT+R0aGudv/XzC0PmjnP7ODzzE4EcWlUy4
-1m4GR3sfNLCeGhNO2GdGg4xXmlMYSOl4QPzR3w5RgFANTIkrOM9Z3BkcRWMYiMQY
-mIvlcQECgYBtKT8Zyfs+anDMBrLAXhHOKjz9a4gtF04pmScURTRK2s4ljLxk1Mrq
-O2IcULXSwOkHW9qQw4gBdaLAg1XddoMrzNiv5oPKQkDqoc4QmRPM4cx5juHGflc8
-NZxGS6eA8ddtvrOWmLt3gY0ocRDrStKgWWoda4jG6bu6q3dQOi2sZQ==
------END RSA PRIVATE KEY-----
diff --git a/programs/ssl/test-ca/client2.crt b/programs/ssl/test-ca/client2.crt
deleted file mode 100644
index b800f98..0000000
--- a/programs/ssl/test-ca/client2.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c8:74:c4:cc:b9:f9:b5:79:e9:45:d9:14:60:b0:
- 7d:bb:93:f2:6b:1e:9f:33:ad:0d:8f:8a:3c:56:65:
- e5:dc:44:d9:cc:66:85:07:d5:f8:27:b0:4a:35:d0:
- 63:9e:0a:6e:1b:b7:da:f0:7e:ab:ee:0c:10:93:86:
- 49:18:34:f3:a8:2a:d2:57:f5:2e:d4:2f:77:29:84:
- 61:4d:82:50:8f:a7:95:48:70:f5:6e:4d:b2:d5:13:
- c3:d2:1a:ed:e6:43:ea:42:14:eb:74:ea:c0:ed:1f:
- d4:57:4e:a9:f3:a8:ed:d2:e0:c1:30:71:30:32:30:
- d5:d3:f6:08:d0:56:4f:46:8e:f2:5f:f9:3d:67:91:
- 88:30:2e:42:b2:df:7d:fb:e5:0c:77:ff:ec:31:c0:
- 78:8f:bf:c2:7f:ca:ad:6c:21:d6:8d:d9:8b:6a:8e:
- 6f:e0:9b:f8:10:56:cc:b3:8e:13:15:e6:34:04:66:
- c7:ee:f9:36:0e:6a:95:f6:09:9a:06:67:f4:65:71:
- f8:ca:a4:b1:25:e0:fe:3c:8b:35:04:67:ba:e0:4f:
- 76:85:fc:7f:fc:36:6b:b5:e9:cd:2d:03:62:4e:b3:
- 3d:00:cf:af:76:a0:69:56:83:6a:d2:a8:d4:e7:50:
- 71:e6:b5:36:05:77:05:6d:7b:c8:e4:c4:fd:4c:d5:
- 21:5f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 71:A1:00:73:72:40:2F:54:76:5E:33:FC:52:8F:BC:F1:DD:6B:46:21
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 02:7f:3a:8a:c0:0c:f1:7f:a6:57:02:6a:78:8b:6d:e8:4f:6c:
- 96:11:10:6c:0a:1f:ca:4f:9d:88:7d:4b:87:c6:3d:88:b9:56:
- 41:22:9b:c3:f5:17:62:3c:79:2c:b3:d9:72:78:a8:bf:12:1c:
- 01:10:bf:06:3c:99:47:d8:37:53:04:c7:34:63:66:fa:bc:2b:
- a9:ad:79:be:2b:8d:38:50:5c:87:29:17:fc:ea:ec:93:4d:84:
- 1f:b3:51:02:5c:39:58:b3:e8:ad:88:c4:0f:a7:1d:55:08:01:
- 97:da:2d:f7:71:dd:26:88:11:89:70:b1:12:b3:3b:34:2f:3f:
- 78:fe:75:d6:68:ea:fa:e2:c3:8c:b2:87:f1:93:d0:f0:8e:1e:
- 90:72:67:ae:82:ec:0e:42:30:5c:a1:88:b2:f2:01:1d:0c:b6:
- 69:cf:cd:c0:72:c2:40:e2:ba:99:fb:a6:d6:94:71:e7:65:78:
- 52:db:b9:74:b2:e3:0f:96:cc:c4:e0:42:ec:a5:38:c5:92:ae:
- 31:75:d9:33:af:fd:dd:86:f9:d4:af:c9:e1:a8:5f:d5:3c:49:
- 95:35:97:b6:7c:c3:af:db:1a:11:87:4d:cb:64:8a:63:fe:99:
- 88:33:47:0f:eb:2d:a4:02:a2:40:b0:16:68:0b:ac:21:62:98:
- 13:2c:3d:31
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
-M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
-1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
-MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
-4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
-/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAAn86isAM8X+mVwJqeItt6E9slhEQbAofyk+diH1Lh8Y9iLlWQSKbw/UXYjx5
-LLPZcniovxIcARC/BjyZR9g3UwTHNGNm+rwrqa15viuNOFBchykX/Orsk02EH7NR
-Alw5WLPorYjED6cdVQgBl9ot93HdJogRiXCxErM7NC8/eP511mjq+uLDjLKH8ZPQ
-8I4ekHJnroLsDkIwXKGIsvIBHQy2ac/NwHLCQOK6mfum1pRx52V4Utu5dLLjD5bM
-xOBC7KU4xZKuMXXZM6/93Yb51K/J4ahf1TxJlTWXtnzDr9saEYdNy2SKY/6ZiDNH
-D+stpAKiQLAWaAusIWKYEyw9MQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/client2.key b/programs/ssl/test-ca/client2.key
deleted file mode 100644
index ee1be38..0000000
--- a/programs/ssl/test-ca/client2.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF
-B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1
-bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9
-Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH
-7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v
-dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst
-yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz
-4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt
-ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA
-zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d
-l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf
-DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT
-VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL
-Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7
-wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys
-c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi
-33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60
-ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0
-BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW
-KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+
-UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc
-7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq
-gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu
-bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv
-8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==
------END RSA PRIVATE KEY-----
diff --git a/programs/ssl/test-ca/client2.pfx b/programs/ssl/test-ca/client2.pfx
deleted file mode 100644
index e6df4ea..0000000
--- a/programs/ssl/test-ca/client2.pfx
+++ /dev/null
Binary files differ
diff --git a/programs/ssl/test-ca/crl.pem b/programs/ssl/test-ca/crl.pem
deleted file mode 100644
index 2bd1096..0000000
--- a/programs/ssl/test-ca/crl.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_md2.pem b/programs/ssl/test-ca/crl_md2.pem
deleted file mode 100644
index e69de29..0000000
--- a/programs/ssl/test-ca/crl_md2.pem
+++ /dev/null
diff --git a/programs/ssl/test-ca/crl_md4.pem b/programs/ssl/test-ca/crl_md4.pem
deleted file mode 100644
index 1f77dab..0000000
--- a/programs/ssl/test-ca/crl_md4.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEDBQADggEBAIJtYXy3uwIpmSGfi9muS8xv
-36FT6g3s1V/xicdPa54juJgBI6sxHKzQtbSNIbqadEWwUtvQ8k1EMRo9UGObhRV8
-i+UWm5qi0GFV7nMi4E2p2Ji/sFKtgdxkzhCfn+p3MoGgx/nC7YtwpnNdF+kuCV1M
-JTPqfm+taZkYADOafP/hRaPx3TI+HNE3ux4Cb7hNpWdfWzt48ZPMuhCMzItLd/UK
-xxjJam9XAGUTKi7+eWtma9XzmYOIElQv2KFPVMcx5nvg039rrWK6tObGL67kCfTH
-v+nIx7rAOW6UNU8aj1kfJHYjEKMBH1I9wjMSHUpkxBLQOKlPNRksiEVsIhmEVss=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_md5.pem b/programs/ssl/test-ca/crl_md5.pem
deleted file mode 100644
index 1b17967..0000000
--- a/programs/ssl/test-ca/crl_md5.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEEBQADggEBAKKCJZ1MwL+gKAw3RV4qEmb9
-gMDdSLJ1Vdkn9FgDx2ijNnYDtvaW+I3sOXrq7O6gVN1KEamJJbufVJA5+OE2oVbC
-husEdgQm8D5TbrGcjPIPWxgYyuuRsl7XovZhXnqTIUrC+J8oH9XzKaMc+HZb5UhR
-h8bzcyp+9jbBje7lWwKTzkuvd/I7VbS02TUkWFJTrYB0Laj8WMcgcZiyX0iZuj8j
-4hOupu0lPoSzZ4h7t0Vmay6wO+8n8LJohyiwYS7LddpOjIdP0MWifN7u/ArqNNlh
-2kg8eAc1pYOU/pJFTAAbOmC/kQpa9skd+PPIPPh9T53o3yeDQA0vFqN92JryCCU=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_sha1.pem b/programs/ssl/test-ca/crl_sha1.pem
deleted file mode 100644
index 049bebf..0000000
--- a/programs/ssl/test-ca/crl_sha1.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAG64jqn7VLdvnKROsbCPR8w9
-xnox9vjuM2lGWema9sTuptw9EhArVSbibXZ1IPPyrEy1QOq3NukBqUW3KzOzYV5M
-BxZSa28FTQxtVChWkDUIMCK8BSxy07yieFf/3A8mbfcW3ZzN4akLxOweuFp6l2H7
-9oa2jeUi1BlHCZS6JYI2pHZl8qiMRiqqMleSM2k1w7TraKLNBFM8UK72brXeZjPi
-nNOzdYsQDzWo1HW7dsLWLfZKoJeyqvofVDQpC5dO56kty/do89z1OnEXfzMNeVVT
-JCeAOzuu6kdrf+9keRoWhcIoBos/XtTV57u0pgr81bLgjj5PYivevKL/kKbyvKI=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_sha224.pem b/programs/ssl/test-ca/crl_sha224.pem
deleted file mode 100644
index 066f5be..0000000
--- a/programs/ssl/test-ca/crl_sha224.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEOBQADggEBAL2sIly2OwgBu9UfEImduTG/
-RtGEO8RkXbCRJPLZaVGQh9b8rCRVHL9tIWm372FVkKyYEm3mIrl2ry16RznRt5yx
-Dd8/DKUGUlIe1KwzjDc9O7bv1FDSXHd1USmGTheKDHNtuJXYENMHdoyR2k2BVGOZ
-ie4zUcSpqyMjBlUjgNmXN6gQIcrRImumVUjMk74+rWTa0hQ0piF2qlRuE1dDqcZP
-LkE/92rbnFeRAO91XUeEj13dif2UjlArFWd62AFp0wtIn2sb7wahhUj9/rEs6Wgx
-kdiNsRMto6/ixLrPu3vxs80ZPWHey587T1ZZ9bS/wDkp9W+W0rGyRoPVmqiKtvM=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_sha256.pem b/programs/ssl/test-ca/crl_sha256.pem
deleted file mode 100644
index c3ca256..0000000
--- a/programs/ssl/test-ca/crl_sha256.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore
-mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb
-0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi
-lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake
-EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F
-5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_sha384.pem b/programs/ssl/test-ca/crl_sha384.pem
deleted file mode 100644
index b3baa2a..0000000
--- a/programs/ssl/test-ca/crl_sha384.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEMBQADggEBAC0GpmRvsrvshp1q/SXk80HA
-m28ZvEuys9zY5/AnrtYHQfsX9QRJk5li7PlnzHtVGp8I5Qi4mJVPaJ+JmhqAc/oo
-NPmxDx8m9XF9v0XHzqQZIWlPXH8QM9WLzTazbQFXhuwnZ6LPhpo+m8cbN91mUFil
-9g+SGkma+VYV+yPRNmKyldcRVvPZUIkhTCMWkZoYrbDXUmkVQpsgz2c5ksIeMI/7
-4Qj9J38I9AOt0DlQ3etFhNc0OMnR7zY8tn9B4dejoNklEZfiyDxsDZVPusZrxnWM
-WxuehOGHZf3YESjLMtR7BW26QRHIF/nhGDHsbLiunxXI6eJlbYFoZMfwc6TMqnc=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/crl_sha512.pem b/programs/ssl/test-ca/crl_sha512.pem
deleted file mode 100644
index 4d712e5..0000000
--- a/programs/ssl/test-ca/crl_sha512.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQENBQADggEBAH6GU24hd6d/5PmDusT+h2Kl
-e7scmhkZDPU+VJSnzHdEREYTPaoFqyVBuJOE95lZELEqdOauhO3lG2WEQVGcgEcv
-4jS2EzR3BYex1c1upqGtdIvIoA9TOLukdy6KeauomiWho2Kd7bSaXHy20jwdkLko
-/t3lVhTtBvKbh8XHVYwCaw1aCj3LydwNcS+zPnRgsMVHszFxmMNn5HCRW8lbYwcf
-UA98OmxIZs2hpBKRpvlfA5y6sXEx2+tSMg+MJrziGBgG6OR/m+KTaK5Yle9nrC+7
-hzKIe83hpktvfB1CY5Ak4Uke9/1FRqAjs5KCRxYSGQ7ZdS7DgAeGwT3slLbl/tY=
------END X509 CRL-----
diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
deleted file mode 100755
index 65cf9aa..0000000
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/sh
-rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
-
-touch index
-echo "01" > serial
-
-PASSWORD=PolarSSLTest
-
-echo "Generating CA"
-cat sslconf.txt > sslconf_use.txt
-echo "CN=PolarSSL Test CA" >> sslconf_use.txt
-
-openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
- -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
- -passout pass:$PASSWORD
-
-echo "Generating rest"
-openssl genrsa -out server1.key 2048
-openssl genrsa -out server2.key 2048
-openssl genrsa -out client1.key 2048
-openssl genrsa -out client2.key 2048
-openssl genrsa -out cert_digest.key 2048
-
-echo "Generating requests"
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD2" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md2.req -md2
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD4" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md4.req -md4
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD5" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md5.req -md5
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA1" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha1.req -sha1
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha224.req -sha224
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha256.req -sha256
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.req -sha384
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=*.example.com" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_wildcard.req
-
-cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
-echo "[ v3_req ]" >> sslconf_use.txt
-echo "subjectAltName = \"DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
-openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
-
-echo "Signing requests"
-for i in server1 server2 client1 client2;
-do
- openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
- -batch -in $i.req
-done
-
-for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
-do
- openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
- -batch -in cert_$i.req -md $i
-done
-
-for i in example_wildcard example_multi;
-do
- openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
- -batch -in cert_$i.req
-done
-
-echo "Revoking firsts"
-openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
-openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
-openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
-
-for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
-do
- openssl ca -batch -config sslconf.txt -gencrl -out crl_$i.pem -md $i -passin pass:$PASSWORD
-done
-
-echo "Verifying second"
-openssl x509 -in server2.crt -text -noout
-cat test-ca.crt crl.pem > ca_crl.pem
-openssl verify -CAfile ca_crl.pem -crl_check server2.crt
-rm ca_crl.pem
-
-echo "Generating PKCS12"
-openssl pkcs12 -export -in client2.crt -inkey client2.key \
- -out client2.pfx -passout pass:$PASSWORD
-
-rm *.old sslconf_use.txt
diff --git a/programs/ssl/test-ca/index b/programs/ssl/test-ca/index
deleted file mode 100644
index a334c8e..0000000
--- a/programs/ssl/test-ca/index
+++ /dev/null
@@ -1,17 +0,0 @@
-R 210212144406Z 110212144407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1
-V 210212144406Z 02 unknown /C=NL/O=PolarSSL/CN=localhost
-R 210212144406Z 110212144407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Client 1
-V 210212144407Z 04 unknown /C=NL/O=PolarSSL/CN=PolarSSL Client 2
-V 210212144407Z 05 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert MD4
-V 210212144407Z 06 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert MD5
-V 210212144407Z 07 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA1
-V 210212144407Z 08 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA224
-V 210212144407Z 09 unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA256
-V 210212144407Z 0A unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA384
-V 210212144407Z 0B unknown /C=NL/O=PolarSSL/CN=PolarSSL Cert SHA512
-V 220207160636Z 0C unknown /C=NL/O=PolarSSL/CN=*.example.com
-V 220207160636Z 0D unknown /C=NL/O=PolarSSL/CN=example.com
-V 220207160636Z 0E unknown /C=NL/O=PolarSSL/CN=www.example.com
-V 220207160636Z 0F unknown /C=NL/O=PolarSSL/CN=www.example.com
-V 220211172555Z 10 unknown /C=NL/O=PolarSSL/CN=www.example.com
-V 220511132341Z 11 unknown /C=NL/O=PolarSSL/CN=www.example.com
diff --git a/programs/ssl/test-ca/index.attr b/programs/ssl/test-ca/index.attr
deleted file mode 100644
index 3a7e39e..0000000
--- a/programs/ssl/test-ca/index.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = no
diff --git a/programs/ssl/test-ca/newcerts/01.pem b/programs/ssl/test-ca/newcerts/01.pem
deleted file mode 100644
index 7e353cc..0000000
--- a/programs/ssl/test-ca/newcerts/01.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Server 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:a9:02:1f:3d:40:6a:d5:55:53:8b:fd:36:ee:82:
- 65:2e:15:61:5e:89:bf:b8:e8:45:90:db:ee:88:16:
- 52:d3:f1:43:50:47:96:12:59:64:87:6b:fd:2b:e0:
- 46:f9:73:be:dd:cf:92:e1:91:5b:ed:66:a0:6f:89:
- 29:79:45:80:d0:83:6a:d5:41:43:77:5f:39:7c:09:
- 04:47:82:b0:57:39:70:ed:a3:ec:15:19:1e:a8:33:
- 08:47:c1:05:42:a9:fd:4c:c3:b4:df:dd:06:1f:4d:
- 10:51:40:67:73:13:0f:40:f8:6d:81:25:5f:0a:b1:
- 53:c6:30:7e:15:39:ac:f9:5a:ee:7f:92:9e:a6:05:
- 5b:e7:13:97:85:b5:23:92:d9:d4:24:06:d5:09:25:
- 89:75:07:dd:a6:1a:8f:3f:09:19:be:ad:65:2c:64:
- eb:95:9b:dc:fe:41:5e:17:a6:da:6c:5b:69:cc:02:
- ba:14:2c:16:24:9c:4a:dc:cd:d0:f7:52:67:73:f1:
- 2d:a0:23:fd:7e:f4:31:ca:2d:70:ca:89:0b:04:db:
- 2e:a6:4f:70:6e:9e:ce:bd:58:89:e2:53:59:9e:6e:
- 5a:92:65:e2:88:3f:0c:94:19:a3:dd:e5:e8:9d:95:
- 13:ed:29:db:ab:70:12:dc:5a:ca:6b:17:ab:52:82:
- 54:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 1F:74:D6:3F:29:C1:74:74:45:3B:05:12:2C:3D:A8:BD:43:59:02:A6
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- bd:cf:96:c1:95:1e:9a:c2:6e:d8:88:88:d8:2a:7a:96:20:3e:
- 50:0b:c8:c7:df:1d:41:ed:e4:66:cd:b3:02:81:7d:57:04:1b:
- 5d:c6:33:59:0f:c1:20:b9:23:34:89:8a:6c:f2:fd:c7:48:36:
- 8c:80:e7:e1:9b:c6:60:5c:b0:33:02:0e:fd:df:be:61:bc:18:
- 89:0c:38:db:fb:fb:46:23:32:f7:8c:c1:3e:7c:de:1e:2f:3a:
- 77:2f:f4:8e:93:8e:25:4c:77:21:74:6c:18:b7:72:8d:bf:f5:
- 4f:5d:64:95:c1:6a:1a:70:11:88:af:bc:55:8a:25:30:f3:fa:
- 69:f2:af:2d:75:fb:2b:89:22:52:9b:05:42:15:29:13:95:5e:
- 33:9a:55:d4:c7:22:d8:44:ce:25:ab:b6:70:ee:34:14:9b:c8:
- fc:2f:56:ff:04:7e:18:00:2b:31:ac:36:7f:11:bb:ec:4d:e5:
- 69:a6:b4:2c:03:a5:7b:13:3a:03:82:8e:6f:97:f9:70:64:cc:
- e4:88:7a:b4:41:79:15:5a:b7:ff:db:f3:34:86:0c:6b:51:6a:
- cd:a7:01:2d:91:7c:cd:21:d8:2c:48:a6:5c:17:73:8c:1a:0d:
- e2:a0:d4:fd:6c:d1:c9:84:41:46:30:08:e3:d9:b3:1d:7e:ab:
- 6a:57:aa:9f
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
-uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
-d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
-CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
-lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
-bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj
-NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0
-jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp
-E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6
-A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU
-/WzRyYRBRjAI49mzHX6raleqnw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/02.pem b/programs/ssl/test-ca/newcerts/02.pem
deleted file mode 100644
index dca4c24..0000000
--- a/programs/ssl/test-ca/newcerts/02.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c1:4d:a3:dd:e7:cd:1d:d1:04:d7:49:72:b8:99:
- ac:0e:78:e4:3a:3c:4a:cf:3a:13:16:d0:5a:e4:cd:
- a3:00:88:a7:ee:1e:6b:96:a7:52:b4:90:ef:2d:72:
- 7a:3e:24:9a:fc:b6:34:ac:24:f5:77:e0:26:64:8c:
- 9c:b0:28:7d:a1:da:ea:8c:e6:c9:1c:96:bc:fe:c1:
- 04:52:b3:36:d4:a3:fa:e1:b1:76:d8:90:c1:61:b4:
- 66:52:36:a2:26:53:aa:ab:74:5e:07:7d:19:82:db:
- 2a:d8:1f:a0:d9:0d:1c:2d:49:66:f7:5b:25:73:46:
- e8:0b:8a:4f:69:0c:b5:00:90:e1:da:82:10:66:7d:
- ae:54:2b:8b:65:79:91:a1:e2:61:c3:cd:40:49:08:
- ee:68:0c:f1:8b:86:d2:46:bf:d0:b8:aa:11:03:1e:
- 7f:56:a8:1a:1e:44:18:0f:0f:85:8b:da:8b:44:5e:
- e2:18:c6:62:2f:c7:66:8d:fa:5d:d8:7d:f3:27:89:
- 29:01:c5:90:0e:3f:27:f1:30:c8:4a:0e:ef:d6:de:
- c7:c7:27:6b:c7:05:3d:7a:c4:02:3c:9a:1d:3e:0f:
- e8:34:98:5b:cb:73:4b:52:96:d8:11:a2:2c:80:88:
- 69:39:5a:d3:0f:b0:de:59:2f:11:c7:f7:ea:12:01:
- 30:97
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- A5:05:E8:64:B8:DC:DF:60:0F:50:12:4D:60:A8:64:AF:4D:8B:43:93
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 9c:67:5c:29:58:a0:79:1b:a7:bd:1c:a8:1a:ec:19:72:f2:6c:
- 0e:f8:73:36:ce:e5:17:4b:12:01:6c:ee:b1:d5:4b:da:fe:73:
- 6f:77:96:e4:bf:29:d9:62:2d:27:19:a8:0c:d8:57:29:70:51:
- f4:56:bc:a3:28:5a:11:d8:2a:9d:dd:10:84:b8:c5:35:e4:eb:
- fe:73:5f:18:6f:f5:1c:3c:48:67:3c:aa:7e:af:21:31:e4:d5:
- 2d:66:3d:eb:ed:7a:48:1a:b1:8e:58:89:64:2e:33:78:78:61:
- 59:51:1f:71:c7:10:c0:03:d5:39:c0:7b:17:d7:1c:70:c5:40:
- 67:be:05:dd:62:01:bc:f5:fe:c1:fd:1f:c9:78:4a:dc:17:e9:
- e8:2f:4c:ad:cc:c1:74:70:90:a9:2f:8c:a6:84:0c:0f:40:4d:
- b6:71:d2:62:3c:2c:6b:31:4a:e0:aa:7b:da:fd:77:28:e6:b6:
- d7:78:ec:9d:69:d5:1b:a5:cf:70:8b:cd:a4:5c:54:8b:92:45:
- 14:1f:68:3f:27:78:cf:5c:d5:2f:e2:27:f6:a6:4d:5a:89:c4:
- 0d:4a:39:d3:92:e7:bf:34:5a:13:df:48:0a:c0:fa:0e:2a:02:
- 64:a3:7a:57:37:a7:8c:16:a6:16:bc:ce:1b:98:c2:35:6e:5f:
- a2:47:1b:47
------BEGIN CERTIFICATE-----
-MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
-owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
-NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
-tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
-hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
-VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
-FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY
-oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw
-UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y
-iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M
-wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS
-RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8
-zhuYwjVuX6JHG0c=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/03.pem b/programs/ssl/test-ca/newcerts/03.pem
deleted file mode 100644
index e532a13..0000000
--- a/programs/ssl/test-ca/newcerts/03.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:95:31:a2:ea:fb:4a:e0:94:a5:e4:49:69:b9:50:
- 7c:de:24:a0:26:f7:4a:a2:a5:c8:da:a4:a3:0e:a2:
- 82:5d:11:d1:4e:30:48:ca:c2:2e:41:8b:ce:ca:8c:
- 50:76:2e:22:d6:ad:b0:98:c5:d6:a3:0b:f9:93:83:
- 2a:47:23:01:b3:93:c9:51:61:a8:f5:27:a6:b8:fb:
- cc:88:20:0b:61:f4:19:77:3c:24:92:94:85:4a:ae:
- be:89:69:c0:12:22:b0:5f:19:7c:c6:0c:80:a9:c9:
- c6:7f:ea:9b:13:cf:ca:56:f5:5d:86:46:10:a3:17:
- c7:28:1a:96:e4:3b:78:49:f0:44:e5:71:0b:e6:ee:
- b4:39:8c:e6:36:1b:bd:6b:63:7a:dc:74:5a:53:99:
- c9:d6:1c:c2:45:04:2a:4b:95:42:c6:8e:a9:79:69:
- e6:b7:d3:6f:df:f2:fa:6f:65:e8:d7:13:68:88:70:
- 0e:6e:cd:aa:2d:be:13:c4:df:d7:f3:8f:97:88:2c:
- 70:0e:cc:dd:14:d7:db:d0:8b:12:a6:e4:3f:e6:43:
- bb:10:4e:d6:70:80:a7:99:af:52:24:fe:39:81:c2:
- a1:39:a8:63:ed:81:07:b2:09:49:9c:9d:bd:2e:69:
- 14:25:a2:9f:f3:ef:42:6a:62:2f:b7:ae:2c:71:ba:
- d9:59
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- DC:6E:4E:97:49:B9:7C:E5:B3:EA:E3:F9:85:A2:D2:F9:45:4C:CC:3B
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 06:a1:49:14:9c:4a:be:34:50:2b:a5:9f:04:3a:09:23:fb:ec:
- 04:e8:a3:f7:c5:80:1d:87:f6:3d:46:ca:dd:14:5d:e9:06:69:
- 72:9b:8c:c5:18:f2:2b:b9:7c:ed:1b:41:8d:f5:8e:c8:0a:fd:
- c0:7b:3e:72:f0:1c:d0:eb:0d:de:04:87:8a:35:44:a0:c5:68:
- 6b:8f:0e:5c:ee:d9:fb:de:99:9b:94:42:f6:b1:14:24:5e:77:
- 0a:9c:1d:94:55:c8:85:08:6d:2e:6d:65:4e:6f:62:ef:4d:f0:
- 7b:c6:eb:7e:e9:5a:65:1c:aa:d1:f5:36:39:81:37:cf:90:14:
- be:ce:a8:fe:bf:53:e1:ee:06:ee:42:a1:d8:19:58:a2:02:26:
- b8:96:92:e8:e8:62:5b:c2:a1:33:bc:f1:5b:03:8b:25:67:40:
- de:e7:f5:f5:af:cd:8c:86:18:8d:66:c7:5d:0e:c0:57:f1:dc:
- c2:24:58:0c:40:14:93:6b:6b:17:34:f1:cd:07:35:d0:76:68:
- 1b:9b:7a:b0:a7:a6:8a:3a:cc:e9:e1:a5:5a:8d:c6:16:7d:c9:
- f7:80:33:20:ae:5d:8b:8b:f3:52:8a:2c:7f:6d:a9:c2:3a:41:
- 44:e3:41:c1:69:6f:aa:53:41:39:69:1e:a8:8f:2e:47:70:06:
- 62:f7:da:77
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTGi6vtK4JSl5ElpuVB83iSgJvdK
-oqXI2qSjDqKCXRHRTjBIysIuQYvOyoxQdi4i1q2wmMXWowv5k4MqRyMBs5PJUWGo
-9SemuPvMiCALYfQZdzwkkpSFSq6+iWnAEiKwXxl8xgyAqcnGf+qbE8/KVvVdhkYQ
-oxfHKBqW5Dt4SfBE5XEL5u60OYzmNhu9a2N63HRaU5nJ1hzCRQQqS5VCxo6peWnm
-t9Nv3/L6b2Xo1xNoiHAObs2qLb4TxN/X84+XiCxwDszdFNfb0IsSpuQ/5kO7EE7W
-cICnma9SJP45gcKhOahj7YEHsglJnJ29LmkUJaKf8+9CamIvt64scbrZWQIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTcbk6XSbl85bPq4/mFotL5RUzMOzAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEABqFJFJxKvjRQK6WfBDoJI/vsBOij98WAHYf2PUbK3RRd6QZpcpuMxRjyK7l8
-7RtBjfWOyAr9wHs+cvAc0OsN3gSHijVEoMVoa48OXO7Z+96Zm5RC9rEUJF53Cpwd
-lFXIhQhtLm1lTm9i703we8brfulaZRyq0fU2OYE3z5AUvs6o/r9T4e4G7kKh2BlY
-ogImuJaS6OhiW8KhM7zxWwOLJWdA3uf19a/NjIYYjWbHXQ7AV/HcwiRYDEAUk2tr
-FzTxzQc10HZoG5t6sKemijrM6eGlWo3GFn3J94AzIK5di4vzUoosf22pwjpBRONB
-wWlvqlNBOWkeqI8uR3AGYvfadw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/04.pem b/programs/ssl/test-ca/newcerts/04.pem
deleted file mode 100644
index b800f98..0000000
--- a/programs/ssl/test-ca/newcerts/04.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Client 2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c8:74:c4:cc:b9:f9:b5:79:e9:45:d9:14:60:b0:
- 7d:bb:93:f2:6b:1e:9f:33:ad:0d:8f:8a:3c:56:65:
- e5:dc:44:d9:cc:66:85:07:d5:f8:27:b0:4a:35:d0:
- 63:9e:0a:6e:1b:b7:da:f0:7e:ab:ee:0c:10:93:86:
- 49:18:34:f3:a8:2a:d2:57:f5:2e:d4:2f:77:29:84:
- 61:4d:82:50:8f:a7:95:48:70:f5:6e:4d:b2:d5:13:
- c3:d2:1a:ed:e6:43:ea:42:14:eb:74:ea:c0:ed:1f:
- d4:57:4e:a9:f3:a8:ed:d2:e0:c1:30:71:30:32:30:
- d5:d3:f6:08:d0:56:4f:46:8e:f2:5f:f9:3d:67:91:
- 88:30:2e:42:b2:df:7d:fb:e5:0c:77:ff:ec:31:c0:
- 78:8f:bf:c2:7f:ca:ad:6c:21:d6:8d:d9:8b:6a:8e:
- 6f:e0:9b:f8:10:56:cc:b3:8e:13:15:e6:34:04:66:
- c7:ee:f9:36:0e:6a:95:f6:09:9a:06:67:f4:65:71:
- f8:ca:a4:b1:25:e0:fe:3c:8b:35:04:67:ba:e0:4f:
- 76:85:fc:7f:fc:36:6b:b5:e9:cd:2d:03:62:4e:b3:
- 3d:00:cf:af:76:a0:69:56:83:6a:d2:a8:d4:e7:50:
- 71:e6:b5:36:05:77:05:6d:7b:c8:e4:c4:fd:4c:d5:
- 21:5f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 71:A1:00:73:72:40:2F:54:76:5E:33:FC:52:8F:BC:F1:DD:6B:46:21
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 02:7f:3a:8a:c0:0c:f1:7f:a6:57:02:6a:78:8b:6d:e8:4f:6c:
- 96:11:10:6c:0a:1f:ca:4f:9d:88:7d:4b:87:c6:3d:88:b9:56:
- 41:22:9b:c3:f5:17:62:3c:79:2c:b3:d9:72:78:a8:bf:12:1c:
- 01:10:bf:06:3c:99:47:d8:37:53:04:c7:34:63:66:fa:bc:2b:
- a9:ad:79:be:2b:8d:38:50:5c:87:29:17:fc:ea:ec:93:4d:84:
- 1f:b3:51:02:5c:39:58:b3:e8:ad:88:c4:0f:a7:1d:55:08:01:
- 97:da:2d:f7:71:dd:26:88:11:89:70:b1:12:b3:3b:34:2f:3f:
- 78:fe:75:d6:68:ea:fa:e2:c3:8c:b2:87:f1:93:d0:f0:8e:1e:
- 90:72:67:ae:82:ec:0e:42:30:5c:a1:88:b2:f2:01:1d:0c:b6:
- 69:cf:cd:c0:72:c2:40:e2:ba:99:fb:a6:d6:94:71:e7:65:78:
- 52:db:b9:74:b2:e3:0f:96:cc:c4:e0:42:ec:a5:38:c5:92:ae:
- 31:75:d9:33:af:fd:dd:86:f9:d4:af:c9:e1:a8:5f:d5:3c:49:
- 95:35:97:b6:7c:c3:af:db:1a:11:87:4d:cb:64:8a:63:fe:99:
- 88:33:47:0f:eb:2d:a4:02:a2:40:b0:16:68:0b:ac:21:62:98:
- 13:2c:3d:31
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
-M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
-1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
-MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
-4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
-/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAAn86isAM8X+mVwJqeItt6E9slhEQbAofyk+diH1Lh8Y9iLlWQSKbw/UXYjx5
-LLPZcniovxIcARC/BjyZR9g3UwTHNGNm+rwrqa15viuNOFBchykX/Orsk02EH7NR
-Alw5WLPorYjED6cdVQgBl9ot93HdJogRiXCxErM7NC8/eP511mjq+uLDjLKH8ZPQ
-8I4ekHJnroLsDkIwXKGIsvIBHQy2ac/NwHLCQOK6mfum1pRx52V4Utu5dLLjD5bM
-xOBC7KU4xZKuMXXZM6/93Yb51K/J4ahf1TxJlTWXtnzDr9saEYdNy2SKY/6ZiDNH
-D+stpAKiQLAWaAusIWKYEyw9MQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/05.pem b/programs/ssl/test-ca/newcerts/05.pem
deleted file mode 100644
index 16f166b..0000000
--- a/programs/ssl/test-ca/newcerts/05.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: md4WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md4WithRSAEncryption
- 94:db:e1:86:71:2d:43:d6:51:61:a7:95:bc:e8:73:da:ff:e4:
- fd:41:0f:5c:de:14:f4:c4:ba:5d:2c:30:2c:a6:dc:2d:e8:87:
- 45:f1:c5:fe:d1:4a:64:99:19:09:2f:72:7c:3f:8d:c8:31:22:
- dd:0a:69:03:3d:12:8c:4d:c3:f7:a3:c5:d1:5d:c9:ff:4b:83:
- 6b:d6:b4:e5:d8:ce:94:5e:ec:bf:68:c5:b2:63:8e:5c:cb:f3:
- 8d:62:73:82:62:7e:df:db:7d:0b:8d:21:10:db:9a:a1:62:4d:
- 46:42:d1:bb:38:32:ef:c1:fc:a1:e2:7f:60:08:37:32:20:2c:
- 7c:a2:c9:12:0d:89:fe:2b:15:08:91:79:e2:a9:79:a4:da:cd:
- 81:43:01:e2:09:2d:1a:f4:16:ef:af:4d:50:46:5e:2d:dd:48:
- 27:10:c0:42:b7:a5:9e:c2:1f:6e:50:36:03:ed:95:77:9a:a3:
- d9:4c:d7:23:93:b1:24:2a:63:27:28:7a:de:3d:59:d2:92:c8:
- 8f:f6:39:1d:65:ab:09:78:05:46:90:a9:f6:10:b1:ef:c8:8c:
- 4d:7d:8d:f2:78:b7:88:15:09:7e:df:e9:87:a8:64:c1:95:53:
- fb:da:05:b7:62:bc:ad:fb:d9:a4:a9:06:6c:6b:98:01:b9:39:
- 78:d3:4e:87
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC
-AQEAlNvhhnEtQ9ZRYaeVvOhz2v/k/UEPXN4U9MS6XSwwLKbcLeiHRfHF/tFKZJkZ
-CS9yfD+NyDEi3QppAz0SjE3D96PF0V3J/0uDa9a05djOlF7sv2jFsmOOXMvzjWJz
-gmJ+39t9C40hENuaoWJNRkLRuzgy78H8oeJ/YAg3MiAsfKLJEg2J/isVCJF54ql5
-pNrNgUMB4gktGvQW769NUEZeLd1IJxDAQrelnsIfblA2A+2Vd5qj2UzXI5OxJCpj
-Jyh63j1Z0pLIj/Y5HWWrCXgFRpCp9hCx78iMTX2N8ni3iBUJft/ph6hkwZVT+9oF
-t2K8rfvZpKkGbGuYAbk5eNNOhw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/06.pem b/programs/ssl/test-ca/newcerts/06.pem
deleted file mode 100644
index 13d43f1..0000000
--- a/programs/ssl/test-ca/newcerts/06.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 6 (0x6)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md5WithRSAEncryption
- 92:13:81:0c:ff:ac:ab:98:52:6c:28:c9:c6:3e:80:c6:ec:77:
- d0:13:e1:a2:29:1d:2f:b7:c5:95:41:83:60:d9:50:9c:d0:d6:
- 09:f7:0f:97:cd:c0:e6:b2:68:fa:31:c9:2a:a3:d3:1e:53:ae:
- 79:dc:35:ba:b0:d9:e5:7a:37:1b:2a:92:fa:d2:59:90:43:1b:
- 6a:91:c1:db:36:da:e9:39:d3:f5:ac:e3:46:01:ca:55:04:17:
- 1a:b1:97:28:e8:ff:1b:e7:e1:10:c9:b5:31:d8:ce:a6:89:6a:
- 4a:df:78:7b:02:2f:83:b3:41:d5:ef:0b:b6:44:ff:32:a6:cf:
- 1b:c2:f4:b0:75:66:a9:da:6f:7c:a5:e3:c6:c1:3a:2f:bf:f8:
- 12:6f:04:2c:37:f2:4e:fc:b9:09:ff:a4:5b:40:19:e9:58:91:
- 64:82:d6:ad:b9:7f:c0:12:c2:ce:b7:b6:ba:fb:10:a2:3f:74:
- 97:10:39:d4:dc:4a:e5:5c:f7:e5:3a:d9:68:d7:17:6b:f5:51:
- 08:b4:a2:30:0d:cc:36:10:6d:4e:1d:22:cc:48:d1:38:44:ba:
- cc:2b:47:99:f7:c6:8b:41:24:f3:f1:2c:10:1a:f2:88:bb:b2:
- e0:fd:44:26:3d:ad:ea:af:1d:d0:00:56:41:4e:f4:b0:3b:9d:
- 32:6f:48:c7
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
-AQEAkhOBDP+sq5hSbCjJxj6Axux30BPhoikdL7fFlUGDYNlQnNDWCfcPl83A5rJo
-+jHJKqPTHlOuedw1urDZ5Xo3GyqS+tJZkEMbapHB2zba6TnT9azjRgHKVQQXGrGX
-KOj/G+fhEMm1MdjOpolqSt94ewIvg7NB1e8LtkT/MqbPG8L0sHVmqdpvfKXjxsE6
-L7/4Em8ELDfyTvy5Cf+kW0AZ6ViRZILWrbl/wBLCzre2uvsQoj90lxA51NxK5Vz3
-5TrZaNcXa/VRCLSiMA3MNhBtTh0izEjROES6zCtHmffGi0Ek8/EsEBryiLuy4P1E
-Jj2t6q8d0ABWQU70sDudMm9Ixw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/07.pem b/programs/ssl/test-ca/newcerts/07.pem
deleted file mode 100644
index 718b2f2..0000000
--- a/programs/ssl/test-ca/newcerts/07.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 93:26:40:68:3d:e7:62:ea:d1:6a:78:2b:c2:07:f3:0d:3b:f6:
- 69:18:cd:08:5e:31:e7:48:60:08:2a:46:b6:de:d1:35:0a:ec:
- 31:36:83:7d:eb:7c:d8:63:09:c3:e4:c5:10:ca:7c:7b:2f:20:
- 4d:d2:0e:5f:ee:09:e3:84:4f:28:cc:08:74:9a:11:23:5f:de:
- 0e:3a:0f:8b:2d:64:91:05:f6:d5:c7:30:c8:20:ee:6c:c4:62:
- 7c:8d:a8:4d:2e:70:8c:ac:b5:5d:de:9b:10:5c:98:fd:a1:78:
- 9b:9c:f0:73:33:de:2f:8c:59:fa:dc:af:4c:df:97:e3:9d:00:
- 37:9a:fa:d3:67:77:b9:2f:b9:4a:23:ad:f9:b4:a1:b7:ac:c5:
- a8:0f:62:8c:e6:7e:b4:94:2a:db:f2:fc:52:92:a4:9e:4e:51:
- 4f:9d:c0:ce:ae:3d:17:1c:94:6c:5f:e8:16:b5:ce:2e:e2:5a:
- cf:6a:db:dd:b0:d4:be:62:a5:46:92:30:7c:7c:fc:05:f8:78:
- 30:93:30:28:ab:69:a1:72:31:dc:3b:97:63:3a:5b:b3:e1:34:
- 86:80:4a:28:f5:dc:d5:84:8c:13:a4:6c:d2:c1:2d:a6:25:d7:
- 6f:c9:93:78:a5:16:ba:d9:17:6e:3e:ca:96:f2:9e:5c:e3:ae:
- 12:2e:a5:11
------BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA9MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGzAZBgNVBAMTElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfH
-tW2M/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgY
-LYAbVPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZh
-Z7ouB2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8
-kq7r3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTV
-wd+4Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEA
-AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEww
-HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
-ggEBAJMmQGg952Lq0Wp4K8IH8w079mkYzQheMedIYAgqRrbe0TUK7DE2g33rfNhj
-CcPkxRDKfHsvIE3SDl/uCeOETyjMCHSaESNf3g46D4stZJEF9tXHMMgg7mzEYnyN
-qE0ucIystV3emxBcmP2heJuc8HMz3i+MWfrcr0zfl+OdADea+tNnd7kvuUojrfm0
-obesxagPYozmfrSUKtvy/FKSpJ5OUU+dwM6uPRcclGxf6Ba1zi7iWs9q292w1L5i
-pUaSMHx8/AX4eDCTMCiraaFyMdw7l2M6W7PhNIaASij13NWEjBOkbNLBLaYl12/J
-k3ilFrrZF24+ypbynlzjrhIupRE=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/08.pem b/programs/ssl/test-ca/newcerts/08.pem
deleted file mode 100644
index 7283c28..0000000
--- a/programs/ssl/test-ca/newcerts/08.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 8 (0x8)
- Signature Algorithm: sha224WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha224WithRSAEncryption
- b8:9b:0a:d1:b4:d1:a4:ce:05:39:42:7a:3b:7b:5e:fd:97:57:
- 8a:36:60:42:39:d0:e6:0c:9c:7e:2f:2b:be:ef:e7:45:34:77:
- 48:7a:10:4a:fd:76:ca:42:39:25:3c:fa:19:f8:63:6c:e7:36:
- 27:9a:ec:06:ce:e4:f7:2c:2e:c6:36:c1:25:bd:ab:09:aa:e2:
- da:4e:de:ae:b5:f5:ba:9e:90:24:52:34:96:96:61:4c:26:b5:
- 57:65:b1:10:ed:13:2b:54:90:ce:d3:21:cb:8c:d3:4c:6c:e5:
- e1:78:22:16:3f:e1:be:f1:ee:5d:39:48:a1:e6:80:46:f4:46:
- f2:79:03:3e:f1:fc:51:47:d9:05:e8:85:81:1b:0b:4f:fa:85:
- 9d:ce:e7:76:5a:6f:da:98:9f:43:f1:f3:2f:2f:57:28:aa:70:
- 14:82:7f:d5:69:14:8c:f9:82:b6:2f:a6:df:b5:6b:0e:43:c9:
- 96:91:64:3d:8b:a8:17:15:9a:88:42:a4:d0:90:c0:a3:a2:e1:
- dd:f6:95:6d:3b:9d:71:a6:1e:9e:2c:1e:db:f6:5f:93:43:2c:
- ed:53:70:55:50:56:df:cd:96:6c:d5:91:0f:b1:a7:f4:b7:17:
- 9d:1f:0b:f6:0b:f8:fe:e7:7c:de:c1:20:b7:fc:69:13:ba:e2:
- 61:9b:a5:62
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
-AAOCAQEAuJsK0bTRpM4FOUJ6O3te/ZdXijZgQjnQ5gycfi8rvu/nRTR3SHoQSv12
-ykI5JTz6GfhjbOc2J5rsBs7k9ywuxjbBJb2rCari2k7errX1up6QJFI0lpZhTCa1
-V2WxEO0TK1SQztMhy4zTTGzl4XgiFj/hvvHuXTlIoeaARvRG8nkDPvH8UUfZBeiF
-gRsLT/qFnc7ndlpv2pifQ/HzLy9XKKpwFIJ/1WkUjPmCti+m37VrDkPJlpFkPYuo
-FxWaiEKk0JDAo6Lh3faVbTudcaYeniwe2/Zfk0Ms7VNwVVBW382WbNWRD7Gn9LcX
-nR8L9gv4/ud83sEgt/xpE7riYZulYg==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/09.pem b/programs/ssl/test-ca/newcerts/09.pem
deleted file mode 100644
index 03a7521..0000000
--- a/programs/ssl/test-ca/newcerts/09.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 9 (0x9)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha256WithRSAEncryption
- 69:ce:f9:a9:d5:e2:32:db:fe:a9:f9:92:7a:d6:76:37:05:51:
- c9:e3:a1:03:72:b2:bc:2c:86:4b:31:16:02:10:e8:43:d4:c0:
- 33:3c:4f:ea:9d:12:6b:57:51:bc:d7:d9:42:56:cf:c7:29:e7:
- d7:52:24:49:29:ac:9c:de:8f:cc:ab:1a:a9:62:07:5a:6b:f7:
- fb:19:ab:f5:b1:2c:a4:aa:dc:5d:03:73:17:7c:ea:52:44:80:
- ca:70:d3:10:c5:2e:fd:9f:d2:0d:65:c4:f2:cc:ef:1b:18:e1:
- 0a:08:4e:67:d0:56:7f:24:54:2e:73:31:b5:4d:22:74:f8:30:
- f9:92:c4:64:c9:46:80:d4:e1:bd:d6:e7:26:ea:bb:c4:fe:6f:
- a2:c5:10:e4:64:2f:b0:44:04:2c:b3:44:39:cf:b4:de:ac:83:
- 43:5e:0b:ca:cd:fb:4e:18:e6:38:39:e7:10:3f:d6:59:17:e7:
- 42:ef:00:e3:88:c6:43:bc:21:12:bf:20:a8:64:c6:30:dc:8c:
- 6b:b8:6a:ce:6b:8a:22:3b:d8:af:0c:b4:bb:4d:be:96:dd:40:
- d9:87:3e:95:2e:1a:27:23:62:e8:6e:bd:e0:89:d0:a7:28:16:
- 95:ea:cb:89:a3:f7:7f:fb:0f:ac:ab:d6:a8:b4:cb:43:92:d9:
- cb:3e:8a:11
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
-AAOCAQEAac75qdXiMtv+qfmSetZ2NwVRyeOhA3KyvCyGSzEWAhDoQ9TAMzxP6p0S
-a1dRvNfZQlbPxynn11IkSSmsnN6PzKsaqWIHWmv3+xmr9bEspKrcXQNzF3zqUkSA
-ynDTEMUu/Z/SDWXE8szvGxjhCghOZ9BWfyRULnMxtU0idPgw+ZLEZMlGgNThvdbn
-Juq7xP5vosUQ5GQvsEQELLNEOc+03qyDQ14Lys37ThjmODnnED/WWRfnQu8A44jG
-Q7whEr8gqGTGMNyMa7hqzmuKIjvYrwy0u02+lt1A2Yc+lS4aJyNi6G694InQpygW
-lerLiaP3f/sPrKvWqLTLQ5LZyz6KEQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0A.pem b/programs/ssl/test-ca/newcerts/0A.pem
deleted file mode 100644
index 73caac9..0000000
--- a/programs/ssl/test-ca/newcerts/0A.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 10 (0xa)
- Signature Algorithm: sha384WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha384WithRSAEncryption
- 68:e6:03:f0:ba:44:e7:cc:e1:b2:07:6c:56:c8:be:b7:ba:80:
- 61:c8:f9:66:57:e1:cb:60:7d:cd:8d:0f:66:b0:f2:61:45:fd:
- fc:c8:93:95:bb:b4:14:00:76:c7:e1:57:a6:e2:60:31:8b:fc:
- e1:0f:68:24:4c:bb:1d:c5:b6:77:ec:23:e1:5b:4f:10:6c:6a:
- e0:6d:e7:34:f8:72:14:ae:16:57:25:8b:e8:b9:71:a1:d0:78:
- ea:18:c1:51:c4:2e:26:6d:cb:80:8d:a5:b9:de:e7:37:c1:2b:
- ec:e8:98:c6:f9:1a:bf:fe:a3:de:3d:d6:59:98:45:dc:4a:a6:
- ad:0a:af:73:50:43:23:5a:9b:9a:f9:8f:ff:41:15:e5:9c:12:
- 9e:29:55:5c:79:9c:89:0c:c8:8a:82:86:b1:96:ae:7c:7d:4f:
- 0b:fd:e3:9e:8b:a5:4d:88:55:05:ad:6c:63:aa:74:0c:41:0d:
- 47:22:cc:1a:45:02:92:5e:d1:e0:b9:31:52:ff:f6:30:f0:87:
- 2c:dd:fa:fa:b9:cc:45:cb:36:33:5b:35:7f:5f:05:4f:e0:8f:
- 9a:e4:d2:fa:c9:d4:fc:62:99:ac:59:fb:fd:04:bc:5a:c0:47:
- 5e:5d:3d:df:31:8c:7f:dc:00:cb:cb:c0:f4:62:41:44:db:1d:
- ba:c0:ad:8a
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
-AAOCAQEAaOYD8LpE58zhsgdsVsi+t7qAYcj5Zlfhy2B9zY0PZrDyYUX9/MiTlbu0
-FAB2x+FXpuJgMYv84Q9oJEy7HcW2d+wj4VtPEGxq4G3nNPhyFK4WVyWL6LlxodB4
-6hjBUcQuJm3LgI2lud7nN8Er7OiYxvkav/6j3j3WWZhF3EqmrQqvc1BDI1qbmvmP
-/0EV5ZwSnilVXHmciQzIioKGsZaufH1PC/3jnoulTYhVBa1sY6p0DEENRyLMGkUC
-kl7R4LkxUv/2MPCHLN36+rnMRcs2M1s1f18FT+CPmuTS+snU/GKZrFn7/QS8WsBH
-Xl093zGMf9wAy8vA9GJBRNsdusCtig==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0B.pem b/programs/ssl/test-ca/newcerts/0B.pem
deleted file mode 100644
index 4bb4eed..0000000
--- a/programs/ssl/test-ca/newcerts/0B.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11 (0xb)
- Signature Algorithm: sha512WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha512WithRSAEncryption
- 84:68:78:72:54:00:bf:8a:45:28:35:be:18:47:d8:69:f6:67:
- de:a6:f8:a6:d0:fd:9f:79:f7:e8:02:8a:c3:83:5d:85:45:cc:
- b6:98:77:a7:18:3f:6b:d2:e4:d0:af:d5:52:d9:db:7e:4a:d3:
- 68:b0:08:64:14:de:c2:3b:1d:7b:ac:79:ad:49:5a:4c:f6:d2:
- 35:ef:a4:8c:b7:5b:d1:0b:7b:50:c6:9c:48:3e:96:3b:1b:0b:
- 0e:e8:10:3f:8c:3b:4f:6b:1d:5c:3a:27:f3:43:22:ac:37:11:
- 71:b8:07:66:b0:f8:71:c3:22:cf:f4:96:83:93:fb:42:b0:1a:
- 43:f9:4b:df:cb:5f:0f:ba:9e:80:f1:ff:08:3a:46:51:dc:d0:
- 36:bd:b1:c4:ca:fb:00:12:e7:e0:37:70:40:0e:73:19:63:c2:
- e5:da:56:77:07:68:a5:40:9e:d6:0f:ad:b5:b3:b2:f5:3f:01:
- e8:68:e7:a3:b0:d7:f3:dd:ff:b6:d7:8f:75:4e:25:ab:12:32:
- 99:45:ad:57:40:de:d7:b4:0d:d0:c3:66:89:47:f2:0c:b2:b5:
- df:52:0e:fa:63:62:65:89:07:4a:80:69:0e:4e:ba:c0:43:5d:
- 05:75:22:cf:50:f9:ac:bd:ef:8d:8c:10:08:b6:8b:62:4f:a1:
- 60:55:a3:0d
------BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
-AAOCAQEAhGh4clQAv4pFKDW+GEfYafZn3qb4ptD9n3n36AKKw4NdhUXMtph3pxg/
-a9Lk0K/VUtnbfkrTaLAIZBTewjsde6x5rUlaTPbSNe+kjLdb0Qt7UMacSD6WOxsL
-DugQP4w7T2sdXDon80MirDcRcbgHZrD4ccMiz/SWg5P7QrAaQ/lL38tfD7qegPH/
-CDpGUdzQNr2xxMr7ABLn4DdwQA5zGWPC5dpWdwdopUCe1g+ttbOy9T8B6Gjno7DX
-893/ttePdU4lqxIymUWtV0De17QN0MNmiUfyDLK131IO+mNiZYkHSoBpDk66wENd
-BXUiz1D5rL3vjYwQCLaLYk+hYFWjDQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0C.pem b/programs/ssl/test-ca/newcerts/0C.pem
deleted file mode 100644
index 4895e8a..0000000
--- a/programs/ssl/test-ca/newcerts/0C.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 12 (0xc)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=*.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
- 6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
- 3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
- bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
- 7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
- c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
- 28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
- fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
- 32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
- e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
- 4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
- c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
- f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
- 57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
- ce:bb:0f:36
------BEGIN CERTIFICATE-----
-MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
-tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
-5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
-CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
-axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
-ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
-IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
-s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
-VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
-DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
-MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
-sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
-lpedzJR7gwkXpu7Ouw82
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0D.pem b/programs/ssl/test-ca/newcerts/0D.pem
deleted file mode 100644
index d563882..0000000
--- a/programs/ssl/test-ca/newcerts/0D.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 13 (0xd)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 83:f7:04:f3:bd:08:cf:81:f9:a1:b0:54:a4:5f:91:1d:15:9f:
- 03:ab:9a:07:0d:bd:ad:fa:ce:44:79:58:9c:88:d1:6e:48:fd:
- 2b:f2:6e:fc:1f:c6:3a:28:4d:2a:f7:31:27:e4:64:6d:1c:d2:
- a7:64:18:9e:0a:07:cd:4c:44:31:e2:8f:c4:4d:d9:e5:38:85:
- 32:44:ba:3d:0a:97:c8:3f:59:14:8e:aa:98:e1:69:24:49:8a:
- 0e:3e:01:b5:fd:88:66:bb:ad:0c:fb:da:87:01:8d:f7:72:30:
- 78:a8:eb:29:4f:3b:20:6b:3e:83:2c:ee:08:88:b1:e9:e2:37:
- 48:77:76:bf:f2:92:98:58:21:04:02:1c:23:70:ff:10:45:1e:
- 69:ac:67:23:0f:1e:62:ef:35:d3:c3:94:dc:99:48:7c:05:ad:
- c1:1c:1a:2a:e6:e3:d7:89:f5:44:25:1a:aa:7a:d4:8f:b7:5a:
- ae:03:4b:be:5e:e8:43:35:12:e8:b9:95:64:81:ef:26:1a:cd:
- e4:82:22:de:2e:ac:93:4f:32:f9:0b:0d:b2:5f:69:21:b9:1b:
- f8:54:c0:df:11:17:23:85:ae:71:cb:ae:17:e8:36:2f:aa:fe:
- 04:04:2b:33:1b:12:2b:80:19:11:6f:ce:cb:bb:6c:fe:a5:80:
- a7:4a:6d:0f
------BEGIN CERTIFICATE-----
-MIIDOTCCAiGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA2MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZB
-Jre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVE
-mvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsD
-L6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sW
-Vrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sB
-pWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABo00wSzAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAfBgNVHSME
-GDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOCAQEAg/cE
-870Iz4H5obBUpF+RHRWfA6uaBw29rfrORHlYnIjRbkj9K/Ju/B/GOihNKvcxJ+Rk
-bRzSp2QYngoHzUxEMeKPxE3Z5TiFMkS6PQqXyD9ZFI6qmOFpJEmKDj4Btf2IZrut
-DPvahwGN93IweKjrKU87IGs+gyzuCIix6eI3SHd2v/KSmFghBAIcI3D/EEUeaaxn
-Iw8eYu8108OU3JlIfAWtwRwaKubj14n1RCUaqnrUj7dargNLvl7oQzUS6LmVZIHv
-JhrN5IIi3i6sk08y+QsNsl9pIbkb+FTA3xEXI4WuccuuF+g2L6r+BAQrMxsSK4AZ
-EW/Oy7ts/qWAp0ptDw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0E.pem b/programs/ssl/test-ca/newcerts/0E.pem
deleted file mode 100644
index 9f4d8a9..0000000
--- a/programs/ssl/test-ca/newcerts/0E.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 14 (0xe)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 3e:b2:e4:9b:c0:8b:a0:d1:e8:66:f4:03:7b:76:7f:7e:0f:6b:
- e5:78:ef:2f:6c:14:d6:22:5c:0c:bf:c8:70:09:ca:c5:64:a8:
- 77:ed:e2:8d:ab:27:cc:40:ba:a5:95:d7:ec:a1:cc:41:3d:6b:
- e3:69:c5:cb:10:c6:75:59:2c:6f:3d:2d:b3:c3:f8:75:4a:d4:
- 31:2e:e9:fc:72:4b:42:ed:c8:f7:6e:cd:da:98:db:3f:e2:3b:
- ea:26:1b:73:eb:59:f5:10:48:07:45:a3:20:40:2c:c6:95:59:
- 08:82:26:ab:13:9f:ea:66:b1:05:e5:99:1d:26:0f:21:0f:b5:
- 2e:52:82:99:53:85:a8:fe:b7:6e:e9:ed:44:01:f8:c8:08:d0:
- 64:25:43:70:da:3f:1b:0d:97:81:1b:2a:5d:e4:17:10:20:b0:
- eb:56:44:be:ec:55:4a:66:c1:c9:69:7b:36:01:66:36:14:22:
- 37:a4:96:d2:db:0e:bd:01:e9:3e:6a:ef:94:94:63:69:ea:27:
- 7c:40:29:4a:38:f0:06:dd:4a:06:ef:8b:92:98:ad:02:60:a0:
- 3c:6c:53:4c:a1:5b:ae:c7:a2:61:ee:0e:18:c6:f8:46:80:c6:
- 2f:55:38:2a:33:84:da:9a:a4:69:ae:c3:8a:a1:e2:07:6c:71:
- 9b:56:fd:93
------BEGIN CERTIFICATE-----
-MIIDPTCCAiWgAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaNN
-MEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEwwHwYD
-VR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEB
-AD6y5JvAi6DR6Gb0A3t2f34Pa+V47y9sFNYiXAy/yHAJysVkqHft4o2rJ8xAuqWV
-1+yhzEE9a+NpxcsQxnVZLG89LbPD+HVK1DEu6fxyS0LtyPduzdqY2z/iO+omG3Pr
-WfUQSAdFoyBALMaVWQiCJqsTn+pmsQXlmR0mDyEPtS5SgplThaj+t27p7UQB+MgI
-0GQlQ3DaPxsNl4EbKl3kFxAgsOtWRL7sVUpmwclpezYBZjYUIjekltLbDr0B6T5q
-75SUY2nqJ3xAKUo48AbdSgbvi5KYrQJgoDxsU0yhW67HomHuDhjG+EaAxi9VOCoz
-hNqapGmuw4qh4gdscZtW/ZM=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/0F.pem b/programs/ssl/test-ca/newcerts/0F.pem
deleted file mode 100644
index c6341f1..0000000
--- a/programs/ssl/test-ca/newcerts/0F.pem
+++ /dev/null
@@ -1,80 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15 (0xf)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- X509v3 Subject Alternative Name:
- DNS:www.example.com, DNS:example.com, DNS:example.net
- Signature Algorithm: sha1WithRSAEncryption
- 35:06:02:c6:0a:87:d5:02:5e:fa:74:71:50:bc:ac:8d:b2:c1:
- 00:18:7f:a5:bc:41:c3:fe:69:44:77:3b:2d:62:99:32:5d:c6:
- 5b:bc:f4:d6:9e:7c:3d:71:ef:46:d9:a9:ee:df:c2:d0:e1:e4:
- ba:23:60:96:8a:18:f7:dd:1b:2b:60:fc:b6:19:83:73:97:e8:
- 99:50:e2:58:81:10:14:ab:8e:e1:64:0a:b5:15:aa:49:c6:dc:
- 0b:83:34:c5:3c:d4:ee:80:6a:90:db:41:3e:62:81:b8:fb:9e:
- 32:48:89:80:06:64:52:70:2e:66:31:2f:02:1d:c2:da:47:c1:
- 7d:ad:48:10:c8:b0:62:76:aa:e5:40:f7:1a:34:75:4b:b3:be:
- 69:75:dc:72:e0:f6:c2:b8:0a:01:2d:57:6f:26:fc:0f:50:e3:
- 8d:17:48:a0:5f:83:b3:c1:e7:b2:e4:00:10:90:bb:5f:58:f5:
- 66:8c:ec:17:82:5a:97:0d:b8:0f:ce:2d:5e:2a:5b:36:bc:e0:
- f1:29:77:44:46:17:93:cc:c3:58:5c:c0:ea:01:23:cc:5b:cf:
- c4:a2:af:01:24:0f:b5:d3:22:45:c3:a3:ff:0f:4d:b7:bb:96:
- 01:b4:7b:cc:c4:5e:c7:5f:ed:65:38:3a:1f:58:2c:87:7d:a4:
- 92:a4:3e:79
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
-hDCBgTAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zA0BgNVHREELTArgg93d3cu
-ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldDANBgkqhkiG9w0B
-AQUFAAOCAQEANQYCxgqH1QJe+nRxULysjbLBABh/pbxBw/5pRHc7LWKZMl3GW7z0
-1p58PXHvRtmp7t/C0OHkuiNglooY990bK2D8thmDc5fomVDiWIEQFKuO4WQKtRWq
-ScbcC4M0xTzU7oBqkNtBPmKBuPueMkiJgAZkUnAuZjEvAh3C2kfBfa1IEMiwYnaq
-5UD3GjR1S7O+aXXccuD2wrgKAS1Xbyb8D1DjjRdIoF+Ds8HnsuQAEJC7X1j1Zozs
-F4Jalw24D84tXipbNrzg8Sl3REYXk8zDWFzA6gEjzFvPxKKvASQPtdMiRcOj/w9N
-t7uWAbR7zMRex1/tZTg6H1gsh32kkqQ+eQ==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/10.pem b/programs/ssl/test-ca/newcerts/10.pem
deleted file mode 100644
index cd4ccad..0000000
--- a/programs/ssl/test-ca/newcerts/10.pem
+++ /dev/null
@@ -1,80 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 16 (0x10)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 11 17:25:55 2012 GMT
- Not After : Feb 11 17:25:55 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- X509v3 Subject Alternative Name:
- DNS:www.example.com, DNS:example.com, DNS:example.net, DNS:*.example.org
- Signature Algorithm: sha1WithRSAEncryption
- 09:0b:61:f4:8d:b9:78:18:47:48:f0:5f:0c:d6:67:4f:66:fe:
- fd:51:6f:8e:9b:75:c0:1c:d1:73:dc:50:64:41:c7:99:2d:31:
- 47:51:6a:3a:44:1f:69:a8:6b:e6:e0:d8:81:9f:82:b9:02:5b:
- 80:cf:fe:aa:a6:fe:73:f4:20:66:11:3d:e9:aa:69:97:30:49:
- d1:7e:04:63:66:7c:51:6a:c1:1e:e8:96:9d:2a:f2:2e:97:2d:
- 1c:66:da:bc:39:1b:19:42:a2:01:85:69:59:93:b6:bd:af:bf:
- 95:f0:40:d5:6c:b7:27:b7:99:bb:c6:ed:f5:ad:fe:81:be:4e:
- 9b:6e:e3:b9:10:0d:21:c9:2f:e7:fe:34:32:96:64:a2:19:23:
- 89:87:c6:4a:7f:65:c7:76:21:83:8b:bb:77:a3:1e:52:0a:25:
- 68:c2:2c:1f:1f:e6:cb:c1:35:a6:df:1b:05:05:77:3f:40:92:
- 10:ac:cb:1a:c3:25:cd:21:56:7e:99:f7:a3:93:b3:18:77:69:
- 22:e0:ee:cd:97:92:34:37:48:b3:fe:c5:6f:f8:25:29:3d:6c:
- 50:73:47:8f:4d:13:55:3b:c8:69:be:5d:8f:a8:26:f6:c5:47:
- 4d:b9:ee:95:ce:b8:29:59:e6:6a:e2:ce:9b:01:ef:0a:18:62:
- 40:46:ed:3b
------BEGIN CERTIFICATE-----
-MIIDhDCCAmygAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjExMTcyNTU1WhcNMjIwMjExMTcyNTU1WjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
-kzCBkDAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zBDBgNVHREEPDA6gg93d3cu
-ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxl
-Lm9yZzANBgkqhkiG9w0BAQUFAAOCAQEACQth9I25eBhHSPBfDNZnT2b+/VFvjpt1
-wBzRc9xQZEHHmS0xR1FqOkQfaahr5uDYgZ+CuQJbgM/+qqb+c/QgZhE96applzBJ
-0X4EY2Z8UWrBHuiWnSryLpctHGbavDkbGUKiAYVpWZO2va+/lfBA1Wy3J7eZu8bt
-9a3+gb5Om27juRANIckv5/40MpZkohkjiYfGSn9lx3Yhg4u7d6MeUgolaMIsHx/m
-y8E1pt8bBQV3P0CSEKzLGsMlzSFWfpn3o5OzGHdpIuDuzZeSNDdIs/7Fb/glKT1s
-UHNHj00TVTvIab5dj6gm9sVHTbnulc64KVnmauLOmwHvChhiQEbtOw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/newcerts/11.pem b/programs/ssl/test-ca/newcerts/11.pem
deleted file mode 100644
index c1e1998..0000000
--- a/programs/ssl/test-ca/newcerts/11.pem
+++ /dev/null
@@ -1,80 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17 (0x11)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: May 10 13:23:41 2012 GMT
- Not After : May 11 13:23:41 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- X509v3 Subject Alternative Name:
- DNS:example.com, DNS:example.net, DNS:*.example.org
- Signature Algorithm: sha1WithRSAEncryption
- 4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
- b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
- 3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
- cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
- 89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
- 29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
- a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
- 8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
- fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
- 16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
- 71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
- d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
- a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
- 1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
- 1b:f1:94:e6
------BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
-gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
-A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
-bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
-AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
-5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
-KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
-wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
-96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
-HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/serial b/programs/ssl/test-ca/serial
deleted file mode 100644
index 48082f7..0000000
--- a/programs/ssl/test-ca/serial
+++ /dev/null
@@ -1 +0,0 @@
-12
diff --git a/programs/ssl/test-ca/server1.crt b/programs/ssl/test-ca/server1.crt
deleted file mode 100644
index 7e353cc..0000000
--- a/programs/ssl/test-ca/server1.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Server 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:a9:02:1f:3d:40:6a:d5:55:53:8b:fd:36:ee:82:
- 65:2e:15:61:5e:89:bf:b8:e8:45:90:db:ee:88:16:
- 52:d3:f1:43:50:47:96:12:59:64:87:6b:fd:2b:e0:
- 46:f9:73:be:dd:cf:92:e1:91:5b:ed:66:a0:6f:89:
- 29:79:45:80:d0:83:6a:d5:41:43:77:5f:39:7c:09:
- 04:47:82:b0:57:39:70:ed:a3:ec:15:19:1e:a8:33:
- 08:47:c1:05:42:a9:fd:4c:c3:b4:df:dd:06:1f:4d:
- 10:51:40:67:73:13:0f:40:f8:6d:81:25:5f:0a:b1:
- 53:c6:30:7e:15:39:ac:f9:5a:ee:7f:92:9e:a6:05:
- 5b:e7:13:97:85:b5:23:92:d9:d4:24:06:d5:09:25:
- 89:75:07:dd:a6:1a:8f:3f:09:19:be:ad:65:2c:64:
- eb:95:9b:dc:fe:41:5e:17:a6:da:6c:5b:69:cc:02:
- ba:14:2c:16:24:9c:4a:dc:cd:d0:f7:52:67:73:f1:
- 2d:a0:23:fd:7e:f4:31:ca:2d:70:ca:89:0b:04:db:
- 2e:a6:4f:70:6e:9e:ce:bd:58:89:e2:53:59:9e:6e:
- 5a:92:65:e2:88:3f:0c:94:19:a3:dd:e5:e8:9d:95:
- 13:ed:29:db:ab:70:12:dc:5a:ca:6b:17:ab:52:82:
- 54:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 1F:74:D6:3F:29:C1:74:74:45:3B:05:12:2C:3D:A8:BD:43:59:02:A6
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- bd:cf:96:c1:95:1e:9a:c2:6e:d8:88:88:d8:2a:7a:96:20:3e:
- 50:0b:c8:c7:df:1d:41:ed:e4:66:cd:b3:02:81:7d:57:04:1b:
- 5d:c6:33:59:0f:c1:20:b9:23:34:89:8a:6c:f2:fd:c7:48:36:
- 8c:80:e7:e1:9b:c6:60:5c:b0:33:02:0e:fd:df:be:61:bc:18:
- 89:0c:38:db:fb:fb:46:23:32:f7:8c:c1:3e:7c:de:1e:2f:3a:
- 77:2f:f4:8e:93:8e:25:4c:77:21:74:6c:18:b7:72:8d:bf:f5:
- 4f:5d:64:95:c1:6a:1a:70:11:88:af:bc:55:8a:25:30:f3:fa:
- 69:f2:af:2d:75:fb:2b:89:22:52:9b:05:42:15:29:13:95:5e:
- 33:9a:55:d4:c7:22:d8:44:ce:25:ab:b6:70:ee:34:14:9b:c8:
- fc:2f:56:ff:04:7e:18:00:2b:31:ac:36:7f:11:bb:ec:4d:e5:
- 69:a6:b4:2c:03:a5:7b:13:3a:03:82:8e:6f:97:f9:70:64:cc:
- e4:88:7a:b4:41:79:15:5a:b7:ff:db:f3:34:86:0c:6b:51:6a:
- cd:a7:01:2d:91:7c:cd:21:d8:2c:48:a6:5c:17:73:8c:1a:0d:
- e2:a0:d4:fd:6c:d1:c9:84:41:46:30:08:e3:d9:b3:1d:7e:ab:
- 6a:57:aa:9f
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
-uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
-d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
-CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
-lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
-bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj
-NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0
-jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp
-E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6
-A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU
-/WzRyYRBRjAI49mzHX6raleqnw==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/server1.key b/programs/ssl/test-ca/server1.key
deleted file mode 100644
index 4281a5f..0000000
--- a/programs/ssl/test-ca/server1.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW
-Ellkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs
-FRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFTxjB+FTms+Vruf5Ke
-pgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc/kFeF6babFtpzAK6
-FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7OvViJ4lNZnm5akmXi
-iD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABAoIBABaJ9eiRQq4Ypv+w
-UTcVpLC0oTueWzcpor1i1zjG4Vzqe/Ok2FqyGToGKMlFK7Hwwa+LEyeJ3xyV5yd4
-v1Mw9bDZFdJC1eCBjoUAHtX6k9HOE0Vd6woVQ4Vi6OPI1g7B5Mnr/58rNrnN6TMs
-x58NF6euecwTU811QJrZtLbX7j2Cr28yB2Vs8qyYlHwVw5jbDOv43D7vU5gmlIDN
-0JQRuWAnOuPzZNoJr4SfJKqHNGxYYY6pHZ1s0dOTLIDb/B8KQWapA2kRmZyid2EH
-nwzgLbAsHJCf+bQnhXjXuxtUsrcIL8noZLazlOMxwNEammglVWW23Ud/QRnFgJg5
-UgcAcRECgYEA19uYetht5qmwdJ+12oC6zeO+vXLcyD9gon23T5J6w2YThld7/OW0
-oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e
-GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl
-//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD
-lX/92yDi9OP8PPLN3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB
-LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt
-Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7
-ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23
-8EFrye7wmzpthrjOgZnUMQKBgE9Lhsz/5J0Nis6Y+2Pqn3CLKEukg9Ewtqdct2y0
-5Dcta0F3TyCRIxlCDKTL/BslqMtfAdY4H268UO0+8IAQMn9boqzBrHIgs/pvc5kx
-TbKHmw2wtWR6vYersBKVgVpbCGSRssDYHGFu1n74qM4HJ/RGcR1zI9QUe1gopSFD
-xDtLAoGAVAdWvrqDwgoL2hHW3scGpxdE/ygJDOwHnf+1B9goKAOP5lf2FJaiAxf3
-ectoPOgZbCmm/iiDmigu703ld3O+VoCLDD4qx3R+KyALL78gtVJYzSRiKhzgCZ3g
-mKsIVRBq4IfwiwyMNG2BYZQAwbSDjjPtn/kPBduPzPj7eriByhI=
------END RSA PRIVATE KEY-----
diff --git a/programs/ssl/test-ca/server1.pub b/programs/ssl/test-ca/server1.pub
deleted file mode 100644
index 93c669c..0000000
--- a/programs/ssl/test-ca/server1.pub
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJl
-LhVhXom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA
-0INq1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMP
-QPhtgSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZ
-vq1lLGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokL
-BNsupk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJU
-sQIDAQAB
------END PUBLIC KEY-----
diff --git a/programs/ssl/test-ca/server2.crt b/programs/ssl/test-ca/server2.crt
deleted file mode 100644
index dca4c24..0000000
--- a/programs/ssl/test-ca/server2.crt
+++ /dev/null
@@ -1,77 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c1:4d:a3:dd:e7:cd:1d:d1:04:d7:49:72:b8:99:
- ac:0e:78:e4:3a:3c:4a:cf:3a:13:16:d0:5a:e4:cd:
- a3:00:88:a7:ee:1e:6b:96:a7:52:b4:90:ef:2d:72:
- 7a:3e:24:9a:fc:b6:34:ac:24:f5:77:e0:26:64:8c:
- 9c:b0:28:7d:a1:da:ea:8c:e6:c9:1c:96:bc:fe:c1:
- 04:52:b3:36:d4:a3:fa:e1:b1:76:d8:90:c1:61:b4:
- 66:52:36:a2:26:53:aa:ab:74:5e:07:7d:19:82:db:
- 2a:d8:1f:a0:d9:0d:1c:2d:49:66:f7:5b:25:73:46:
- e8:0b:8a:4f:69:0c:b5:00:90:e1:da:82:10:66:7d:
- ae:54:2b:8b:65:79:91:a1:e2:61:c3:cd:40:49:08:
- ee:68:0c:f1:8b:86:d2:46:bf:d0:b8:aa:11:03:1e:
- 7f:56:a8:1a:1e:44:18:0f:0f:85:8b:da:8b:44:5e:
- e2:18:c6:62:2f:c7:66:8d:fa:5d:d8:7d:f3:27:89:
- 29:01:c5:90:0e:3f:27:f1:30:c8:4a:0e:ef:d6:de:
- c7:c7:27:6b:c7:05:3d:7a:c4:02:3c:9a:1d:3e:0f:
- e8:34:98:5b:cb:73:4b:52:96:d8:11:a2:2c:80:88:
- 69:39:5a:d3:0f:b0:de:59:2f:11:c7:f7:ea:12:01:
- 30:97
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- A5:05:E8:64:B8:DC:DF:60:0F:50:12:4D:60:A8:64:AF:4D:8B:43:93
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 9c:67:5c:29:58:a0:79:1b:a7:bd:1c:a8:1a:ec:19:72:f2:6c:
- 0e:f8:73:36:ce:e5:17:4b:12:01:6c:ee:b1:d5:4b:da:fe:73:
- 6f:77:96:e4:bf:29:d9:62:2d:27:19:a8:0c:d8:57:29:70:51:
- f4:56:bc:a3:28:5a:11:d8:2a:9d:dd:10:84:b8:c5:35:e4:eb:
- fe:73:5f:18:6f:f5:1c:3c:48:67:3c:aa:7e:af:21:31:e4:d5:
- 2d:66:3d:eb:ed:7a:48:1a:b1:8e:58:89:64:2e:33:78:78:61:
- 59:51:1f:71:c7:10:c0:03:d5:39:c0:7b:17:d7:1c:70:c5:40:
- 67:be:05:dd:62:01:bc:f5:fe:c1:fd:1f:c9:78:4a:dc:17:e9:
- e8:2f:4c:ad:cc:c1:74:70:90:a9:2f:8c:a6:84:0c:0f:40:4d:
- b6:71:d2:62:3c:2c:6b:31:4a:e0:aa:7b:da:fd:77:28:e6:b6:
- d7:78:ec:9d:69:d5:1b:a5:cf:70:8b:cd:a4:5c:54:8b:92:45:
- 14:1f:68:3f:27:78:cf:5c:d5:2f:e2:27:f6:a6:4d:5a:89:c4:
- 0d:4a:39:d3:92:e7:bf:34:5a:13:df:48:0a:c0:fa:0e:2a:02:
- 64:a3:7a:57:37:a7:8c:16:a6:16:bc:ce:1b:98:c2:35:6e:5f:
- a2:47:1b:47
------BEGIN CERTIFICATE-----
-MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
-owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
-NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
-tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
-hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
-VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
-FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY
-oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw
-UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y
-iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M
-wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS
-RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8
-zhuYwjVuX6JHG0c=
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/server2.key b/programs/ssl/test-ca/server2.key
deleted file mode 100644
index 70a764a..0000000
--- a/programs/ssl/test-ca/server2.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
-lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
-2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
-Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
-GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
-y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ
-++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G
-Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z
-/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm
-WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He
-GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa
-TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28
-CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK
-nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u
-AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g
-sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s
-mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic
-BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv
-whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b
-vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs
-3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP
-3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED
-ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH
-4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE
-TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==
------END RSA PRIVATE KEY-----
diff --git a/programs/ssl/test-ca/sslconf.txt b/programs/ssl/test-ca/sslconf.txt
deleted file mode 100644
index 0692556..0000000
--- a/programs/ssl/test-ca/sslconf.txt
+++ /dev/null
@@ -1,50 +0,0 @@
-##================================================================
-##============== Example OpenSSL configuration file ==============
-##================================================================
-
-# References:
-#
-# /etc/ssl/openssl.conf
-# http://www.openssl.org/docs/apps/config.html
-# http://www.openssl.org/docs/apps/x509v3_config.html
-
-[ ca ]
-default_ca = my_ca
-
-[ my_ca ]
-certificate = test-ca.crt
-private_key = test-ca.key
-database = index
-serial = serial
-
-new_certs_dir = newcerts
-default_crl_days = 5
-default_days = 3653
-default_md = sha1
-policy = my_policy
-x509_extensions = v3_usr
-copy_extensions = copy
-
-[ my_policy ]
-countryName = supplied
-organizationName = match
-commonName = supplied
-
-[ req ]
-distinguished_name = my_req_dn
-x509_extensions = v3_ca
-prompt = no
-
-[ v3_ca ]
-basicConstraints = CA:TRUE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-
-[ v3_usr ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-
-[ my_req_dn ]
-C=NL
-O=PolarSSL
diff --git a/programs/ssl/test-ca/test-ca.crt b/programs/ssl/test-ca/test-ca.crt
deleted file mode 100644
index f0eee2b..0000000
--- a/programs/ssl/test-ca/test-ca.crt
+++ /dev/null
@@ -1,80 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
------BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
-mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
-50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
-YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
-R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
-KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
------END CERTIFICATE-----
diff --git a/programs/ssl/test-ca/test-ca.key b/programs/ssl/test-ca/test-ca.key
deleted file mode 100644
index 1614e22..0000000
--- a/programs/ssl/test-ca/test-ca.key
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B
-
-9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA
-7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq
-Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo
-PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb
-GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9
-gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq
-QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w
-PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x
-vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU
-WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X
-JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR
-KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe
-Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J
-9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2
-iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/
-tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT
-P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL
-1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb
-nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5
-X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq
-rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz
-L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l
-I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR
-wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde
-P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2
------END RSA PRIVATE KEY-----
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 758b7a5..da3376e 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -1,7 +1,7 @@
FIND_PACKAGE(OpenSSL)
set(libs
- polarssl
+ mbedtls
)
if(USE_PKCS11_HELPER_LIBRARY)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 4462357..1a308be 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -1,12 +1,9 @@
/*
* Benchmark demonstration program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,25 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_exit exit
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#define polarssl_free free
+#endif
+
+#if !defined(POLARSSL_TIMING_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_TIMING_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include <string.h>
#include "polarssl/timing.h"
@@ -57,24 +70,128 @@
#include "polarssl/ecdh.h"
#include "polarssl/error.h"
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#include "polarssl/memory_buffer_alloc.h"
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
+/*
+ * For heap usage estimates, we need an estimate of the overhead per allocated
+ * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
+ * so use that as our baseline.
+ */
+#define MEM_BLOCK_OVERHEAD ( 2 * sizeof( size_t ) )
+
+/*
+ * Size to use for the malloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
+ */
+#define HEAP_SIZE (1u << 16) // 64k
+
#define BUFSIZE 1024
#define HEADER_FORMAT " %-24s : "
#define TITLE_LEN 25
-#if !defined(POLARSSL_TIMING_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#define DHM_SIZES 3
- printf("POLARSSL_TIMING_C not defined.\n");
- return( 0 );
-}
+#define OPTIONS \
+ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \
+ "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\n" \
+ "havege, ctr_drbg, hmac_drbg\n" \
+ "rsa, dhm, ecdsa, ecdh.\n"
+
+#if defined(POLARSSL_ERROR_C)
+#define PRINT_ERROR \
+ polarssl_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
+ polarssl_printf( "FAILED: %s\n", tmp );
#else
+#define PRINT_ERROR \
+ polarssl_printf( "FAILED: -0x%04x\n", -ret );
+#endif
+
+#define TIME_AND_TSC( TITLE, CODE ) \
+do { \
+ unsigned long i, j, tsc; \
+ \
+ polarssl_printf( HEADER_FORMAT, TITLE ); \
+ fflush( stdout ); \
+ \
+ set_alarm( 1 ); \
+ for( i = 1; ! alarmed; i++ ) \
+ { \
+ CODE; \
+ } \
+ \
+ tsc = hardclock(); \
+ for( j = 0; j < 1024; j++ ) \
+ { \
+ CODE; \
+ } \
+ \
+ polarssl_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
+ i * BUFSIZE / 1024, \
+ ( hardclock() - tsc ) / ( j * BUFSIZE ) ); \
+} while( 0 )
+
+#if defined(POLARSSL_ERROR_C)
+#define PRINT_ERROR \
+ polarssl_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
+ polarssl_printf( "FAILED: %s\n", tmp );
+#else
+#define PRINT_ERROR \
+ polarssl_printf( "FAILED: -0x%04x\n", -ret );
+#endif
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
+
+#define MEMORY_MEASURE_INIT \
+ size_t max_used, max_blocks, max_bytes; \
+ size_t prv_used, prv_blocks; \
+ memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
+ memory_buffer_alloc_max_reset( );
+
+#define MEMORY_MEASURE_PRINT( title_len ) \
+ memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
+ for( i = 12 - title_len; i != 0; i-- ) polarssl_printf( " " ); \
+ max_used -= prv_used; \
+ max_blocks -= prv_blocks; \
+ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
+ polarssl_printf( "%6u heap bytes", (unsigned) max_bytes );
+
+#else
+#define MEMORY_MEASURE_INIT
+#define MEMORY_MEASURE_PRINT( title_len )
+#endif
+
+#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
+do { \
+ unsigned long i; \
+ int ret; \
+ MEMORY_MEASURE_INIT; \
+ \
+ polarssl_printf( HEADER_FORMAT, TITLE ); \
+ fflush( stdout ); \
+ set_alarm( 3 ); \
+ \
+ ret = 0; \
+ for( i = 1; ! alarmed && ! ret ; i++ ) \
+ { \
+ CODE; \
+ } \
+ \
+ if( ret != 0 ) \
+ { \
+ PRINT_ERROR; \
+ } \
+ else \
+ { \
+ polarssl_printf( "%6lu " TYPE "/s", i / 3 ); \
+ MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
+ polarssl_printf( "\n" ); \
+ } \
+} while( 0 )
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
@@ -99,61 +216,26 @@
return( 0 );
}
-#define TIME_AND_TSC( TITLE, CODE ) \
-do { \
- unsigned long i, j, tsc; \
- \
- printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
- \
- set_alarm( 1 ); \
- for( i = 1; ! alarmed; i++ ) \
- { \
- CODE; \
- } \
- \
- tsc = hardclock(); \
- for( j = 0; j < 1024; j++ ) \
- { \
- CODE; \
- } \
- \
- printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, \
- ( hardclock() - tsc ) / ( j * BUFSIZE ) ); \
-} while( 0 )
-
-#if defined(POLARSSL_ERROR_C)
-#define PRINT_ERROR \
- polarssl_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
- printf( "FAILED: %s\n", tmp );
+/*
+ * Clear some memory that was used to prepare the context
+ */
+#if defined(POLARSSL_ECP_C)
+void ecp_clear_precomputed( ecp_group *grp )
+{
+ if( grp->T != NULL )
+ {
+ size_t i;
+ for( i = 0; i < grp->T_size; i++ )
+ ecp_point_free( &grp->T[i] );
+ polarssl_free( grp->T );
+ }
+ grp->T = NULL;
+ grp->T_size = 0;
+}
#else
-#define PRINT_ERROR \
- printf( "FAILED: -0x%04x\n", -ret );
+#define ecp_clear_precomputed( g )
#endif
-#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
-do { \
- unsigned long i; \
- int ret; \
- \
- printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
- set_alarm( 3 ); \
- \
- ret = 0; \
- for( i = 1; ! alarmed && ! ret ; i++ ) \
- { \
- CODE; \
- } \
- \
- if( ret != 0 ) \
- { \
-PRINT_ERROR; \
- } \
- else \
- printf( "%9lu " TYPE "/s\n", i / 3 ); \
-} while( 0 )
-
unsigned char buf[BUFSIZE];
typedef struct {
@@ -163,21 +245,20 @@
rsa, dhm, ecdsa, ecdh;
} todo_list;
-#define OPTIONS \
- "md4, md5, ripemd160, sha1, sha256, sha512,\n" \
- "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\n" \
- "havege, ctr_drbg, hmac_drbg\n" \
- "rsa, dhm, ecdsa, ecdh.\n"
-
int main( int argc, char *argv[] )
{
- int keysize, i;
+ int i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+ unsigned char malloc_buf[HEAP_SIZE] = { 0 };
+#endif
- if( argc == 1 )
+ if( argc <= 1 )
+ {
memset( &todo, 1, sizeof( todo ) );
+ }
else
{
memset( &todo, 0, sizeof( todo ) );
@@ -228,14 +309,17 @@
todo.ecdh = 1;
else
{
- printf( "Unrecognized option: %s\n", argv[i] );
- printf( "Available options: " OPTIONS );
+ polarssl_printf( "Unrecognized option: %s\n", argv[i] );
+ polarssl_printf( "Available options: " OPTIONS );
}
}
}
- printf( "\n" );
+ polarssl_printf( "\n" );
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+ memory_buffer_alloc_init( malloc_buf, sizeof( malloc_buf ) );
+#endif
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
@@ -306,11 +390,12 @@
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
+ int keysize;
aes_context aes;
aes_init( &aes );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
- snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
@@ -325,10 +410,11 @@
#if defined(POLARSSL_GCM_C)
if( todo.aes_gcm )
{
+ int keysize;
gcm_context gcm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
- snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
@@ -345,10 +431,11 @@
#if defined(POLARSSL_CCM_C)
if( todo.aes_ccm )
{
+ int keysize;
ccm_context ccm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
- snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
@@ -367,11 +454,12 @@
#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.camellia )
{
+ int keysize;
camellia_context camellia;
camellia_init( &camellia );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
- snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
@@ -388,12 +476,13 @@
#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.blowfish )
{
+ int keysize;
blowfish_context blowfish;
blowfish_init( &blowfish );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
- snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
@@ -424,17 +513,17 @@
ctr_drbg_context ctr_drbg;
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
ctr_drbg_free( &ctr_drbg );
}
#endif
@@ -447,43 +536,43 @@
#if defined(POLARSSL_SHA1_C)
if( ( md_info = md_info_from_type( POLARSSL_MD_SHA1 ) ) == NULL )
- exit(1);
+ polarssl_exit(1);
if( hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
if( hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
hmac_drbg_free( &hmac_drbg );
if( hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
hmac_drbg_set_prediction_resistance( &hmac_drbg,
POLARSSL_HMAC_DRBG_PR_ON );
TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
if( hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
hmac_drbg_free( &hmac_drbg );
#endif
#if defined(POLARSSL_SHA256_C)
if( ( md_info = md_info_from_type( POLARSSL_MD_SHA256 ) ) == NULL )
- exit(1);
+ polarssl_exit(1);
if( hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
if( hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
hmac_drbg_free( &hmac_drbg );
if( hmac_drbg_init( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- exit(1);
+ polarssl_exit(1);
hmac_drbg_set_prediction_resistance( &hmac_drbg,
POLARSSL_HMAC_DRBG_PR_ON );
TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
if( hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- exit(1) );
+ polarssl_exit(1) );
hmac_drbg_free( &hmac_drbg );
#endif
}
@@ -492,10 +581,11 @@
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
if( todo.rsa )
{
+ int keysize;
rsa_context rsa;
for( keysize = 1024; keysize <= 4096; keysize *= 2 )
{
- snprintf( title, sizeof( title ), "RSA-%d", keysize );
+ polarssl_snprintf( title, sizeof( title ), "RSA-%d", keysize );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
@@ -516,7 +606,6 @@
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_BIGNUM_C)
if( todo.dhm )
{
-#define DHM_SIZES 3
int dhm_sizes[DHM_SIZES] = { 1024, 2048, 3072 };
const char *dhm_P[DHM_SIZES] = {
POLARSSL_DHM_RFC5114_MODP_1024_P,
@@ -538,22 +627,22 @@
if( mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 ||
mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 )
{
- exit( 1 );
+ polarssl_exit( 1 );
}
dhm.len = mpi_size( &dhm.P );
dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
if( mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
- snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
+ polarssl_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
olen = sizeof( buf );
ret |= dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
myrand, NULL );
ret |= dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
- snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
+ polarssl_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
olen = sizeof( buf );
ret |= dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
@@ -579,14 +668,34 @@
ecdsa_init( &ecdsa );
if( ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
- exit( 1 );
+ polarssl_exit( 1 );
+ ecp_clear_precomputed( &ecdsa.grp );
- snprintf( title, sizeof( title ), "ECDSA-%s",
+ polarssl_snprintf( title, sizeof( title ), "ECDSA-%s",
curve_info->name );
TIME_PUBLIC( title, "sign",
ret = ecdsa_write_signature( &ecdsa, buf, curve_info->size,
tmp, &sig_len, myrand, NULL ) );
+ ecdsa_free( &ecdsa );
+ }
+
+ for( curve_info = ecp_curve_list();
+ curve_info->grp_id != POLARSSL_ECP_DP_NONE;
+ curve_info++ )
+ {
+ ecdsa_init( &ecdsa );
+
+ if( ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
+ ecdsa_write_signature( &ecdsa, buf, curve_info->size,
+ tmp, &sig_len, myrand, NULL ) != 0 )
+ {
+ polarssl_exit( 1 );
+ }
+ ecp_clear_precomputed( &ecdsa.grp );
+
+ polarssl_snprintf( title, sizeof( title ), "ECDSA-%s",
+ curve_info->name );
TIME_PUBLIC( title, "verify",
ret = ecdsa_read_signature( &ecdsa, buf, curve_info->size,
tmp, sig_len ) );
@@ -600,6 +709,9 @@
if( todo.ecdh )
{
ecdh_context ecdh;
+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+ mpi z;
+#endif
const ecp_curve_info *curve_info;
size_t olen;
@@ -614,30 +726,97 @@
myrand, NULL ) != 0 ||
ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 )
{
- exit( 1 );
+ polarssl_exit( 1 );
}
+ ecp_clear_precomputed( &ecdh.grp );
- snprintf( title, sizeof( title ), "ECDHE-%s",
+ polarssl_snprintf( title, sizeof( title ), "ECDHE-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
ret |= ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
myrand, NULL );
ret |= ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
myrand, NULL ) );
+ ecdh_free( &ecdh );
+ }
- snprintf( title, sizeof( title ), "ECDH-%s",
+ /* Curve25519 needs to be handled separately */
+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+ ecdh_init( &ecdh );
+ mpi_init( &z );
+
+ if( ecp_use_known_dp( &ecdh.grp, POLARSSL_ECP_DP_M255 ) != 0 ||
+ ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
+ {
+ polarssl_exit( 1 );
+ }
+
+ TIME_PUBLIC( "ECDHE-Curve25519", "handshake",
+ ret |= ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
+ myrand, NULL );
+ ret |= ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) );
+
+ ecdh_free( &ecdh );
+ mpi_free( &z );
+#endif
+
+ for( curve_info = ecp_curve_list();
+ curve_info->grp_id != POLARSSL_ECP_DP_NONE;
+ curve_info++ )
+ {
+ ecdh_init( &ecdh );
+
+ if( ecp_use_known_dp( &ecdh.grp, curve_info->grp_id ) != 0 ||
+ ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
+ myrand, NULL ) != 0 ||
+ ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ||
+ ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
+ myrand, NULL ) != 0 )
+ {
+ polarssl_exit( 1 );
+ }
+ ecp_clear_precomputed( &ecdh.grp );
+
+ polarssl_snprintf( title, sizeof( title ), "ECDH-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
ret |= ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
myrand, NULL ) );
ecdh_free( &ecdh );
}
+
+ /* Curve25519 needs to be handled separately */
+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+ ecdh_init( &ecdh );
+ mpi_init( &z );
+
+ if( ecp_use_known_dp( &ecdh.grp, POLARSSL_ECP_DP_M255 ) != 0 ||
+ ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
+ myrand, NULL ) != 0 ||
+ ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
+ {
+ polarssl_exit( 1 );
+ }
+
+ TIME_PUBLIC( "ECDH-Curve25519", "handshake",
+ ret |= ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) );
+
+ ecdh_free( &ecdh );
+ mpi_free( &z );
+#endif
}
#endif
- printf( "\n" );
+
+ polarssl_printf( "\n" );
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+ memory_buffer_alloc_free();
+#endif
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c
index e5047e5..f0ade14 100644
--- a/programs/test/o_p_test.c
+++ b/programs/test/o_p_test.c
@@ -1,12 +1,9 @@
/*
- * Test application that shows some PolarSSL and OpenSSL compatibility
+ * Test application that shows some mbed TLS and OpenSSL compatibility
*
- * Copyright (C) 2011-2012 Brainspark B.V.
+ * Copyright (C) 2011-2012 ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,16 +26,21 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <sys/stat.h>
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_FS_IO)
#include <openssl/rsa.h>
+
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+
#include <openssl/pem.h>
#include <openssl/bio.h>
@@ -47,14 +49,16 @@
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
@@ -85,7 +89,7 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
ERR_load_crypto_strings();
@@ -94,38 +98,38 @@
if( argc != 3 )
{
- printf( "usage: o_p_test <keyfile with private_key> <string of max 100 characters>\n" );
+ polarssl_printf( "usage: o_p_test <keyfile with private_key> <string of max 100 characters>\n" );
#ifdef WIN32
- printf( "\n" );
+ polarssl_printf( "\n" );
#endif
goto exit;
}
- printf( " . Reading private key from %s into PolarSSL ...", argv[1] );
+ polarssl_printf( " . Reading private key from %s into mbed TLS ...", argv[1] );
fflush( stdout );
pk_init( &p_pk );
if( pk_parse_keyfile( &p_pk, argv[1], NULL ) != 0 )
{
ret = 1;
- printf( " failed\n ! Could not load key.\n\n" );
+ polarssl_printf( " failed\n ! Could not load key.\n\n" );
goto exit;
}
if( !pk_can_do( &p_pk, POLARSSL_PK_RSA ) )
{
ret = 1;
- printf( " failed\n ! Key is not an RSA key\n" );
+ polarssl_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
p_rsa = pk_rsa( p_pk );
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( " . Reading private key from %s into OpenSSL ...", argv[1] );
+ polarssl_printf( " . Reading private key from %s into OpenSSL ...", argv[1] );
fflush( stdout );
key_file = fopen( argv[1], "r" );
@@ -134,16 +138,16 @@
if( o_rsa == NULL )
{
ret = 1;
- printf( " failed\n ! Could not load key.\n\n" );
+ polarssl_printf( " failed\n ! Could not load key.\n\n" );
goto exit;
}
- printf( " passed\n");
- printf( "\n" );
+ polarssl_printf( " passed\n");
+ polarssl_printf( "\n" );
if( strlen( argv[1] ) > 100 )
{
- printf( " Input data larger than 100 characters.\n\n" );
+ polarssl_printf( " Input data larger than 100 characters.\n\n" );
goto exit;
}
@@ -152,117 +156,117 @@
/*
* Calculate the RSA encryption with public key.
*/
- printf( " . Generating the RSA encrypted value with PolarSSL (RSA_PUBLIC) ..." );
+ polarssl_printf( " . Generating the RSA encrypted value with mbed TLS (RSA_PUBLIC) ..." );
fflush( stdout );
if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, strlen( argv[2] ), input, p_pub_encrypted ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto exit;
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( " . Generating the RSA encrypted value with OpenSSL (PUBLIC) ..." );
+ polarssl_printf( " . Generating the RSA encrypted value with OpenSSL (PUBLIC) ..." );
fflush( stdout );
if( ( ret = RSA_public_encrypt( strlen( argv[2] ), input, o_pub_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
{
unsigned long code = ERR_get_error();
- printf( " failed\n ! RSA_public_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
+ polarssl_printf( " failed\n ! RSA_public_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
goto exit;
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
/*
* Calculate the RSA encryption with private key.
*/
- printf( " . Generating the RSA encrypted value with PolarSSL (RSA_PRIVATE) ..." );
+ polarssl_printf( " . Generating the RSA encrypted value with mbed TLS (RSA_PRIVATE) ..." );
fflush( stdout );
if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, strlen( argv[2] ), input, p_priv_encrypted ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto exit;
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( " . Generating the RSA encrypted value with OpenSSL (PRIVATE) ..." );
+ polarssl_printf( " . Generating the RSA encrypted value with OpenSSL (PRIVATE) ..." );
fflush( stdout );
if( ( ret = RSA_private_encrypt( strlen( argv[2] ), input, o_priv_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
{
unsigned long code = ERR_get_error();
- printf( " failed\n ! RSA_private_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
+ polarssl_printf( " failed\n ! RSA_private_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
goto exit;
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( "\n" );
+ polarssl_printf( "\n" );
/*
* Calculate the RSA decryption with private key.
*/
- printf( " . Generating the RSA decrypted value for OpenSSL (PUBLIC) with PolarSSL (PRIVATE) ..." );
+ polarssl_printf( " . Generating the RSA decrypted value for OpenSSL (PUBLIC) with mbed TLS (PRIVATE) ..." );
fflush( stdout );
if( ( ret = rsa_pkcs1_decrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( " . Generating the RSA decrypted value for PolarSSL (PUBLIC) with OpenSSL (PRIVATE) ..." );
+ polarssl_printf( " . Generating the RSA decrypted value for mbed TLS (PUBLIC) with OpenSSL (PRIVATE) ..." );
fflush( stdout );
if( ( ret = RSA_private_decrypt( p_rsa->len, p_pub_encrypted, o_pub_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
{
unsigned long code = ERR_get_error();
- printf( " failed\n ! RSA_private_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
+ polarssl_printf( " failed\n ! RSA_private_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
/*
* Calculate the RSA decryption with public key.
*/
- printf( " . Generating the RSA decrypted value for OpenSSL (PRIVATE) with PolarSSL (PUBLIC) ..." );
+ polarssl_printf( " . Generating the RSA decrypted value for OpenSSL (PRIVATE) with mbed TLS (PUBLIC) ..." );
fflush( stdout );
if( ( ret = rsa_pkcs1_decrypt( p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
{
- printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( " . Generating the RSA decrypted value for PolarSSL (PRIVATE) with OpenSSL (PUBLIC) ..." );
+ polarssl_printf( " . Generating the RSA decrypted value for mbed TLS (PRIVATE) with OpenSSL (PUBLIC) ..." );
fflush( stdout );
if( ( ret = RSA_public_decrypt( p_rsa->len, p_priv_encrypted, o_priv_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
{
unsigned long code = ERR_get_error();
- printf( " failed\n ! RSA_public_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
+ polarssl_printf( " failed\n ! RSA_public_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
}
else
- printf( " passed\n");
+ polarssl_printf( " passed\n");
- printf( "\n" );
- printf( "String value (OpenSSL Public Encrypt, PolarSSL Private Decrypt): '%s'\n", p_pub_decrypted );
- printf( "String value (PolarSSL Public Encrypt, OpenSSL Private Decrypt): '%s'\n", o_pub_decrypted );
- printf( "String value (OpenSSL Private Encrypt, PolarSSL Public Decrypt): '%s'\n", p_priv_decrypted );
- printf( "String value (PolarSSL Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted );
+ polarssl_printf( "\n" );
+ polarssl_printf( "String value (OpenSSL Public Encrypt, mbed TLS Private Decrypt): '%s'\n", p_pub_decrypted );
+ polarssl_printf( "String value (mbed TLS Public Encrypt, OpenSSL Private Decrypt): '%s'\n", o_pub_decrypted );
+ polarssl_printf( "String value (OpenSSL Private Encrypt, mbed TLS Public Decrypt): '%s'\n", p_priv_decrypted );
+ polarssl_printf( "String value (mbed TLS Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted );
exit:
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#ifdef WIN32
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index edf3d52..a9aef59 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -1,12 +1,9 @@
/*
* Self-test demonstration program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,9 +26,6 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdio.h>
-
#include "polarssl/entropy.h"
#include "polarssl/hmac_drbg.h"
#include "polarssl/ctr_drbg.h"
@@ -59,8 +53,18 @@
#include "polarssl/ecp.h"
#include "polarssl/timing.h"
+#include <stdio.h>
+#include <string.h>
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif
+
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-#include "polarssl/memory.h"
+#include "polarssl/memory_buffer_alloc.h"
#endif
int main( int argc, char *argv[] )
@@ -75,7 +79,7 @@
else
{
v = 1;
- printf( "\n" );
+ polarssl_printf( "\n" );
}
#if defined(POLARSSL_SELF_TEST)
@@ -199,17 +203,16 @@
return( ret );
#endif
-/* Slow tests last */
-
-#if defined(POLARSSL_PBKDF2_C)
+#if defined(POLARSSL_PBKDF2_C) && !defined(POLARSSL_DEPRECATED_REMOVED)
if( ( ret = pbkdf2_self_test( v ) ) != 0 )
return( ret );
-#else
+#endif
#if defined(POLARSSL_PKCS5_C)
if( ( ret = pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
-#endif
+
+/* Slow tests last */
/* Not stable enough on Windows and FreeBSD yet */
#if __linux__ && defined(POLARSSL_TIMING_C)
@@ -218,7 +221,7 @@
#endif
#else
- printf( " POLARSSL_SELF_TEST not defined.\n" );
+ polarssl_printf( " POLARSSL_SELF_TEST not defined.\n" );
#endif
if( v != 0 )
@@ -226,16 +229,23 @@
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
memory_buffer_alloc_status();
#endif
+ }
- printf( " [ All tests passed ]\n\n" );
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+ memory_buffer_alloc_free();
+
+ if( ( ret = memory_buffer_alloc_self_test( v ) ) != 0 )
+ return( ret );
+#endif
+
+ if( v != 0 )
+ {
+ polarssl_printf( " [ All tests passed ]\n\n" );
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
}
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
- memory_buffer_alloc_free();
-#endif
return( ret );
}
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index 2553dba..aade251 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -1,12 +1,9 @@
/*
* SSL certificate functionality tests
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,33 +26,40 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdio.h>
-
-#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
- !defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
- "POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
#else
+#include <stdio.h>
+#define polarssl_snprintf snprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
+#endif
+#if defined(POLARSSL_RSA_C) && defined(POLARSSL_X509_CRT_PARSE_C) && \
+ defined(POLARSSL_FS_IO) && defined(POLARSSL_X509_CRL_PARSE_C)
#include "polarssl/certs.h"
#include "polarssl/x509_crt.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
#if defined _MSC_VER && !defined snprintf
#define snprintf _snprintf
#endif
-
#define MAX_CLIENT_CERTS 8
+#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
+ "POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
const char *client_certificates[MAX_CLIENT_CERTS] =
{
"client1.crt",
@@ -80,23 +84,20 @@
"cert_digest.key"
};
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, i;
x509_crt cacert;
x509_crl crl;
char buf[10240];
- ((void) argc);
- ((void) argv);
-
x509_crt_init( &cacert );
x509_crl_init( &crl );
/*
* 1.1. Load the trusted CA
*/
- printf( "\n . Loading the CA root certificate ..." );
+ polarssl_printf( "\n . Loading the CA root certificate ..." );
fflush( stdout );
/*
@@ -106,32 +107,32 @@
ret = x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
x509_crt_info( buf, 1024, "CRT: ", &cacert );
- printf("%s\n", buf );
+ polarssl_printf("%s\n", buf );
/*
* 1.2. Load the CRL
*/
- printf( " . Loading the CRL ..." );
+ polarssl_printf( " . Loading the CRL ..." );
fflush( stdout );
ret = x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" );
if( ret != 0 )
{
- printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
x509_crl_info( buf, 1024, "CRL: ", &crl );
- printf("%s\n", buf );
+ polarssl_printf("%s\n", buf );
for( i = 0; i < MAX_CLIENT_CERTS; i++ )
{
@@ -146,24 +147,24 @@
x509_crt_init( &clicert );
pk_init( &pk );
- snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
+ polarssl_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
- printf( " . Loading the client certificate %s...", name );
+ polarssl_printf( " . Loading the client certificate %s...", name );
fflush( stdout );
ret = x509_crt_parse_file( &clicert, name );
if( ret != 0 )
{
- printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.4. Verify certificate validity with CA certificate
*/
- printf( " . Verify the client certificate with CA certificate..." );
+ polarssl_printf( " . Verify the client certificate with CA certificate..." );
fflush( stdout );
ret = x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL,
@@ -172,54 +173,49 @@
{
if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
{
- if( flags & BADCERT_CN_MISMATCH )
- printf( " CN_MISMATCH " );
- if( flags & BADCERT_EXPIRED )
- printf( " EXPIRED " );
- if( flags & BADCERT_REVOKED )
- printf( " REVOKED " );
- if( flags & BADCERT_NOT_TRUSTED )
- printf( " NOT_TRUSTED " );
- if( flags & BADCRL_NOT_TRUSTED )
- printf( " CRL_NOT_TRUSTED " );
- if( flags & BADCRL_EXPIRED )
- printf( " CRL_EXPIRED " );
- } else {
- printf( " failed\n ! x509_crt_verify returned %d\n\n", ret );
+ char vrfy_buf[512];
+
+ polarssl_printf( " failed\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ polarssl_printf( "%s\n", vrfy_buf );
+ }
+ else
+ {
+ polarssl_printf( " failed\n ! x509_crt_verify returned %d\n\n", ret );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.5. Load own private key
*/
- snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
+ polarssl_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
- printf( " . Loading the client private key %s...", name );
+ polarssl_printf( " . Loading the client private key %s...", name );
fflush( stdout );
ret = pk_parse_keyfile( &pk, name, NULL );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_keyfile returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.6. Verify certificate validity with private key
*/
- printf( " . Verify the client certificate with private key..." );
+ polarssl_printf( " . Verify the client certificate with private key..." );
fflush( stdout );
/* EC NOT IMPLEMENTED YET */
if( ! pk_can_do( &clicert.pk, POLARSSL_PK_RSA ) )
{
- printf( " failed\n ! certificate's key is not RSA\n\n" );
+ polarssl_printf( " failed\n ! certificate's key is not RSA\n\n" );
ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
goto exit;
}
@@ -227,25 +223,25 @@
ret = mpi_cmp_mpi(&pk_rsa( pk )->N, &pk_rsa( clicert.pk )->N);
if( ret != 0 )
{
- printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
goto exit;
}
ret = mpi_cmp_mpi(&pk_rsa( pk )->E, &pk_rsa( clicert.pk )->E);
if( ret != 0 )
{
- printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
goto exit;
}
ret = rsa_check_privkey( pk_rsa( pk ) );
if( ret != 0 )
{
- printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
x509_crt_free( &clicert );
pk_free( &pk );
@@ -256,7 +252,7 @@
x509_crl_free( &crl );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index b436d17..d8d8196 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -1,12 +1,9 @@
/*
* SSL/TLS stress testing program
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,38 +26,36 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_SRV_C) && \
+ defined(POLARSSL_SSL_CLI_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C)
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_TIMING_C)
#include "polarssl/timing.h"
#endif
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
- !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
- "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or "
- "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or "
- "POLARSSL_X509_CRT_PARSE_C not defined.\n");
- return( 0 );
-}
-#else
-
#define OPMODE_NONE 0
#define OPMODE_CLIENT 1
#define OPMODE_SERVER 2
@@ -86,6 +81,21 @@
#define DFL_SESSION_LIFETIME 86400
#define DFL_FORCE_CIPHER 0
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
+ !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
+ "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or "
+ "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or "
+ "POLARSSL_X509_CRT_PARSE_C not defined.\n");
+ return( 0 );
+}
+#else
int server_fd = -1;
/*
@@ -134,7 +144,7 @@
static void my_debug( void *ctx, int level, const char *str )
{
if( level < ((struct options *) ctx)->debug_level )
- fprintf( stderr, "%s", str );
+ polarssl_fprintf( stderr, "%s", str );
}
/*
@@ -178,7 +188,7 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
@@ -195,13 +205,13 @@
if( ( ret = net_connect( &client_fd, opt->server_name,
opt->server_port ) ) != 0 )
{
- printf( " ! net_connect returned %d\n\n", ret );
+ polarssl_printf( " ! net_connect returned %d\n\n", ret );
return( ret );
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " ! ssl_init returned %d\n\n", ret );
goto exit;
}
@@ -211,14 +221,14 @@
if( opt->opmode == OPMODE_SERVER )
{
#if !defined(POLARSSL_CERTS_C)
- printf("POLARSSL_CERTS_C not defined.\n");
+ polarssl_printf("POLARSSL_CERTS_C not defined.\n");
goto exit;
#else
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
if( ret != 0 )
{
- printf( " ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -226,7 +236,7 @@
strlen( test_ca_list ) );
if( ret != 0 )
{
- printf( " ! x509_crt_parse returned %d\n\n", ret );
+ polarssl_printf( " ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -234,7 +244,7 @@
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " ! pk_parse_key returned %d\n\n", ret );
+ polarssl_printf( " ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
#endif
@@ -244,20 +254,20 @@
if( ( ret = net_bind( &server_fd, NULL,
opt->server_port ) ) != 0 )
{
- printf( " ! net_bind returned %d\n\n", ret );
+ polarssl_printf( " ! net_bind returned %d\n\n", ret );
return( ret );
}
}
if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 )
{
- printf( " ! net_accept returned %d\n\n", ret );
+ polarssl_printf( " ! net_accept returned %d\n\n", ret );
return( ret );
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " ! ssl_init returned %d\n\n", ret );
return( ret );
}
@@ -265,7 +275,7 @@
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
}
@@ -284,17 +294,17 @@
{
if( ( ret = net_set_nonblock( client_fd ) ) != 0 )
{
- printf( " ! net_set_nonblock returned %d\n\n", ret );
+ polarssl_printf( " ! net_set_nonblock returned %d\n\n", ret );
return( ret );
}
}
- read_buf = (unsigned char *) malloc( opt->buffer_size );
- write_buf = (unsigned char *) malloc( opt->buffer_size );
+ read_buf = polarssl_malloc( opt->buffer_size );
+ write_buf = polarssl_malloc( opt->buffer_size );
if( read_buf == NULL || write_buf == NULL )
{
- printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size );
+ polarssl_printf( " ! polarssl_malloc(%d bytes) failed\n\n", opt->buffer_size );
goto exit;
}
@@ -336,7 +346,7 @@
if( ret < 0 && ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " ! ssl_write returned %d\n\n", ret );
+ polarssl_printf( " ! ssl_write returned %d\n\n", ret );
break;
}
}
@@ -360,7 +370,7 @@
(unsigned char) lcppm5( read_state ) )
{
ret = 1;
- printf( " ! plaintext mismatch\n\n" );
+ polarssl_printf( " ! plaintext mismatch\n\n" );
goto exit;
}
}
@@ -382,7 +392,7 @@
if( ret < 0 && ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " ! ssl_read returned %d\n\n", ret );
+ polarssl_printf( " ! ssl_read returned %d\n\n", ret );
break;
}
}
@@ -447,7 +457,7 @@
" session_reuse=on/off default: on (enabled)\n" \
" session_lifetime=%%d (s) default: 86400\n" \
" force_ciphersuite=<name> default: all enabled\n" \
- " acceptable ciphersuite names:\n"
+ " acceptable ciphersuite names:\n"
int main( int argc, char *argv[] )
{
@@ -461,15 +471,15 @@
if( argc == 1 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
- printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
+ polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
- printf("\n");
+ polarssl_printf("\n");
goto exit;
}
@@ -614,7 +624,7 @@
exit:
#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
+ polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index aedd94f..f302de7 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- polarssl
+ mbedtls
)
add_executable(strerror strerror.c)
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index dfd7a49..8ef3e4b 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -1,12 +1,9 @@
/*
* Convert PEM to DER
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,23 +26,38 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_printf printf
+#endif
+#if defined(POLARSSL_BASE64_C) && defined(POLARSSL_FS_IO)
#include "polarssl/error.h"
#include "polarssl/base64.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#define DFL_FILENAME "file.pem"
#define DFL_OUTPUT_FILENAME "file.der"
-#if !defined(POLARSSL_BASE64_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
+#define USAGE \
+ "\n usage: pem2der param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: file.pem\n" \
+ " output_file=%%s default: file.der\n" \
+ "\n"
- printf("POLARSSL_BASE64_C and/or POLARSSL_FS_IO not defined.\n");
+#if !defined(POLARSSL_BASE64_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BASE64_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
@@ -124,7 +136,7 @@
*n = (size_t) size;
if( *n + 1 == 0 ||
- ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
+ ( *buf = polarssl_malloc( *n + 1 ) ) == NULL )
{
fclose( f );
return( -1 );
@@ -165,13 +177,6 @@
return( 0 );
}
-#define USAGE \
- "\n usage: pem2der param=<>...\n" \
- "\n acceptable parameters:\n" \
- " filename=%%s default: file.pem\n" \
- " output_file=%%s default: file.der\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -191,7 +196,7 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
goto exit;
}
@@ -217,7 +222,7 @@
/*
* 1.1. Load the PEM file
*/
- printf( "\n . Loading the PEM file ..." );
+ polarssl_printf( "\n . Loading the PEM file ..." );
fflush( stdout );
ret = load_file( opt.filename, &pem_buffer, &pem_size );
@@ -227,16 +232,16 @@
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, 1024 );
#endif
- printf( " failed\n ! load_file returned %d - %s\n\n", ret, buf );
+ polarssl_printf( " failed\n ! load_file returned %d - %s\n\n", ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2. Convert from PEM to DER
*/
- printf( " . Converting from PEM to DER ..." );
+ polarssl_printf( " . Converting from PEM to DER ..." );
fflush( stdout );
if( ( ret = convert_pem_to_der( pem_buffer, pem_size, der_buffer, &der_size ) ) != 0 )
@@ -244,16 +249,16 @@
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, 1024 );
#endif
- printf( " failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf );
+ polarssl_printf( " failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.3. Write the DER file
*/
- printf( " . Writing the DER file ..." );
+ polarssl_printf( " . Writing the DER file ..." );
fflush( stdout );
ret = write_file( opt.output_file, der_buffer, der_size );
@@ -263,17 +268,17 @@
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, 1024 );
#endif
- printf( " failed\n ! write_file returned %d - %s\n\n", ret, buf );
+ polarssl_printf( " failed\n ! write_file returned %d - %s\n\n", ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
exit:
free( pem_buffer );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index b56eaae..715bd3f 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -1,12 +1,9 @@
/*
* Translate error code to error string
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2012, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,23 +26,29 @@
#include POLARSSL_CONFIG_FILE
#endif
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_ERROR_C) || defined(POLARSSL_ERROR_STRERROR_DUMMY)
+#include "polarssl/error.h"
+
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <stdio.h>
-
-#include "polarssl/error.h"
+#endif
#define USAGE \
"\n usage: strerror <errorcode>\n" \
"\n where <errorcode> can be a decimal or hexadecimal (starts with 0x or -0x)\n"
#if !defined(POLARSSL_ERROR_C) && !defined(POLARSSL_ERROR_STRERROR_DUMMY)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_ERROR_C and/or POLARSSL_ERROR_STRERROR_DUMMY not defined.\n");
+ polarssl_printf("POLARSSL_ERROR_C and/or POLARSSL_ERROR_STRERROR_DUMMY not defined.\n");
return( 0 );
}
#else
@@ -56,7 +59,7 @@
if( argc != 2 )
{
- printf( USAGE );
+ polarssl_printf( USAGE );
return( 0 );
}
@@ -66,7 +69,7 @@
val = strtol( argv[1], &end, 16 );
if( *end != '\0' )
{
- printf( USAGE );
+ polarssl_printf( USAGE );
return( 0 );
}
}
@@ -77,11 +80,11 @@
{
char error_buf[200];
polarssl_strerror( val, error_buf, 200 );
- printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf );
+ polarssl_printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf );
}
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/wince_main.c b/programs/wince_main.c
index 946569e..aa1401c 100644
--- a/programs/wince_main.c
+++ b/programs/wince_main.c
@@ -1,12 +1,9 @@
/*
* Windows CE console application entry point
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index fe46da5..4e39e45 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- polarssl
+ mbedtls
)
if(USE_PKCS11_HELPER_LIBRARY)
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 5f8636b..51d71ae 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -1,12 +1,9 @@
/*
* Certificate reading application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,27 +26,22 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
-
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/net.h"
-#include "polarssl/ssl.h"
-#include "polarssl/x509.h"
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or "
@@ -58,6 +50,16 @@
}
#else
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/x509.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
#define MODE_NONE 0
#define MODE_FILE 1
#define MODE_SSL 2
@@ -72,6 +74,26 @@
#define DFL_DEBUG_LEVEL 0
#define DFL_PERMISSIVE 0
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none)\n" \
+ " crl_file=%%s The single CRL file you want to use\n" \
+ " default: \"\" (none)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none) (overrides ca_file)\n"
+
+#define USAGE \
+ "\n usage: cert_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=file|ssl default: none\n" \
+ " filename=%%s default: cert.crt\n" \
+ USAGE_IO \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " permissive=%%d default: 0 (disabled)\n" \
+ "\n"
+
/*
* global options
*/
@@ -92,7 +114,7 @@
{
if( level < opt.debug_level )
{
- fprintf( (FILE *) ctx, "%s", str );
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
@@ -102,57 +124,21 @@
char buf[1024];
((void) data);
- printf( "\nVerify requested for (Depth %d):\n", depth );
+ polarssl_printf( "\nVerify requested for (Depth %d):\n", depth );
x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- printf( "%s", buf );
-
- if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
-
- if( ( (*flags) & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
-
- if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch\n" );
-
- if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
- printf( " ! CRL not trusted\n" );
-
- if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
- printf( " ! CRL expired\n" );
-
- if( ( (*flags) & BADCERT_OTHER ) != 0 )
- printf( " ! other (unknown) flag\n" );
+ polarssl_printf( "%s", buf );
if ( ( *flags ) == 0 )
- printf( " This certificate has no flags\n" );
+ polarssl_printf( " This certificate has no flags\n" );
+ else
+ {
+ x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
+ polarssl_printf( "%s\n", buf );
+ }
return( 0 );
}
-#define USAGE_IO \
- " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
- " default: \"\" (none)\n" \
- " crl_file=%%s The single CRL file you want to use\n" \
- " default: \"\" (none)\n" \
- " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
- " default: \"\" (none) (overrides ca_file)\n"
-
-#define USAGE \
- "\n usage: cert_app param=<>...\n" \
- "\n acceptable parameters:\n" \
- " mode=file|ssl default: none\n" \
- " filename=%%s default: cert.crt\n" \
- USAGE_IO \
- " server_name=%%s default: localhost\n" \
- " server_port=%%d default: 4433\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " permissive=%%d default: 0 (disabled)\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0, server_fd;
@@ -187,7 +173,8 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
+ ret = 2;
goto exit;
}
@@ -258,7 +245,7 @@
/*
* 1.1. Load the trusted CA
*/
- printf( " . Loading the CA root certificate ..." );
+ polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
if( strlen( opt.ca_path ) )
@@ -274,18 +261,18 @@
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- printf( " ok (%d skipped)\n", ret );
+ polarssl_printf( " ok (%d skipped)\n", ret );
#if defined(POLARSSL_X509_CRL_PARSE_C)
if( strlen( opt.crl_file ) )
{
if( ( ret = x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
{
- printf( " failed\n ! x509_crl_parse returned -0x%x\n\n", -ret );
+ polarssl_printf( " failed\n ! x509_crl_parse returned -0x%x\n\n", -ret );
goto exit;
}
@@ -302,75 +289,69 @@
/*
* 1.1. Load the certificate(s)
*/
- printf( "\n . Loading the certificate(s) ..." );
+ polarssl_printf( "\n . Loading the certificate(s) ..." );
fflush( stdout );
ret = x509_crt_parse_file( &crt, opt.filename );
if( ret < 0 )
{
- printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
x509_crt_free( &crt );
goto exit;
}
if( opt.permissive == 0 && ret > 0 )
{
- printf( " failed\n ! x509_crt_parse failed to parse %d certificates\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_parse failed to parse %d certificates\n\n", ret );
x509_crt_free( &crt );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the certificate(s)
*/
while( cur != NULL )
{
- printf( " . Peer certificate information ...\n" );
+ polarssl_printf( " . Peer certificate information ...\n" );
ret = x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
cur );
if( ret == -1 )
{
- printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
x509_crt_free( &crt );
goto exit;
}
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
cur = cur->next;
}
+ ret = 0;
+
/*
* 1.3 Verify the certificate
*/
if( verify )
{
- printf( " . Verifying X.509 certificate..." );
+ polarssl_printf( " . Verifying X.509 certificate..." );
if( ( ret = x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
my_verify, NULL ) ) != 0 )
{
- printf( " failed\n" );
+ char vrfy_buf[512];
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- printf( " ! server certificate has expired\n" );
+ polarssl_printf( " failed\n" );
- if( ( ret & BADCERT_REVOKED ) != 0 )
- printf( " ! server certificate has been revoked\n" );
+ x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
- if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
- printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- printf( " ! self-signed or not signed by a trusted CA\n" );
-
- printf( "\n" );
+ polarssl_printf( "%s\n", vrfy_buf );
}
else
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
x509_crt_free( &crt );
@@ -380,7 +361,7 @@
/*
* 1. Initialize the RNG and the session data
*/
- printf( "\n . Seeding the random number generator..." );
+ polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -388,23 +369,23 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 2. Start the connection
*/
- printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
+ polarssl_printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port ) ) != 0 )
{
- printf( " failed\n ! net_connect returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
@@ -413,7 +394,7 @@
*/
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
- printf( " failed\n ! ssl_init returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
@@ -434,14 +415,14 @@
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
- printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
- printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
@@ -453,28 +434,28 @@
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
- printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
ssl_free( &ssl );
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 5. Print the certificate
*/
- printf( " . Peer certificate information ...\n" );
+ polarssl_printf( " . Peer certificate information ...\n" );
ret = x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl.session->peer_cert );
if( ret == -1 )
{
- printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
ssl_free( &ssl );
goto exit;
}
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
ssl_close_notify( &ssl );
ssl_free( &ssl );
@@ -496,10 +477,13 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
+ if( ret < 0 )
+ ret = 1;
+
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index f229e0b..01b8107 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -1,12 +1,9 @@
/*
* Certificate request generation
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,38 +26,69 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
-
-#include "polarssl/x509_csr.h"
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/error.h"
+#define polarssl_printf printf
+#endif
#if !defined(POLARSSL_X509_CSR_WRITE_C) || !defined(POLARSSL_FS_IO) || \
- !defined(POLARSSL_PK_PARSE_C) || \
+ !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or "
- "POLARSSL_PK_PARSE_C and/or "
+ polarssl_printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or "
+ "POLARSSL_PK_PARSE_C and/or POLARSSL_SHA256_c and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C "
"not defined.\n");
return( 0 );
}
#else
+#include "polarssl/x509_csr.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
#define DFL_FILENAME "keyfile.key"
#define DFL_DEBUG_LEVEL 0
#define DFL_OUTPUT_FILENAME "cert.req"
-#define DFL_SUBJECT_NAME "CN=Cert,O=PolarSSL,C=NL"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
#define DFL_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
+#define USAGE \
+ "\n usage: cert_req param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " output_file=%%s default: cert.req\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_certificate_sign\n" \
+ " crl_sign\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ "\n"
+
/*
* global options
*/
@@ -103,33 +131,6 @@
return( 0 );
}
-#define USAGE \
- "\n usage: cert_req param=<>...\n" \
- "\n acceptable parameters:\n" \
- " filename=%%s default: keyfile.key\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " output_file=%%s default: cert.req\n" \
- " subject_name=%%s default: CN=Cert,O=PolarSSL,C=NL\n" \
- " key_usage=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " digital_signature\n" \
- " non_repudiation\n" \
- " key_encipherment\n" \
- " data_encipherment\n" \
- " key_agreement\n" \
- " key_certificate_sign\n" \
- " crl_sign\n" \
- " ns_cert_type=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " ssl_client\n" \
- " ssl_server\n" \
- " email\n" \
- " object_signing\n" \
- " ssl_ca\n" \
- " email_ca\n" \
- " object_signing_ca\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -146,14 +147,14 @@
* Set to sane values
*/
x509write_csr_init( &req );
- x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 );
+ x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA256 );
pk_init( &key );
memset( buf, 0, sizeof( buf ) );
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
ret = 1;
goto exit;
}
@@ -254,7 +255,7 @@
/*
* 0. Seed the PRNG
*/
- printf( " . Seeding the random number generator..." );
+ polarssl_printf( " . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -262,58 +263,58 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- printf( " failed\n ! ctr_drbg_init returned %d", ret );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.0. Check the subject name for validity
*/
- printf( " . Checking subjet name..." );
+ polarssl_printf( " . Checking subjet name..." );
fflush( stdout );
if( ( ret = x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
{
- printf( " failed\n ! x509write_csr_set_subject_name returned %d", ret );
+ polarssl_printf( " failed\n ! x509write_csr_set_subject_name returned %d", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.1. Load the key
*/
- printf( " . Loading the private key ..." );
+ polarssl_printf( " . Loading the private key ..." );
fflush( stdout );
ret = pk_parse_keyfile( &key, opt.filename, NULL );
if( ret != 0 )
{
- printf( " failed\n ! pk_parse_keyfile returned %d", ret );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned %d", ret );
goto exit;
}
x509write_csr_set_key( &req, &key );
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2. Writing the request
*/
- printf( " . Writing the certificate request ..." );
+ polarssl_printf( " . Writing the certificate request ..." );
fflush( stdout );
if( ( ret = write_certificate_request( &req, opt.output_file,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- printf( " failed\n ! write_certifcate_request %d", ret );
+ polarssl_printf( " failed\n ! write_certifcate_request %d", ret );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
exit:
@@ -321,9 +322,9 @@
{
#ifdef POLARSSL_ERROR_C
polarssl_strerror( ret, buf, sizeof( buf ) );
- printf( " - %s\n", buf );
+ polarssl_printf( " - %s\n", buf );
#else
- printf("\n");
+ polarssl_printf("\n");
#endif
}
@@ -333,7 +334,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 8f0616c..5010193 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -1,12 +1,9 @@
/*
* Certificate generation and signing
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,21 +26,21 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
+#define polarssl_printf printf
+#endif
#if !defined(POLARSSL_X509_CRT_WRITE_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_ERROR_C)
-int main( int argc, char *argv[] )
+ !defined(POLARSSL_ERROR_C) || !defined(POLARSSL_SHA256_C)
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf( "POLARSSL_X509_CRT_WRITE_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
- "POLARSSL_FS_IO and/or "
+ polarssl_printf( "POLARSSL_X509_CRT_WRITE_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
+ "POLARSSL_FS_IO and/or POLARSSL_SHA256_C and_or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_ERROR_C not defined.\n");
return( 0 );
@@ -56,6 +53,19 @@
#include "polarssl/ctr_drbg.h"
#include "polarssl/error.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(POLARSSL_X509_CSR_PARSE_C)
+#define USAGE_CSR \
+ " request_file=%%s default: (empty)\n" \
+ " If request_file is specified, subject_key,\n" \
+ " subject_pwd and subject_name are ignored!\n"
+#else
+#define USAGE_CSR ""
+#endif /* POLARSSL_X509_CSR_PARSE_C */
+
#define DFL_ISSUER_CRT ""
#define DFL_REQUEST_FILE ""
#define DFL_SUBJECT_KEY "subject.key"
@@ -63,8 +73,8 @@
#define DFL_SUBJECT_PWD ""
#define DFL_ISSUER_PWD ""
#define DFL_OUTPUT_FILENAME "cert.crt"
-#define DFL_SUBJECT_NAME "CN=Cert,O=PolarSSL,C=NL"
-#define DFL_ISSUER_NAME "CN=CA,O=PolarSSL,C=NL"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
+#define DFL_ISSUER_NAME "CN=CA,O=mbed TLS,C=UK"
#define DFL_NOT_BEFORE "20010101000000"
#define DFL_NOT_AFTER "20301231235959"
#define DFL_SERIAL "1"
@@ -74,6 +84,51 @@
#define DFL_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
+#define USAGE \
+ "\n usage: cert_write param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ USAGE_CSR \
+ " subject_key=%%s default: subject.key\n" \
+ " subject_pwd=%%s default: (empty)\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " issuer_crt=%%s default: (empty)\n" \
+ " If issuer_crt is specified, issuer_name is\n" \
+ " ignored!\n" \
+ " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " selfsign=%%d default: 0 (false)\n" \
+ " If selfsign is enabled, issuer_name and\n" \
+ " issuer_key are required (issuer_crt and\n" \
+ " subject_* are ignored\n" \
+ " issuer_key=%%s default: ca.key\n" \
+ " issuer_pwd=%%s default: (empty)\n" \
+ " output_file=%%s default: cert.crt\n" \
+ " serial=%%s default: 1\n" \
+ " not_before=%%s default: 20010101000000\n"\
+ " not_after=%%s default: 20301231235959\n"\
+ " is_ca=%%d default: 0 (disabled)\n" \
+ " max_pathlen=%%d default: -1 (none)\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_certificate_sign\n" \
+ " crl_sign\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ "\n"
+
/*
* global options
*/
@@ -127,60 +182,6 @@
return( 0 );
}
-#if defined(POLARSSL_X509_CSR_PARSE_C)
-#define USAGE_CSR \
- " request_file=%%s default: (empty)\n" \
- " If request_file is specified, subject_key,\n" \
- " subject_pwd and subject_name are ignored!\n"
-#else
-#define USAGE_CSR ""
-#endif /* POLARSSL_X509_CSR_PARSE_C */
-
-#define USAGE \
- "\n usage: cert_write param=<>...\n" \
- "\n acceptable parameters:\n" \
- USAGE_CSR \
- " subject_key=%%s default: subject.key\n" \
- " subject_pwd=%%s default: (empty)\n" \
- " subject_name=%%s default: CN=Cert,O=PolarSSL,C=NL\n" \
- "\n" \
- " issuer_crt=%%s default: (empty)\n" \
- " If issuer_crt is specified, issuer_name is\n" \
- " ignored!\n" \
- " issuer_name=%%s default: CN=CA,O=PolarSSL,C=NL\n" \
- "\n" \
- " selfsign=%%d default: 0 (false)\n" \
- " If selfsign is enabled, issuer_name and\n" \
- " issuer_key are required (issuer_crt and\n" \
- " subject_* are ignored\n" \
- " issuer_key=%%s default: ca.key\n" \
- " issuer_pwd=%%s default: (empty)\n" \
- " output_file=%%s default: cert.crt\n" \
- " serial=%%s default: 1\n" \
- " not_before=%%s default: 20010101000000\n"\
- " not_after=%%s default: 20301231235959\n"\
- " is_ca=%%d default: 0 (disabled)\n" \
- " max_pathlen=%%d default: -1 (none)\n" \
- " key_usage=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " digital_signature\n" \
- " non_repudiation\n" \
- " key_encipherment\n" \
- " data_encipherment\n" \
- " key_agreement\n" \
- " key_certificate_sign\n" \
- " crl_sign\n" \
- " ns_cert_type=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " ssl_client\n" \
- " ssl_server\n" \
- " email\n" \
- " object_signing\n" \
- " ssl_ca\n" \
- " email_ca\n" \
- " object_signing_ca\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -206,7 +207,7 @@
* Set to sane values
*/
x509write_crt_init( &crt );
- x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA1 );
+ x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA256 );
pk_init( &loaded_issuer_key );
pk_init( &loaded_subject_key );
mpi_init( &serial );
@@ -219,7 +220,7 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
ret = 1;
goto exit;
}
@@ -361,12 +362,12 @@
goto usage;
}
- printf("\n");
+ polarssl_printf("\n");
/*
* 0. Seed the PRNG
*/
- printf( " . Seeding the random number generator..." );
+ polarssl_printf( " . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -375,25 +376,25 @@
strlen( pers ) ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
+ polarssl_printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
// Parse serial to MPI
//
- printf( " . Reading serial number..." );
+ polarssl_printf( " . Reading serial number..." );
fflush( stdout );
if( ( ret = mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
// Parse issuer certificate if present
//
@@ -402,13 +403,13 @@
/*
* 1.0.a. Load the certificates
*/
- printf( " . Loading the issuer certificate ..." );
+ polarssl_printf( " . Loading the issuer certificate ..." );
fflush( stdout );
if( ( ret = x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
@@ -417,13 +418,13 @@
if( ret < 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
opt.issuer_name = issuer_name;
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
#if defined(POLARSSL_X509_CSR_PARSE_C)
@@ -434,13 +435,13 @@
/*
* 1.0.b. Load the CSR
*/
- printf( " . Loading the certificate request ..." );
+ polarssl_printf( " . Loading the certificate request ..." );
fflush( stdout );
if( ( ret = x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
@@ -449,14 +450,14 @@
if( ret < 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
opt.subject_name = subject_name;
subject_key = &csr.pk;
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_X509_CSR_PARSE_C */
@@ -465,7 +466,7 @@
*/
if( !opt.selfsign && !strlen( opt.request_file ) )
{
- printf( " . Loading the subject key ..." );
+ polarssl_printf( " . Loading the subject key ..." );
fflush( stdout );
ret = pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
@@ -473,14 +474,14 @@
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
- printf( " . Loading the issuer key ..." );
+ polarssl_printf( " . Loading the issuer key ..." );
fflush( stdout );
ret = pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
@@ -488,7 +489,7 @@
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
goto exit;
}
@@ -502,13 +503,13 @@
mpi_cmp_mpi( &pk_rsa( issuer_crt.pk )->E,
&pk_rsa( *issuer_key )->E ) != 0 )
{
- printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
+ polarssl_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
ret = -1;
goto exit;
}
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
if( opt.selfsign )
{
@@ -525,25 +526,25 @@
if( ( ret = x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
if( ( ret = x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " . Setting certificate values ..." );
+ polarssl_printf( " . Setting certificate values ..." );
fflush( stdout );
ret = x509write_crt_set_serial( &crt, &serial );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
@@ -551,13 +552,13 @@
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
- printf( " . Adding the Basic Constraints extension ..." );
+ polarssl_printf( " . Adding the Basic Constraints extension ..." );
fflush( stdout );
ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
@@ -565,87 +566,87 @@
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#if defined(POLARSSL_SHA1_C)
- printf( " . Adding the Subject Key Identifier ..." );
+ polarssl_printf( " . Adding the Subject Key Identifier ..." );
fflush( stdout );
ret = x509write_crt_set_subject_key_identifier( &crt );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
- printf( " . Adding the Authority Key Identifier ..." );
+ polarssl_printf( " . Adding the Authority Key Identifier ..." );
fflush( stdout );
ret = x509write_crt_set_authority_key_identifier( &crt );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
#endif /* POLARSSL_SHA1_C */
if( opt.key_usage )
{
- printf( " . Adding the Key Usage extension ..." );
+ polarssl_printf( " . Adding the Key Usage extension ..." );
fflush( stdout );
ret = x509write_crt_set_key_usage( &crt, opt.key_usage );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
if( opt.ns_cert_type )
{
- printf( " . Adding the NS Cert Type extension ..." );
+ polarssl_printf( " . Adding the NS Cert Type extension ..." );
fflush( stdout );
ret = x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
}
/*
* 1.2. Writing the request
*/
- printf( " . Writing the certificate..." );
+ polarssl_printf( " . Writing the certificate..." );
fflush( stdout );
if( ( ret = write_certificate( &crt, opt.output_file,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
- printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
+ polarssl_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
exit:
x509write_crt_free( &crt );
@@ -656,7 +657,7 @@
entropy_free( &entropy );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index b1f0a02..ecd5e67 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -1,12 +1,9 @@
/*
* CRL reading application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,28 +26,38 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
-
-#include "polarssl/x509_crl.h"
+#define polarssl_printf printf
+#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRL_PARSE_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_CRL_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
+#include "polarssl/x509_crl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
#define DFL_FILENAME "crl.pem"
#define DFL_DEBUG_LEVEL 0
+#define USAGE \
+ "\n usage: crl_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: crl.pem\n" \
+ "\n"
+
/*
* global options
*/
@@ -59,12 +66,6 @@
const char *filename; /* filename of the certificate file */
} opt;
-#define USAGE \
- "\n usage: crl_app param=<>...\n" \
- "\n acceptable parameters:\n" \
- " filename=%%s default: crl.pem\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -81,7 +82,7 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
goto exit;
}
@@ -103,39 +104,39 @@
/*
* 1.1. Load the CRL
*/
- printf( "\n . Loading the CRL ..." );
+ polarssl_printf( "\n . Loading the CRL ..." );
fflush( stdout );
ret = x509_crl_parse_file( &crl, opt.filename );
if( ret != 0 )
{
- printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
x509_crl_free( &crl );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the CRL
*/
- printf( " . CRL information ...\n" );
+ polarssl_printf( " . CRL information ...\n" );
ret = x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
if( ret == -1 )
{
- printf( " failed\n ! x509_crl_info returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_crl_info returned %d\n\n", ret );
x509_crl_free( &crl );
goto exit;
}
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
exit:
x509_crl_free( &crl );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 91bb2dc..31660f9 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -1,12 +1,9 @@
/*
* Certificate request reading application
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,28 +26,38 @@
#include POLARSSL_CONFIG_FILE
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
#include <stdio.h>
-
-#include "polarssl/x509_csr.h"
+#define polarssl_printf printf
+#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CSR_PARSE_C) || !defined(POLARSSL_FS_IO)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_CSR_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
+#include "polarssl/x509_csr.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
#define DFL_FILENAME "cert.req"
#define DFL_DEBUG_LEVEL 0
+#define USAGE \
+ "\n usage: req_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: cert.req\n" \
+ "\n"
+
/*
* global options
*/
@@ -59,12 +66,6 @@
const char *filename; /* filename of the certificate request */
} opt;
-#define USAGE \
- "\n usage: req_app param=<>...\n" \
- "\n acceptable parameters:\n" \
- " filename=%%s default: cert.req\n" \
- "\n"
-
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -81,7 +82,7 @@
if( argc == 0 )
{
usage:
- printf( USAGE );
+ polarssl_printf( USAGE );
goto exit;
}
@@ -103,39 +104,39 @@
/*
* 1.1. Load the CSR
*/
- printf( "\n . Loading the CSR ..." );
+ polarssl_printf( "\n . Loading the CSR ..." );
fflush( stdout );
ret = x509_csr_parse_file( &csr, opt.filename );
if( ret != 0 )
{
- printf( " failed\n ! x509_csr_parse_file returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_csr_parse_file returned %d\n\n", ret );
x509_csr_free( &csr );
goto exit;
}
- printf( " ok\n" );
+ polarssl_printf( " ok\n" );
/*
* 1.2 Print the CSR
*/
- printf( " . CSR information ...\n" );
+ polarssl_printf( " . CSR information ...\n" );
ret = x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
if( ret == -1 )
{
- printf( " failed\n ! x509_csr_info returned %d\n\n", ret );
+ polarssl_printf( " failed\n ! x509_csr_info returned %d\n\n", ret );
x509_csr_free( &csr );
goto exit;
}
- printf( "%s\n", buf );
+ polarssl_printf( "%s\n", buf );
exit:
x509_csr_free( &csr );
#if defined(_WIN32)
- printf( " + Press Enter to exit this program.\n" );
+ polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 5c2f268..64af2dc 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -56,7 +56,7 @@
mv tmp library/CMakeLists.txt
[ $VERBOSE ] && echo "Bumping SOVERSION in library/Makefile"
- sed -e "s/SONAME=libpolarssl.so.[0-9]\+/SONAME=libpolarssl.so.$SOVERSION/g" -e "s/DLEXT=so.[0-9]\+/DLEXT=so.$SOVERSION/g" < library/Makefile > tmp
+ sed -e "s/SOEXT=so.[0-9]\+/SOEXT=so.$SOVERSION/g" < library/Makefile > tmp
mv tmp library/Makefile
fi
@@ -69,7 +69,7 @@
sed -e "s/_VERSION_PATCH .\+/_VERSION_PATCH $PATCH/" | \
sed -e "s/_VERSION_NUMBER .\+/_VERSION_NUMBER $VERSION_NR/" | \
sed -e "s/_VERSION_STRING .\+/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\+/_VERSION_STRING_FULL \"PolarSSL $VERSION\"/" \
+ sed -e "s/_VERSION_STRING_FULL .\+/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
> tmp
mv tmp include/polarssl/version.h
@@ -77,10 +77,10 @@
sed -e "s/version:\".\+/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
mv tmp tests/suites/test_suite_version.data
-[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/polarssl.doxyfile and doxygen/input/doc_mainpage.h"
-for i in doxygen/polarssl.doxyfile doxygen/input/doc_mainpage.h;
+[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
+for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/PolarSSL v[0-9\.]\+/PolarSSL v$VERSION/g" < $i > tmp
+ sed -e "s/mbed TLS v[0-9\.]\+/mbed TLS v$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/check_doxy_blocks.pl b/scripts/check_doxy_blocks.pl
index d547a62..2601d88 100755
--- a/scripts/check_doxy_blocks.pl
+++ b/scripts/check_doxy_blocks.pl
@@ -4,7 +4,7 @@
#
# More precisely, look for normal comment block containing '\'.
# Of course one could use doxygen warnings, eg with:
-# sed -e '/EXTRACT/s/YES/NO/' doxygen/polarssl.doxyfile | doxygen -
+# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
# but that would warn about any undocumented item, while our goal is to find
# items that are documented, but not marked as such by mistake.
diff --git a/scripts/config.pl b/scripts/config.pl
index d04be59..c105a23 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -6,10 +6,11 @@
use strict;
my $usage = <<EOU;
-$0 [-f <file>] full
$0 [-f <file>] unset <name>
$0 [-f <file>] set <name> [<value>]
EOU
+# for our eyes only:
+# $0 [-f <file>] full
# Things that shouldn't be enabled with "full".
# Notes:
@@ -27,6 +28,7 @@
POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
POLARSSL_NO_PLATFORM_ENTROPY
POLARSSL_SSL_HW_RECORD_ACCEL
+POLARSSL_SSL_DISABLE_RENEGOTIATION
POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
POLARSSL_ZLIB_SUPPORT
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index b698427..7449d85 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -1,12 +1,9 @@
/*
* Error message information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -31,14 +28,20 @@
#if defined(POLARSSL_ERROR_C) || defined(POLARSSL_ERROR_STRERROR_DUMMY)
#include "polarssl/error.h"
+#include <string.h>
+#endif
+
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#define polarssl_snprintf snprintf
#endif
#if defined(POLARSSL_ERROR_C)
+#include <stdio.h>
+
HEADER_INCLUDED
-
-#include <string.h>
-
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#define snprintf _snprintf
@@ -70,7 +73,7 @@
// END generated code
if( strlen( buf ) == 0 )
- snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+ polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
use_ret = ret & ~0xFF80;
@@ -88,7 +91,7 @@
if( buflen - len < 5 )
return;
- snprintf( buf + len, buflen - len, " : " );
+ polarssl_snprintf( buf + len, buflen - len, " : " );
buf += len + 3;
buflen -= len + 3;
@@ -103,7 +106,7 @@
if( strlen( buf ) != 0 )
return;
- snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+ polarssl_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
#if defined(POLARSSL_ERROR_STRERROR_BC)
@@ -117,8 +120,6 @@
#if defined(POLARSSL_ERROR_STRERROR_DUMMY)
-#include <string.h>
-
/*
* Provide an non-function in case POLARSSL_ERROR_C is not defined
*/
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index f1d90cf..500e026 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -1,12 +1,9 @@
/*
* Version feature information
*
- * Copyright (C) 2006-2014, Brainspark B.V.
+ * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
*
- * This file is part of PolarSSL (http://www.polarssl.org)
- * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
- *
- * All rights reserved.
+ * This file is part of mbed TLS (https://tls.mbed.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -40,7 +37,7 @@
#define strcasecmp _stricmp
#endif
-const char *features[] = {
+static const char *features[] = {
#if defined(POLARSSL_VERSION_FEATURES)
FEATURE_DEFINES
#endif /* POLARSSL_VERSION_FEATURES */
diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj
index 9e2b47a..593c22d 100644
--- a/scripts/data_files/vs2010-app-template.vcxproj
+++ b/scripts/data_files/vs2010-app-template.vcxproj
@@ -22,7 +22,7 @@
<ClCompile Include="..\..\programs\<PATHNAME>.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj
index 20d3de5..6e30ffe 100644
--- a/scripts/data_files/vs2010-main-template.vcxproj
+++ b/scripts/data_files/vs2010-main-template.vcxproj
@@ -21,7 +21,7 @@
<PropertyGroup Label="Globals">
<ProjectGuid>{46CF2D25-6A36-4189-B59C-E4815388E554}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>PolarSSL</RootNamespace>
+ <RootNamespace>mbedTLS</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -81,7 +81,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
@@ -96,7 +96,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
@@ -113,7 +113,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
@@ -131,7 +131,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
diff --git a/scripts/data_files/vs2010-sln-template.sln b/scripts/data_files/vs2010-sln-template.sln
index c4c8613..78dcde8 100644
--- a/scripts/data_files/vs2010-sln-template.sln
+++ b/scripts/data_files/vs2010-sln-template.sln
@@ -1,7 +1,7 @@
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual C++ Express 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PolarSSL", "PolarSSL.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
EndProject
APP_ENTRIES
Global
diff --git a/scripts/data_files/vs6-main-template.dsp b/scripts/data_files/vs6-main-template.dsp
index af4901f..dc728c4 100644
--- a/scripts/data_files/vs6-main-template.dsp
+++ b/scripts/data_files/vs6-main-template.dsp
@@ -1,24 +1,24 @@
-# Microsoft Developer Studio Project File - Name="polarssl" - Package Owner=<4>
+# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Static Library" 0x0104
-CFG=polarssl - Win32 Debug
+CFG=mbedtls - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
-!MESSAGE NMAKE /f "polarssl.mak".
+!MESSAGE NMAKE /f "mbedtls.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
-!MESSAGE NMAKE /f "polarssl.mak" CFG="polarssl - Win32 Debug"
+!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
-!MESSAGE "polarssl - Win32 Release" (based on "Win32 (x86) Static Library")
-!MESSAGE "polarssl - Win32 Debug" (based on "Win32 (x86) Static Library")
+!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library")
+!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library")
!MESSAGE
# Begin Project
@@ -28,7 +28,7 @@
CPP=cl.exe
RSC=rc.exe
-!IF "$(CFG)" == "polarssl - Win32 Release"
+!IF "$(CFG)" == "mbedtls - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
@@ -51,7 +51,7 @@
# ADD BASE LIB32 /nologo
# ADD LIB32 /nologo
-!ELSEIF "$(CFG)" == "polarssl - Win32 Debug"
+!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
@@ -78,8 +78,8 @@
# Begin Target
-# Name "polarssl - Win32 Release"
-# Name "polarssl - Win32 Debug"
+# Name "mbedtls - Win32 Release"
+# Name "mbedtls - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
new file mode 100755
index 0000000..8c53f09
--- /dev/null
+++ b/scripts/ecc-heap.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# Measure heap usage (and performance) of ECC operations with various values of
+# the relevant tunable compile-time parameters.
+#
+# Usage (preferably on a 32-bit platform):
+# cmake -D CMAKE_BUILD_TYPE=Release .
+# scripts/ecc-heap.sh | tee ecc-heap.log
+
+set -eu
+
+CONFIG_H='include/polarssl/config.h'
+
+if [ -r $CONFIG_H ]; then :; else
+ echo "$CONFIG_H not found" >&2
+ exit 1
+fi
+
+if grep -i cmake Makefile >/dev/null; then :; else
+ echo "Needs Cmake" >&2
+ exit 1
+fi
+
+if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
+ echo "config.h not clean" >&2
+ exit 1
+fi
+
+CONFIG_BAK=${CONFIG_H}.bak
+cp $CONFIG_H $CONFIG_BAK
+
+cat << EOF >$CONFIG_H
+#define POLARSSL_PLATFORM_C
+#define POLARSSL_PLATFORM_MEMORY
+#define POLARSSL_MEMORY_BUFFER_ALLOC_C
+#define POLARSSL_MEMORY_DEBUG
+
+#define POLARSSL_TIMING_C
+
+#define POLARSSL_BIGNUM_C
+#define POLARSSL_ECP_C
+#define POLARSSL_ASN1_PARSE_C
+#define POLARSSL_ASN1_WRITE_C
+#define POLARSSL_ECDSA_C
+#define POLARSSL_ECDH_C
+
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_M255_ENABLED
+
+#include "check_config.h"
+
+//#define POLARSSL_ECP_WINDOW_SIZE 6
+//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1
+EOF
+
+for F in 0 1; do
+ for W in 2 3 4 5 6; do
+ scripts/config.pl set POLARSSL_ECP_WINDOW_SIZE $W
+ scripts/config.pl set POLARSSL_ECP_FIXED_POINT_OPTIM $F
+ make benchmark >/dev/null 2>&1
+ echo "fixed point optim = $F, max window size = $W"
+ echo "--------------------------------------------"
+ programs/test/benchmark
+ done
+done
+
+# cleanup
+
+mv $CONFIG_BAK $CONFIG_H
+make clean
diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci
new file mode 100644
index 0000000..34cfd08
--- /dev/null
+++ b/scripts/find-mem-leak.cocci
@@ -0,0 +1,20 @@
+@@
+expression x, y;
+statement S;
+@@
+ x = polarssl_malloc(...);
+ y = polarssl_malloc(...);
+ ...
+* if (x == NULL || y == NULL)
+ S
+
+@@
+expression x, y;
+statement S;
+@@
+ if (
+* (x = polarssl_malloc(...)) == NULL
+ ||
+* (y = polarssl_malloc(...)) == NULL
+ )
+ S
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 0ee992d..c0d9685 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -46,7 +46,7 @@
$/ = $line_separator;
-open(GREP, "/bin/grep \"define POLARSSL_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!");
+open(GREP, "grep \"define POLARSSL_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!");
my $ll_old_define = "";
my $hl_old_define = "";
@@ -56,13 +56,22 @@
my $headers = "";
+my %error_codes_seen;
+
while (my $line = <GREP>)
{
next if ($line =~ /compat-1.2.h/);
my ($error_name, $error_code) = $line =~ /(POLARSSL_ERR_\w+)\s+\-(0x\w+)/;
my ($description) = $line =~ /\/\*\*< (.*?)\.? \*\//;
+
+ die "Duplicated error code: $error_code ($error_name)\n"
+ if( $error_codes_seen{$error_code}++ );
+
$description =~ s/\\/\\\\/g;
- $description = "DESCRIPTION MISSING" if ($description eq "");
+ if ($description eq "") {
+ $description = "DESCRIPTION MISSING";
+ warn "Missing description for $error_name\n";
+ }
my ($module_name) = $error_name =~ /^POLARSSL_ERR_([^_]+)/;
@@ -85,7 +94,7 @@
my $found_hl = grep $_ eq $module_name, @high_level_modules;
if (!$found_ll && !$found_hl)
{
- printf("Error: Do not know how to handle: $module_name\n");
+ polarssl_printf("Error: Do not know how to handle: $module_name\n");
exit 1;
}
@@ -143,14 +152,14 @@
{
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
"${white_space}\{\n".
- "${white_space} snprintf( buf, buflen, \"$module_name - $description\" );\n".
+ "${white_space} polarssl_snprintf( buf, buflen, \"$module_name - $description\" );\n".
"${white_space} return;\n".
"${white_space}}\n"
}
else
{
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
- "${white_space} snprintf( buf, buflen, \"$module_name - $description\" );\n"
+ "${white_space} polarssl_snprintf( buf, buflen, \"$module_name - $description\" );\n"
}
};
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index b6d04b4..ee94e35 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -25,8 +25,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "PolarSSL modules",
- "PolarSSL feature support" );
+my @sections = ( "System support", "mbed TLS modules",
+ "mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index f6bf25c..d6f7104 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -4,7 +4,7 @@
# - for VS6: main project (library) file, individual app files, workspace
# - for VS2010: main file, individual apps, solution file
#
-# Must be run from PolarSSL root or scripts directory.
+# Must be run from mbedTLS root or scripts directory.
# Takes no argument.
use warnings;
@@ -15,17 +15,17 @@
my $vs6_ext = "dsp";
my $vs6_app_tpl_file = "scripts/data_files/vs6-app-template.$vs6_ext";
my $vs6_main_tpl_file = "scripts/data_files/vs6-main-template.$vs6_ext";
-my $vs6_main_file = "$vs6_dir/polarssl.$vs6_ext";
+my $vs6_main_file = "$vs6_dir/mbedtls.$vs6_ext";
my $vs6_wsp_tpl_file = "scripts/data_files/vs6-workspace-template.dsw";
-my $vs6_wsp_file = "$vs6_dir/polarssl.dsw";
+my $vs6_wsp_file = "$vs6_dir/mbedtls.dsw";
my $vsx_dir = "visualc/VS2010";
my $vsx_ext = "vcxproj";
my $vsx_app_tpl_file = "scripts/data_files/vs2010-app-template.$vsx_ext";
my $vsx_main_tpl_file = "scripts/data_files/vs2010-main-template.$vsx_ext";
-my $vsx_main_file = "$vsx_dir/PolarSSL.$vsx_ext";
+my $vsx_main_file = "$vsx_dir/mbedTLS.$vsx_ext";
my $vsx_sln_tpl_file = "scripts/data_files/vs2010-sln-template.sln";
-my $vsx_sln_file = "$vsx_dir/PolarSSL.sln";
+my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
my $programs_dir = 'programs';
my $header_dir = 'include/polarssl';
@@ -51,7 +51,7 @@
Package=<4>\r
{{{\r
Begin Project Dependency\r
- Project_Dep_Name polarssl\r
+ Project_Dep_Name mbedtls\r
End Project Dependency\r
}}}\r
\r
@@ -115,7 +115,7 @@
sub gen_app_guid {
my ($path) = @_;
- my $guid = md5_hex( "PolarSSL:$path" );
+ my $guid = md5_hex( "mbedTLS:$path" );
$guid =~ s/(.{8})(.{4})(.{4})(.{4})(.{12})/\U{$1-$2-$3-$4-$5}/;
return $guid;
@@ -222,7 +222,7 @@
sub main {
if( ! check_dirs() ) {
chdir '..' or die;
- check_dirs or die "Must but run from PolarSSL root or scripts dir\n";
+ check_dirs or die "Must but run from mbedTLS root or scripts dir\n";
}
my @app_list = get_app_list();
diff --git a/scripts/malloc-init.pl b/scripts/malloc-init.pl
new file mode 100755
index 0000000..1fa1cf3
--- /dev/null
+++ b/scripts/malloc-init.pl
@@ -0,0 +1,70 @@
+#!/usr/bin/perl
+
+# Check for malloc calls not shortly followed by initialisation.
+#
+# Known limitations:
+# - false negative: can't see allocations spanning more than one line
+# - possible false negatives, see patterns
+# - false positive: malloc-malloc-init-init is not accepted
+# - false positives: "non-standard" init functions (eg, the things being
+# initialised is not the first arg, or initialise struct members)
+#
+# Since false positives are expected, the results must be manually reviewed.
+#
+# Typical usage: scripts/malloc-init.pl library/*.c
+
+use warnings;
+use strict;
+
+use utf8;
+use open qw(:std utf8);
+
+my $limit = 7;
+my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
+
+# cases to bear in mind:
+#
+# 0. foo = malloc(...); memset( foo, ... );
+# 1. *foo = malloc(...); memset( *foo, ... );
+# 2. type *foo = malloc(...); memset( foo, ...);
+# 3. foo = malloc(...); foo_init( (type *) foo );
+# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
+#
+# The chosen patterns are a bit relaxed, but unlikely to cause false positives
+# in real code (initialising *foo or &foo instead of foo will likely be caught
+# by functional tests).
+#
+my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
+my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
+
+my $name;
+my $line;
+my @bad;
+
+die "Usage: $0 file.c [...]\n" unless @ARGV;
+
+while (my $file = shift @ARGV)
+{
+ open my $fh, "<", $file or die "read $file failed: $!\n";
+ while (<$fh>)
+ {
+ if( /polarssl_malloc\(/ ) {
+ if( /$id\s*=.*polarssl_malloc\(/ ) {
+ push @bad, "$file:$line:$name" if $name;
+ $name = $1;
+ $line = $.;
+ } else {
+ push @bad, "$file:$.:???" unless /return polarssl_malloc/;
+ }
+ } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
+ undef $name;
+ } elsif( $name && $. - $line > $limit ) {
+ push @bad, "$file:$line:$name";
+ undef $name;
+ undef $line;
+ }
+ }
+ close $fh or die;
+}
+
+print "$_\n" for @bad;
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
new file mode 100755
index 0000000..d1ce4ca
--- /dev/null
+++ b/scripts/massif_max.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+
+# Parse a massif.out.xxx file and output peak total memory usage
+
+use warnings;
+use strict;
+
+use utf8;
+use open qw(:std utf8);
+
+die unless @ARGV == 1;
+
+my @snaps;
+open my $fh, '<', $ARGV[0] or die;
+{ local $/ = 'snapshot='; @snaps = <$fh>; }
+close $fh or die;
+
+my ($max, $max_heap, $max_he, $max_stack) = (0, 0, 0, 0);
+for (@snaps)
+{
+ my ($heap, $heap_extra, $stack) = m{
+ mem_heap_B=(\d+)\n
+ mem_heap_extra_B=(\d+)\n
+ mem_stacks_B=(\d+)
+ }xm;
+ next unless defined $heap;
+ my $total = $heap + $heap_extra + $stack;
+ if( $total > $max ) {
+ ($max, $max_heap, $max_he, $max_stack) = ($total, $heap, $heap_extra, $stack);
+ }
+}
+
+printf "$max (heap $max_heap+$max_he, stack $max_stack)\n";
diff --git a/scripts/memory.sh b/scripts/memory.sh
new file mode 100755
index 0000000..4b02a72
--- /dev/null
+++ b/scripts/memory.sh
@@ -0,0 +1,124 @@
+#!/bin/sh
+
+# Measure memory usage of a minimal client using a small configuration
+# Currently hardwired to ccm-psk and suite-b, may be expanded later
+#
+# Use different build options for measuring executable size and memory usage,
+# since for memory we want debug information.
+
+set -eu
+
+CONFIG_H='include/polarssl/config.h'
+
+CLIENT='mini_client'
+
+CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections -fdata-sections'
+CFLAGS_MEM=-g3
+
+if [ -r $CONFIG_H ]; then :; else
+ echo "$CONFIG_H not found" >&2
+ exit 1
+fi
+
+if grep -i cmake Makefile >/dev/null; then
+ echo "Not compatible with CMake" >&2
+ exit 1
+fi
+
+if [ $( uname ) != Linux ]; then
+ echo "Only work on Linux" >&2
+ exit 1
+fi
+
+if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
+ echo "config.h not clean" >&2
+ exit 1
+fi
+
+# make measurements with one configuration
+# usage: do_config <name> <unset-list> <server-args>
+do_config()
+{
+ NAME=$1
+ UNSET_LIST=$2
+ SERVER_ARGS=$3
+
+ echo ""
+ echo "config-$NAME:"
+ cp configs/config-$NAME.h $CONFIG_H
+ scripts/config.pl unset POLARSSL_SSL_SRV_C
+
+ for FLAG in $UNSET_LIST; do
+ scripts/config.pl unset $FLAG
+ done
+
+ printf " Executable size... "
+
+ make clean
+ CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os lib >/dev/null 2>&1
+ cd programs
+ CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null
+ strip ssl/$CLIENT
+ stat -c '%s' ssl/$CLIENT
+ cd ..
+
+ printf " Peak ram usage... "
+
+ make clean
+ CFLAGS=$CFLAGS_MEM make OFLAGS=-Os lib >/dev/null 2>&1
+ cd programs
+ CFLAGS=$CFLAGS_MEM make OFLAGS=-Os ssl/$CLIENT >/dev/null
+ cd ..
+
+ ./ssl_server2 $SERVER_ARGS >/dev/null &
+ SRV_PID=$!
+ sleep 1;
+
+ if valgrind --tool=massif --stacks=yes programs/ssl/$CLIENT >/dev/null 2>&1
+ then
+ FAILED=0
+ else
+ echo "client failed" >&2
+ FAILED=1
+ fi
+
+ kill $SRV_PID
+ wait $SRV_PID
+
+ scripts/massif_max.pl massif.out.*
+ mv massif.out.* massif-$NAME.$$
+}
+
+# preparation
+
+CONFIG_BAK=${CONFIG_H}.bak
+cp $CONFIG_H $CONFIG_BAK
+
+rm -f massif.out.*
+
+printf "building server... "
+
+make clean
+make lib >/dev/null 2>&1
+(cd programs && make ssl/ssl_server2) >/dev/null
+cp programs/ssl/ssl_server2 .
+
+echo "done"
+
+# actual measurements
+
+do_config "ccm-psk-tls1_2" \
+ "" \
+ "psk=000102030405060708090A0B0C0D0E0F"
+
+do_config "suite-b" \
+ "POLARSSL_BASE64_C POLARSSL_PEM_PARSE_C POLARSSL_CERTS_C" \
+ ""
+
+# cleanup
+
+mv $CONFIG_BAK $CONFIG_H
+make clean
+rm ssl_server2
+
+exit $FAILED
diff --git a/scripts/polarssl_symlinks.sh b/scripts/polarssl_symlinks.sh
new file mode 100755
index 0000000..a14ff32
--- /dev/null
+++ b/scripts/polarssl_symlinks.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Create libpolarssl.* symlinks in the given directory
+
+if [ $# -ne 1 ]; then
+ echo "Usage: $0 <target-directory>" >&2
+ exit 1
+fi
+
+if [ -d "$1" ]; then :; else
+ echo "$0: target directory must exist" >&2
+ exit 1
+fi
+
+if cd "$1"; then :; else
+ echo "$0: cd '$1' failed" >&2
+ exit 1
+fi
+
+if ls | grep 'libmbedtls\.' >/dev/null; then :; else
+ echo "$0: libmbedtls not found in target directory" >&2
+ exit 1
+fi
+
+for f in libmbedtls.*; do
+ ln -sf $f libpolarssl${f#libmbedtls}
+done
diff --git a/scripts/recursion.pl b/scripts/recursion.pl
new file mode 100755
index 0000000..2c39c14
--- /dev/null
+++ b/scripts/recursion.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+
+# Find functions making recursive calls to themselves.
+# (Multiple recursion where a() calls b() which calls a() not covered.)
+#
+# When the recursion depth might depend on data controlled by the attacker in
+# an unbounded way, those functions should use interation instead.
+#
+# Typical usage: scripts/recursion.pl library/*.c
+
+use warnings;
+use strict;
+
+use utf8;
+use open qw(:std utf8);
+
+# exclude functions that are ok:
+# - mpi_write_hlp: bounded by size of mpi, a compile-time constant
+# - x509_crt_verify_child: bounded by POLARSSL_X509_MAX_INTERMEDIATE_CA
+my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
+
+my $cur_name;
+my $inside;
+my @funcs;
+
+die "Usage: $0 file.c [...]\n" unless @ARGV;
+
+while (<>)
+{
+ if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
+ chomp( $cur_name = $_ ) unless $inside;
+ } elsif( /^{/ && $cur_name ) {
+ $inside = 1;
+ $cur_name =~ s/.* ([^ ]*)\(.*/$1/;
+ } elsif( /^}/ && $inside ) {
+ undef $inside;
+ undef $cur_name;
+ } elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
+ push @funcs, $cur_name unless /$known_ok/;
+ }
+}
+
+print "$_\n" for @funcs;
+exit @funcs;
diff --git a/scripts/rm-malloc-cast.cocci b/scripts/rm-malloc-cast.cocci
new file mode 100644
index 0000000..04893d9
--- /dev/null
+++ b/scripts/rm-malloc-cast.cocci
@@ -0,0 +1,7 @@
+@rm_malloc_cast@
+expression x, n;
+type T;
+@@
+ x =
+- (T *)
+ polarssl_malloc(n)
diff --git a/tests/.gitignore b/tests/.gitignore
index 6590f0f..3c9b0cf 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1,3 +1,6 @@
+*.sln
+*.vcxproj
+
*.log
/test_suite*
data_files/mpi_write
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 2e4d9d4..68e6707 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- polarssl
+ mbedtls
)
if(USE_PKCS11_HELPER_LIBRARY)
@@ -20,7 +20,7 @@
add_custom_command(
OUTPUT test_suite_${data_name}.c
COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name}
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl polarssl suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data
+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data
)
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
@@ -29,11 +29,7 @@
add_test(${data_name}-suite test_suite_${data_name})
endfunction(add_test_suite)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function -Wno-unused-value")
-set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wno-unused-function -Wno-unused-value")
-if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unreachable-code")
-endif(CMAKE_COMPILER_IS_CLANG)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
add_test_suite(aes aes.ecb)
add_test_suite(aes aes.cbc)
@@ -77,6 +73,7 @@
add_test_suite(hmac_shax)
add_test_suite(md)
add_test_suite(mdx)
+add_test_suite(memory_buffer_alloc)
add_test_suite(mpi)
add_test_suite(pbkdf2)
add_test_suite(pem)
diff --git a/tests/Makefile b/tests/Makefile
index c37b790..25b704a 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,72 +1,87 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
-# To compile on MinGW: add "-lws2_32" to LDFLAGS or define WINDOWS in your env
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
-CFLAGS += -I../include -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement \
- -Wno-unused-function -Wno-unused-value
+CFLAGS ?= -O2
+WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
+LDFLAGS ?=
-OFLAGS = -O2
-LDFLAGS += -L../library -lpolarssl $(SYS_LDFLAGS)
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS = -L../library -lmbedtls$(SHARED_SUFFIX)
+DLEXT=so
ifndef SHARED
-DEP=../library/libpolarssl.a
+DEP=../library/libmbedtls.a
CHECK_PRELOAD=
else
-DEP=../library/libpolarssl.so
-CHECK_PRELOAD= LD_PRELOAD=../library/libpolarssl.so
+DEP=../library/libmbedtls.$(DLEXT)
+CHECK_PRELOAD= LD_PRELOAD=../library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
-CFLAGS += -g3
+LOCAL_CFLAGS += -g3
endif
+#
+# if we running on Windows build
+# for Windows
+#
ifdef WINDOWS
-LDFLAGS += -lws2_32
+WINDOWS_BUILD=1
+endif
+
+ifdef WINDOWS_BUILD
+DLEXT=dll
+EXEXT=.exe
+LOCAL_LDFLAGS += -lws2_32
+ifdef SHARED
+SHARED_SUFFIX=.$(DLEXT)
+endif
endif
# Zlib shared library extensions:
ifdef ZLIB
-LDFLAGS += -lz
+LOCAL_LDFLAGS += -lz
endif
-APPS = test_suite_aes.ecb test_suite_aes.cbc \
- test_suite_aes.cfb test_suite_aes.rest \
- test_suite_arc4 test_suite_asn1write \
- test_suite_base64 test_suite_blowfish \
- test_suite_camellia test_suite_ccm \
- test_suite_cipher.aes \
- test_suite_cipher.arc4 test_suite_cipher.ccm \
- test_suite_cipher.gcm \
- test_suite_cipher.blowfish \
- test_suite_cipher.camellia \
- test_suite_cipher.des test_suite_cipher.null \
- test_suite_cipher.padding \
- test_suite_ctr_drbg test_suite_debug \
- test_suite_des test_suite_dhm \
- test_suite_ecdh test_suite_ecdsa \
- test_suite_ecp \
- test_suite_error test_suite_entropy \
- test_suite_gcm.aes128_de \
- test_suite_gcm.aes192_de \
- test_suite_gcm.aes256_de \
- test_suite_gcm.aes128_en \
- test_suite_gcm.aes192_en \
- test_suite_gcm.aes256_en \
- test_suite_gcm.camellia test_suite_hmac_shax \
- test_suite_hmac_drbg.misc \
- test_suite_hmac_drbg.no_reseed \
- test_suite_hmac_drbg.nopr \
- test_suite_hmac_drbg.pr \
- test_suite_md test_suite_mdx \
- test_suite_mpi test_suite_pbkdf2 \
- test_suite_pem \
- test_suite_pkcs1_v21 test_suite_pkcs5 \
- test_suite_pkparse test_suite_pkwrite \
- test_suite_pk \
- test_suite_rsa test_suite_shax \
- test_suite_x509parse test_suite_x509write \
- test_suite_xtea test_suite_version
+APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \
+ test_suite_aes.cfb$(EXEXT) test_suite_aes.rest$(EXEXT) \
+ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \
+ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \
+ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \
+ test_suite_cipher.aes$(EXEXT) \
+ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \
+ test_suite_cipher.gcm$(EXEXT) \
+ test_suite_cipher.blowfish$(EXEXT) \
+ test_suite_cipher.camellia$(EXEXT) \
+ test_suite_cipher.des$(EXEXT) test_suite_cipher.null$(EXEXT) \
+ test_suite_cipher.padding$(EXEXT) \
+ test_suite_ctr_drbg$(EXEXT) test_suite_debug$(EXEXT) \
+ test_suite_des$(EXEXT) test_suite_dhm$(EXEXT) \
+ test_suite_ecdh$(EXEXT) test_suite_ecdsa$(EXEXT) \
+ test_suite_ecp$(EXEXT) \
+ test_suite_error$(EXEXT) test_suite_entropy$(EXEXT) \
+ test_suite_gcm.aes128_de$(EXEXT) \
+ test_suite_gcm.aes192_de$(EXEXT) \
+ test_suite_gcm.aes256_de$(EXEXT) \
+ test_suite_gcm.aes128_en$(EXEXT) \
+ test_suite_gcm.aes192_en$(EXEXT) \
+ test_suite_gcm.aes256_en$(EXEXT) \
+ test_suite_gcm.camellia$(EXEXT) test_suite_hmac_shax$(EXEXT) \
+ test_suite_hmac_drbg.misc$(EXEXT) \
+ test_suite_hmac_drbg.no_reseed$(EXEXT) \
+ test_suite_hmac_drbg.nopr$(EXEXT) \
+ test_suite_hmac_drbg.pr$(EXEXT) \
+ test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \
+ test_suite_memory_buffer_alloc$(EXEXT) \
+ test_suite_mpi$(EXEXT) test_suite_pbkdf2$(EXEXT) \
+ test_suite_pem$(EXEXT) \
+ test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \
+ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \
+ test_suite_pk$(EXEXT) \
+ test_suite_rsa$(EXEXT) test_suite_shax$(EXEXT) \
+ test_suite_x509parse$(EXEXT) test_suite_x509write$(EXEXT) \
+ test_suite_xtea$(EXEXT) test_suite_version$(EXEXT)
.SILENT:
@@ -172,229 +187,233 @@
echo " Generate $@"
scripts/generate_code.pl suites $* $*
-test_suite_aes.ecb: test_suite_aes.ecb.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_aes.cbc: test_suite_aes.cbc.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_aes.cbc$(EXEXT): test_suite_aes.cbc.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_aes.cfb: test_suite_aes.cfb.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_aes.cfb$(EXEXT): test_suite_aes.cfb.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_aes.rest: test_suite_aes.rest.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_aes.rest$(EXEXT): test_suite_aes.rest.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_arc4: test_suite_arc4.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_arc4$(EXEXT): test_suite_arc4.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_asn1write: test_suite_asn1write.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_asn1write$(EXEXT): test_suite_asn1write.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_base64: test_suite_base64.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_base64$(EXEXT): test_suite_base64.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_blowfish: test_suite_blowfish.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_blowfish$(EXEXT): test_suite_blowfish.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_camellia: test_suite_camellia.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_camellia$(EXEXT): test_suite_camellia.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_ccm: test_suite_ccm.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.aes: test_suite_cipher.aes.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.arc4: test_suite_cipher.arc4.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.arc4$(EXEXT): test_suite_cipher.arc4.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.ccm: test_suite_cipher.ccm.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.ccm$(EXEXT): test_suite_cipher.ccm.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.gcm: test_suite_cipher.gcm.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.gcm$(EXEXT): test_suite_cipher.gcm.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.blowfish: test_suite_cipher.blowfish.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.blowfish$(EXEXT): test_suite_cipher.blowfish.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.camellia: test_suite_cipher.camellia.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.camellia$(EXEXT): test_suite_cipher.camellia.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.des: test_suite_cipher.des.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.des$(EXEXT): test_suite_cipher.des.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.null: test_suite_cipher.null.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.null$(EXEXT): test_suite_cipher.null.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_cipher.padding: test_suite_cipher.padding.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_cipher.padding$(EXEXT): test_suite_cipher.padding.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_ctr_drbg: test_suite_ctr_drbg.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_ctr_drbg$(EXEXT): test_suite_ctr_drbg.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_des: test_suite_des.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_des$(EXEXT): test_suite_des.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_dhm: test_suite_dhm.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_dhm$(EXEXT): test_suite_dhm.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_ecdh: test_suite_ecdh.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_ecdh$(EXEXT): test_suite_ecdh.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_ecdsa: test_suite_ecdsa.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_ecdsa$(EXEXT): test_suite_ecdsa.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_ecp: test_suite_ecp.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_ecp$(EXEXT): test_suite_ecp.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_entropy: test_suite_entropy.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_entropy$(EXEXT): test_suite_entropy.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_error: test_suite_error.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_error$(EXEXT): test_suite_error.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes128_de: test_suite_gcm.aes128_de.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes128_de$(EXEXT): test_suite_gcm.aes128_de.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes192_de: test_suite_gcm.aes192_de.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes192_de$(EXEXT): test_suite_gcm.aes192_de.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes256_de: test_suite_gcm.aes256_de.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes256_de$(EXEXT): test_suite_gcm.aes256_de.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes128_en: test_suite_gcm.aes128_en.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes128_en$(EXEXT): test_suite_gcm.aes128_en.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes192_en: test_suite_gcm.aes192_en.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes192_en$(EXEXT): test_suite_gcm.aes192_en.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.aes256_en: test_suite_gcm.aes256_en.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.aes256_en$(EXEXT): test_suite_gcm.aes256_en.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_gcm.camellia: test_suite_gcm.camellia.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_gcm.camellia$(EXEXT): test_suite_gcm.camellia.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_hmac_drbg.misc: test_suite_hmac_drbg.misc.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_hmac_drbg.misc$(EXEXT): test_suite_hmac_drbg.misc.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_hmac_drbg.no_reseed: test_suite_hmac_drbg.no_reseed.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_hmac_drbg.no_reseed$(EXEXT): test_suite_hmac_drbg.no_reseed.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_hmac_drbg.nopr: test_suite_hmac_drbg.nopr.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_hmac_drbg.nopr$(EXEXT): test_suite_hmac_drbg.nopr.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_hmac_drbg.pr: test_suite_hmac_drbg.pr.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_hmac_drbg.pr$(EXEXT): test_suite_hmac_drbg.pr.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_hmac_shax: test_suite_hmac_shax.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_hmac_shax$(EXEXT): test_suite_hmac_shax.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_md: test_suite_md.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_md$(EXEXT): test_suite_md.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_mdx: test_suite_mdx.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_mdx$(EXEXT): test_suite_mdx.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_mpi: test_suite_mpi.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_memory_buffer_alloc$(EXEXT): test_suite_memory_buffer_alloc.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pbkdf2: test_suite_pbkdf2.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_mpi$(EXEXT): test_suite_mpi.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pem: test_suite_pem.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pbkdf2$(EXEXT): test_suite_pbkdf2.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pkcs1_v21: test_suite_pkcs1_v21.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pem$(EXEXT): test_suite_pem.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pkcs5: test_suite_pkcs5.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pkparse: test_suite_pkparse.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pkcs5$(EXEXT): test_suite_pkcs5.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pkwrite: test_suite_pkwrite.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pkparse$(EXEXT): test_suite_pkparse.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_pk: test_suite_pk.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pkwrite$(EXEXT): test_suite_pkwrite.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_rsa: test_suite_rsa.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_pk$(EXEXT): test_suite_pk.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_shax: test_suite_shax.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_rsa$(EXEXT): test_suite_rsa.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_x509parse: test_suite_x509parse.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_shax$(EXEXT): test_suite_shax.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_x509write: test_suite_x509write.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_x509parse$(EXEXT): test_suite_x509parse.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_xtea: test_suite_xtea.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_x509write$(EXEXT): test_suite_x509write.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_debug: test_suite_debug.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_xtea$(EXEXT): test_suite_xtea.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_version: test_suite_version.c $(DEP)
- echo " CC $@.c"
- $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+test_suite_debug$(EXEXT): test_suite_debug.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test_suite_version$(EXEXT): test_suite_version.c $(DEP)
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
clean:
ifndef WINDOWS
@@ -412,9 +431,9 @@
do \
echo " - $${i}"; \
RESULT=`$(CHECK_PRELOAD) ./$${i} | grep -v 'PASS$$' | grep -v -- '----' | grep -v '^$$'`; \
- FAILED=`echo $$RESULT |grep FAILED`; \
+ PASSED=`echo $$RESULT |grep PASSED`; \
echo " $$RESULT"; \
- if [ "$$FAILED" != "" ]; \
+ if [ "x$$PASSED" = "x" ]; \
then \
echo "**** Failed ***************"; \
RETURN=1; \
diff --git a/tests/compat.sh b/tests/compat.sh
index 861d20e..5a3c222 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -26,14 +26,19 @@
# do we have a recent enough GnuTLS?
if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null; then
- eval $( $GNUTLS_CLI --version | head -n1 | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
- if [ $MAJOR -lt 3 -o \
- \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
- \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
- then
- PEER_GNUTLS=""
- else
+ G_VER="$( $GNUTLS_CLI --version | head -n1 )"
+ if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version
PEER_GNUTLS=" GnuTLS"
+ else
+ eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
+ if [ $MAJOR -lt 3 -o \
+ \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
+ \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
+ then
+ PEER_GNUTLS=""
+ else
+ PEER_GNUTLS=" GnuTLS"
+ fi
fi
else
PEER_GNUTLS=""
@@ -44,23 +49,23 @@
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
-EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (PolarSSL), DES-CBC3 (OpenSSL)
+EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
VERBOSE=""
MEMCHECK=0
-PEERS="OpenSSL$PEER_GNUTLS PolarSSL"
+PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
print_usage() {
echo "Usage: $0"
- echo -e " -h|--help\tPrint this help."
- echo -e " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')"
- echo -e " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')"
- echo -e " -m|--modes\tWhich modes to perform (Default: '$MODES')"
- echo -e " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')"
- echo -e " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')"
- echo -e " -p|--peers\tWhich peers to use (Default: '$PEERS')"
- echo -e " \tAlso available: GnuTLS (needs v3.2.15 or higher)"
- echo -e " -M|--memcheck\tCheck memory leaks and errors."
- echo -e " -v|--verbose\tSet verbose output."
+ printf " -h|--help\tPrint this help.\n"
+ printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n"
+ printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n"
+ printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n"
+ printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n"
+ printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n"
+ printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n"
+ printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
+ printf " -M|--memcheck\tCheck memory leaks and errors.\n"
+ printf " -v|--verbose\tSet verbose output.\n"
}
get_options() {
@@ -102,6 +107,10 @@
esac
shift
done
+
+ # sanitize some options (modes checked later)
+ VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )"
+ TYPES="$( echo $TYPES | tr [a-z] [A-Z] )"
}
log() {
@@ -121,7 +130,7 @@
done
# normalize whitespace
- echo "$NEW_LIST" | sed -e 's/[[:space:]]\+/ /g' -e 's/^ //' -e 's/ $//'
+ echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//'
}
filter_ciphersuites()
@@ -667,10 +676,10 @@
exit 1;
esac
- P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
+ P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http"
- G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+ G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
P_CLIENT_ARGS="server_port=$PORT force_version=$MODE"
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
@@ -765,7 +774,7 @@
[Gg]nu*)
SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
;;
- [Pp]olar*)
+ mbed*)
SERVER_CMD="$P_SRV $P_SERVER_ARGS"
if [ "$MEMCHECK" -gt 0 ]; then
SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
@@ -834,9 +843,9 @@
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
TITLE="$TITLE $MODE,$VERIF $2"
- echo -n "$TITLE "
+ printf "$TITLE "
LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
- for i in `seq 1 $LEN`; do echo -n '.'; done; echo -n ' '
+ for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
# run the command and interpret result
case $1 in
@@ -880,7 +889,7 @@
fi
;;
- [Pp]olar*)
+ mbed*)
CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
if [ "$MEMCHECK" -gt 0 ]; then
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
@@ -946,6 +955,11 @@
# MAIN
#
+if cd $( dirname $0 ); then :; else
+ echo "cd $( dirname $0 ) failed" >&2
+ exit 1
+fi
+
get_options "$@"
# sanity checks, avoid an avalanche of errors
@@ -976,7 +990,7 @@
for PEER in $PEERS; do
case "$PEER" in
- [Pp]olar*|[Oo]pen*|[Gg]nu*)
+ mbed*|[Oo]pen*|[Gg]nu*)
;;
*)
echo "Unknown peers: $PEER" >&2
@@ -1020,13 +1034,13 @@
if [ "X" != "X$P_CIPHERS" ]; then
start_server "OpenSSL"
for i in $P_CIPHERS; do
- run_client PolarSSL $i
+ run_client mbedTLS $i
done
stop_server
fi
if [ "X" != "X$O_CIPHERS" ]; then
- start_server "PolarSSL"
+ start_server "mbedTLS"
for i in $O_CIPHERS; do
run_client OpenSSL $i
done
@@ -1045,13 +1059,13 @@
if [ "X" != "X$P_CIPHERS" ]; then
start_server "GnuTLS"
for i in $P_CIPHERS; do
- run_client PolarSSL $i
+ run_client mbedTLS $i
done
stop_server
fi
if [ "X" != "X$G_CIPHERS" ]; then
- start_server "PolarSSL"
+ start_server "mbedTLS"
for i in $G_CIPHERS; do
run_client GnuTLS $i
done
@@ -1060,7 +1074,7 @@
;;
- [Pp]olar*)
+ mbed*)
reset_ciphersuites
add_common_ciphersuites
@@ -1070,9 +1084,9 @@
filter_ciphersuites
if [ "X" != "X$P_CIPHERS" ]; then
- start_server "PolarSSL"
+ start_server "mbedTLS"
for i in $P_CIPHERS; do
- run_client PolarSSL $i
+ run_client mbedTLS $i
done
stop_server
fi
@@ -1095,9 +1109,9 @@
if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
then
- echo -n "FAILED"
+ printf "FAILED"
else
- echo -n "PASSED"
+ printf "PASSED"
fi
if [ "$MEMCHECK" -gt 0 ]; then
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
new file mode 100644
index 0000000..2077f3a
--- /dev/null
+++ b/tests/data_files/Readme-x509.txt
@@ -0,0 +1,85 @@
+This documents the X.509 CAs, certificates, and CRLS used for testing.
+
+Certification authorities
+-------------------------
+
+There are two main CAs for use as trusted roots:
+- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
+ uses a RSA-2048 key
+- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
+ uses an EC key with NIST P-384 (aka secp384r1)
+ variants used to test the keyUsage extension
+The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.
+
+Two intermediate CAs are signed by them:
+- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
+ uses RSA-4096, signed by test-ca2
+- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
+ uses an EC key with NIST P-256, signed by test-ca
+
+Finally, other CAs for specific purposes:
+- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
+ enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
+- test-ca-v1.crt: v1 "CA", signs
+ server1-v1.crt: v1 "intermediate CA", signs
+ server2-v1*.crt: EE cert (without of with chain in same file)
+
+End-entity certificates
+-----------------------
+
+Short information fields:
+
+- name or pattern
+- issuing CA: 1 -> test-ca.crt
+ 2 -> test-ca2.crt
+ I1 -> test-int-ca.crt
+ I2 -> test-int-ca2.crt
+ O -> other
+- key type: R -> RSA, E -> EC
+- C -> there is a CRL revoking this cert (see below)
+- L -> CN=localhost (useful for local test servers)
+- P1, P2 if the file include parent (resp. parent + grandparent)
+- free-form comments
+
+List of certificates:
+
+- cert_example_multi*.crt: 1/O R: subjectAltName
+- cert_example_wildcard.crt: 1 R: wildcard in subject's CN
+- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
+- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
+- cli2.crt: 2 E: basic
+- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
+- server1*.crt: 1* R C*: misc *(server1-v1 see test-ca-v1.crt above)
+ *CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
+- server2-v1*.crt: O R: see test-ca-v1.crt above
+- server2*.crt: 1 R L: misc
+- server3.crt: 1 E L: EC cert signed by RSA CA
+- server4.crt: 2 R L: RSA cert signed by EC CA
+- server5*.crt: 2* E L: misc *(except server5-selfsigned)
+ -sha*: hashes
+ -eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
+ -ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
+- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
+- server6.crt, server6.pem: 2 E L C: revoked
+- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *(except 7.crt)
+ *_space: with PEM error(s)
+- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
+- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
+ *CRL for: 9.crt, -badsign, -with-ca (P1)
+
+Certificate revocation lists
+----------------------------
+
+Signing CA in parentheses (same meaning as certificates).
+
+- crl-ec-sha*: (2) server6.crt
+- crl-future.pem: (2) server6.crt + unknown
+- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
+- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
+- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
+- crt_cat_*.pem: (1+2) concatenations in various orders:
+ ec = crl-ec-sha256.pem, ecfut = crl-future.pem
+ rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
+
+Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
+ crl-rsa-pss* would revoke server6.crt if signed by CA 2
diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/bitstring-in-dn.pem
new file mode 100644
index 0000000..1a98aa3
--- /dev/null
+++ b/tests/data_files/bitstring-in-dn.pem
@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0
+IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG
+9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp
+dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC
+WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD
+QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs
+ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk
+V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT
+SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb
+EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe
+J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt
+tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd
+iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j
+cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA
+A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/
+A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G
+tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML
+pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE
+ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR
+5RbzoLMOxq7hoOCyIaQeM/wgxeGE
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri
+gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2
+XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P
+NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA
+u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j
+Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v
+OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8
+2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I
+DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE
+FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq
++Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz
+19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR
+iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL
+SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO
+/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp
+HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr
+QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr
+JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP
+GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e
++KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU
+DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe
+FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx
+FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/
+70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an
+N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg==
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem
new file mode 100644
index 0000000..3cda8ff
--- /dev/null
+++ b/tests/data_files/crl_cat_ec-rsa.pem
@@ -0,0 +1,21 @@
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
+OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
+dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
+//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
+yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
+NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
+5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_ecfut-rsa.pem b/tests/data_files/crl_cat_ecfut-rsa.pem
new file mode 100644
index 0000000..87b8c29
--- /dev/null
+++ b/tests/data_files/crl_cat_ecfut-rsa.pem
@@ -0,0 +1,22 @@
+-----BEGIN X509 CRL-----
+MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
+MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
+DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
++zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
+BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
+MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
+or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
++cE+lWxhCQ==
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
+OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
+dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
+//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
+yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
+NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
+5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem
new file mode 100644
index 0000000..ded369d
--- /dev/null
+++ b/tests/data_files/crl_cat_rsa-ec.pem
@@ -0,0 +1,21 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
+OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
+dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
+//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
+yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
+NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
+5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_rsabadpem-ec.pem b/tests/data_files/crl_cat_rsabadpem-ec.pem
new file mode 100644
index 0000000..a035e18
--- /dev/null
+++ b/tests/data_files/crl_cat_rsabadpem-ec.pem
@@ -0,0 +1,21 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
+OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
+dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
+//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
+yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
+NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
+5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
diff --git a/tests/data_files/crt_cat_rsaexp-ec.pem b/tests/data_files/crt_cat_rsaexp-ec.pem
new file mode 100644
index 0000000..4f74c9a
--- /dev/null
+++ b/tests/data_files/crt_cat_rsaexp-ec.pem
@@ -0,0 +1,21 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx
+OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir
+jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct
+wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ
+SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS
+IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k
+OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA=
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
diff --git a/tests/data_files/dh.optlen.pem b/tests/data_files/dh.optlen.pem
new file mode 100644
index 0000000..ee1e29b
--- /dev/null
+++ b/tests/data_files/dh.optlen.pem
@@ -0,0 +1,58 @@
+
+Recommended key length: 256 bits
+
+generator:
+ 80:0a:bf:e7:dc:66:7a:a1:7b:cd:7c:04:61:4b:c2:
+ 21:a6:54:82:cc:c0:4b:60:46:02:b0:e1:31:90:8a:
+ 93:8e:a1:1b:48:dc:51:5d:ab:7a:bc:bb:1e:0c:7f:
+ d6:65:11:ed:c0:d8:65:51:b7:63:24:96:e0:3d:f9:
+ 43:57:e1:c4:ea:07:a7:ce:1e:38:1a:2f:ca:fd:ff:
+ 5f:5b:f0:0d:f8:28:80:60:20:e8:75:c0:09:26:e4:
+ d0:11:f8:84:77:a1:b0:19:27:d7:38:13:ca:d4:84:
+ 7c:63:96:b9:24:46:21:be:2b:00:b6:3c:65:92:53:
+ 31:84:13:44:3c:d2:44:21:5c:d7:fd:4c:be:79:6e:
+ 82:c6:cf:70:f8:9c:c0:c5:28:fb:8e:34:48:09:b3:
+ 18:76:e7:ef:73:9d:51:60:d0:95:c9:68:41:88:b0:
+ c8:75:5c:7a:46:8d:47:f5:6d:6d:b9:ea:01:29:24:
+ ec:b0:55:6f:b7:13:12:a8:d7:c9:3b:b2:89:8e:a0:
+ 8e:e5:4e:eb:59:45:48:28:5f:06:a9:73:cb:be:2a:
+ 0c:b0:2e:90:f3:23:fe:04:55:21:f3:4c:68:35:4a:
+ 6d:3e:95:db:ff:f1:eb:64:69:2e:dc:0a:44:f3:d3:
+ e4:08:d0:e4:79:a5:41:e7:79:a6:05:42:59:e2:d8:
+ 54:
+
+prime:
+ b3:12:6a:ea:f4:71:53:c7:d6:7f:40:30:30:b2:92:
+ b5:bd:5a:6c:9e:ae:1c:13:7a:f3:40:87:fc:e2:a3:
+ 6a:57:8d:70:c5:c5:60:ad:2b:db:92:4c:4a:4d:be:
+ e2:0a:16:71:be:71:03:ce:87:de:fa:76:90:89:36:
+ 80:3d:be:ca:60:c3:3e:12:89:c1:a0:3a:c2:c6:c4:
+ e4:94:05:e5:90:2f:a0:59:6a:1c:ba:a8:95:cc:40:
+ 2d:52:13:ed:4a:5f:1f:5b:a8:b5:e1:ed:3d:a9:51:
+ a4:c4:75:af:eb:0c:a6:60:b7:36:8c:38:c8:e8:09:
+ f3:82:d9:6a:e1:9e:60:dc:98:4e:61:cb:42:b5:df:
+ d7:23:32:2a:cf:32:7f:9e:41:3c:da:64:00:c1:5c:
+ 5b:2e:a1:fa:34:40:5d:83:98:2f:ba:40:e6:d8:52:
+ da:3d:91:01:9b:f2:35:11:31:42:54:dc:21:1a:90:
+ 83:3e:5b:17:98:ee:52:a7:81:98:c5:55:64:47:29:
+ ad:92:f0:60:36:7c:74:de:d3:77:04:ad:fc:27:3a:
+ 4a:33:fe:c8:21:bd:2e:bd:3b:c0:51:73:0e:97:a4:
+ dd:14:d2:b7:66:06:25:92:f5:ee:c0:9d:16:bb:50:
+ ef:eb:f2:cc:00:dd:3e:0e:34:18:e6:0e:c8:48:70:
+ f7:
+
+
+-----BEGIN DH PARAMETERS-----
+MIICDgKCAQEAsxJq6vRxU8fWf0AwMLKStb1abJ6uHBN680CH/OKjaleNcMXFYK0r
+25JMSk2+4goWcb5xA86H3vp2kIk2gD2+ymDDPhKJwaA6wsbE5JQF5ZAvoFlqHLqo
+lcxALVIT7UpfH1uoteHtPalRpMR1r+sMpmC3Now4yOgJ84LZauGeYNyYTmHLQrXf
+1yMyKs8yf55BPNpkAMFcWy6h+jRAXYOYL7pA5thS2j2RAZvyNRExQlTcIRqQgz5b
+F5juUqeBmMVVZEcprZLwYDZ8dN7TdwSt/Cc6SjP+yCG9Lr07wFFzDpek3RTSt2YG
+JZL17sCdFrtQ7+vyzADdPg40GOYOyEhw9wKCAQEAgAq/59xmeqF7zXwEYUvCIaZU
+gszAS2BGArDhMZCKk46hG0jcUV2rery7Hgx/1mUR7cDYZVG3YySW4D35Q1fhxOoH
+p84eOBovyv3/X1vwDfgogGAg6HXACSbk0BH4hHehsBkn1zgTytSEfGOWuSRGIb4r
+ALY8ZZJTMYQTRDzSRCFc1/1MvnlugsbPcPicwMUo+440SAmzGHbn73OdUWDQlclo
+QYiwyHVcekaNR/VtbbnqASkk7LBVb7cTEqjXyTuyiY6gjuVO61lFSChfBqlzy74q
+DLAukPMj/gRVIfNMaDVKbT6V2//x62RpLtwKRPPT5AjQ5HmlQed5pgVCWeLYVAIC
+AQA=
+-----END DH PARAMETERS-----
diff --git a/tests/data_files/ec_prv.noopt.der b/tests/data_files/ec_prv.noopt.der
new file mode 100644
index 0000000..fde16a1
--- /dev/null
+++ b/tests/data_files/ec_prv.noopt.der
Binary files differ
diff --git a/tests/data_files/server6.pem b/tests/data_files/server6.pem
deleted file mode 100644
index f78cb10..0000000
--- a/tests/data_files/server6.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x
-MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1
-1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J
-AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk
-QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
-bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq
-PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl
-LA==
------END CERTIFICATE-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 38ea628..c083924 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -6,14 +6,14 @@
# CMake configuration. After this script is run, the CMake cache is lost and
# CMake is not initialised any more!
#
-# Assumes gcc and clang (recent enough for using ASan) are available,
-# as well as cmake and valgrind.
+# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with
+# clang, or valgrind) are available, as well as cmake and a "good" find.
# Abort on errors (and uninitiliased variables)
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from PolarSSL root" >&2
+ echo "Must be run from mbed TLS root" >&2
exit 1
fi
@@ -24,11 +24,8 @@
while [ $# -gt 0 ]; do
case "$1" in
- -m1)
- MEMORY=1
- ;;
- -m2)
- MEMORY=2
+ -m*)
+ MEMORY=${1#-m}
;;
*)
echo "Unknown argument: '$1'" >&2
@@ -44,7 +41,7 @@
{
make clean
- find -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+
+ find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+
rm -f include/Makefile include/polarssl/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
@@ -60,94 +57,206 @@
{
echo ""
echo "******************************************************************"
- echo "* $1"
+ echo "* $1 "
+ printf "* "; date
echo "******************************************************************"
}
# The test ordering tries to optimize for the following criteria:
-# 1. Catch possible problems early, by running first test that run quickly
+# 1. Catch possible problems early, by running first tests that run quickly
# and/or are more likely to fail than others (eg I use Clang most of the
# time, so start with a GCC build).
# 2. Minimize total running time, by avoiding useless rebuilds
#
# Indicative running times are given for reference.
-msg "build: cmake, -Werror (gcc)" # ~ 1 min
+msg "test: recursion.pl" # < 1s
+scripts/recursion.pl library/*.c
+
+msg "test: freshness of generated source files" # < 1s
+tests/scripts/check-generated-files.sh
+
+msg "build: cmake, gcc, ASan" # ~ 1 min 50s
cleanup
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
-msg "test: main suites with valgrind" # ~ 2 min 10s
-make memcheck
+msg "test: main suites and selftest (ASan build)" # ~ 50s
+make test
+programs/test/selftest
-msg "build: with ASan (clang)" # ~ 1 min
-cleanup
-CC=clang cmake -D CMAKE_BUILD_TYPE:String=ASan .
-make
-
-msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 10s
+msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
cd tests
./ssl-opt.sh
cd ..
-msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s
-make test
-programs/test/selftest
-
-msg "test: ref-configs (ASan build)" # ~ 4 min 45 s
+msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
tests/scripts/test-ref-configs.pl
-# Most issues are likely to be caught at this point
+# Most frequent issues are likely to be caught at this point
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
make
-msg "test: compat.sh (ASan build)" # ~ 7 min 30s
+msg "test: compat.sh (ASan build)" # ~ 6 min
cd tests
./compat.sh
cd ..
-msg "build: cmake, full config" # ~ 40s
+msg "build: cmake, full config, clang" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # too slow for tests
-cmake -D CMAKE_BUILD_TYPE:String=Check .
+CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
make
-msg "test: main suites (full config)"
+msg "test: main suites (full config)" # ~ 5s
make test
-msg "test: ssl-opt.sh default (full config)"
+msg "test: ssl-opt.sh default (full config)" # ~ 1s
cd tests
./ssl-opt.sh -f Default
cd ..
-msg "test: compat.sh 3DES & NULL (full config)"
+msg "test: compat.sh DES & NULL (full config)" # ~ 2 min
cd tests
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
cd ..
-msg "build: Unix make, -O2 (gcc)" # ~ 30s
+msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
cleanup
-CC=gcc make
+cmake -D CMAKE_BUILD_TYPE:String=Debug .
+tests/scripts/curves.pl
-# Optional parts that take a long time to run
+msg "build: Unix make, -Os (gcc)" # ~ 30s
+cleanup
+CC=gcc CFLAGS='-Werror -Os' make
-if [ "$MEMORY" -ge 1 ]; then
- msg "test: ssl-opt --memcheck (-02 build)" # ~ 8 min
+# this is meant to cath missing #define polarssl_printf etc
+# disable fsio to catch some more missing #include <stdio.h>
+msg "build: full config except platform/fsio, make, gcc" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset POLARSSL_PLATFORM_C
+scripts/config.pl unset POLARSSL_PLATFORM_MEMORY
+scripts/config.pl unset POLARSSL_MEMORY_C
+scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C
+scripts/config.pl unset POLARSSL_FS_IO
+CC=gcc CFLAGS='-Werror -O0' make
+
+if uname -a | grep -F x86_64 >/dev/null; then
+msg "build: i386, make, gcc" # ~ 30s
+cleanup
+CC=gcc CFLAGS='-Werror -m32' make
+fi # x86_64
+
+if which arm-none-eabi-gcc >/dev/null; then
+msg "build: arm-none-eabi-gcc, make" # ~ 10s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset POLARSSL_NET_C
+scripts/config.pl unset POLARSSL_TIMING_C
+scripts/config.pl unset POLARSSL_FS_IO
+# following things are not in the default config
+scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
+scripts/config.pl unset POLARSSL_THREADING_PTHREAD
+scripts/config.pl unset POLARSSL_THREADING_C
+scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
+scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
+CC=arm-none-eabi-gcc CFLAGS=-Werror make lib
+fi # arm-gcc
+
+if which armcc >/dev/null; then
+msg "build: armcc, make"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset POLARSSL_NET_C
+scripts/config.pl unset POLARSSL_TIMING_C
+scripts/config.pl unset POLARSSL_FS_IO
+scripts/config.pl unset POLARSSL_HAVE_TIME
+# following things are not in the default config
+scripts/config.pl unset POLARSSL_DEPRECATED_WARNING
+scripts/config.pl unset POLARSSL_HAVEGE_C # depends on timing.c
+scripts/config.pl unset POLARSSL_THREADING_PTHREAD
+scripts/config.pl unset POLARSSL_THREADING_C
+scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # execinfo.h
+scripts/config.pl unset POLARSSL_MEMORY_BUFFER_ALLOC_C # calls exit
+CC=armcc WARNING_CFLAGS= make lib 2> armcc.stderr
+if [ -s armcc.stderr ]; then
+ cat armcc.stderr
+ exit 1;
+fi
+rm armcc.stderr
+fi # armcc
+
+if which i686-w64-mingw32-gcc >/dev/null; then
+msg "build: cross-mingw64, make" # ~ 30s
+cleanup
+CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS=-Werror WINDOWS_BUILD=1 make
+fi
+
+# MemSan currently only available on Linux 64 bits
+if uname -a | grep 'Linux.*x86_64' >/dev/null; then
+
+msg "build: MSan (clang)" # ~ 1 min 20s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl unset POLARSSL_AESNI_C # memsan doesn't grok asm
+scripts/config.pl set POLARSSL_NO_PLATFORM_ENTROPY # memsan vs getrandom()
+CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
+make
+
+msg "test: main suites (MSan)" # ~ 10s
+make test
+
+msg "test: ssl-opt.sh (MSan)" # ~ 1 min
+cd tests
+./ssl-opt.sh
+cd ..
+
+# Optional part(s)
+
+if [ "$MEMORY" -gt 0 ]; then
+ msg "test: compat.sh (MSan)" # ~ 6 min 20s
+ cd tests
+ ./compat.sh
+ cd ..
+fi
+
+else # no MemSan
+
+msg "build: Release (clang)"
+cleanup
+CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
+make
+
+msg "test: main suites valgrind (Release)"
+make test
+
+# Optional part(s)
+# Currently broken, programs don't seem to receive signals
+# under valgrind on OS X
+
+if [ "$MEMORY" -gt 0 ]; then
+ msg "test: ssl-opt.sh --memcheck (Release)"
cd tests
./ssl-opt.sh --memcheck
cd ..
-
- if [ "$MEMORY" -ge 2 ]; then
- msg "test: compat --memcheck (-02 build)" # ~ 42 min
- cd tests
- ./compat.sh --memcheck
- cd ..
- fi
fi
-echo "Done."
+if [ "$MEMORY" -gt 1 ]; then
+ msg "test: compat.sh --memcheck (Release)"
+ cd tests
+ ./compat.sh --memcheck
+ cd ..
+fi
+
+fi # MemSan
+
+msg "Done, cleaning up"
cleanup
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
new file mode 100755
index 0000000..0400bc7
--- /dev/null
+++ b/tests/scripts/check-generated-files.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# check if generated files are up-to-date
+
+set -eu
+
+if [ -d library -a -d include -a -d tests ]; then :; else
+ echo "Must be run from mbed TLS root" >&2
+ exit 1
+fi
+
+check()
+{
+ FILE=$1
+ SCRIPT=$2
+
+ cp $FILE $FILE.bak
+ $SCRIPT
+ diff $FILE $FILE.bak
+ mv $FILE.bak $FILE
+}
+
+check library/error.c scripts/generate_errors.pl
+check library/version_features.c scripts/generate_features.pl
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
new file mode 100755
index 0000000..1f489a3
--- /dev/null
+++ b/tests/scripts/curves.pl
@@ -0,0 +1,45 @@
+#!/usr/bin/perl
+
+# test dependencies on individual curves in tests
+# - build
+# - run test suite
+#
+# Usage: tests/scripts/curves.pl
+
+use warnings;
+use strict;
+
+-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
+
+my $sed_cmd = 's/^#define \(POLARSSL_ECP_DP.*_ENABLED\)/\1/p';
+my $config_h = 'include/polarssl/config.h';
+my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
+
+my $test = system( "grep -i cmake Makefile >/dev/null" ) ? 'check' : 'test';
+
+system( "cp $config_h $config_h.bak" ) and die;
+sub abort {
+ system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
+ die $_[0];
+}
+
+for my $curve (@curves) {
+ system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
+ system( "make clean" ) and die;
+
+ print "\n******************************************\n";
+ print "* Testing without curve: $curve\n";
+ print "******************************************\n";
+
+ system( "scripts/config.pl unset $curve" )
+ and abort "Failed to disable $curve\n";
+
+ system( "make polarssl" ) and abort "Failed to build lib: $curve\n";
+ system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
+ system( "make $test" ) and abort "Failed test suite: $curve\n";
+
+}
+
+system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
+system( "make clean" ) and die;
+exit 0;
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 318629f..078e82d 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -6,11 +6,11 @@
my $suite_dir = shift or die "Missing suite directory";
my $suite_name = shift or die "Missing suite name";
my $data_name = shift or die "Missing data name";
+my $test_main_file = do { my $arg = shift; defined($arg) ? $arg : $suite_dir."/main_test.function" };
my $test_file = $data_name.".c";
my $test_helper_file = $suite_dir."/helpers.function";
my $test_case_file = $suite_dir."/".$suite_name.".function";
my $test_case_data = $suite_dir."/".$data_name.".data";
-my $test_main_file = $suite_dir."/main_test.function";
my $line_separator = $/;
undef $/;
@@ -50,8 +50,9 @@
while (@var_req_arr)
{
my $req = shift @var_req_arr;
+ $req =~ s/(!?)(.*)/$1defined($2)/;
- $suite_pre_code .= "#ifdef $req\n";
+ $suite_pre_code .= "#if $req\n";
$suite_post_code .= "#endif /* $req */\n";
}
@@ -65,12 +66,12 @@
#include POLARSSL_CONFIG_FILE
#endif
+$test_helpers
+
$suite_pre_code
$suite_header
$suite_post_code
-$test_helpers
-
END
$test_main =~ s/SUITE_PRE_DEP/$suite_pre_code/;
@@ -138,7 +139,7 @@
$param_defs .= " char *param$i = params[$i];\n";
$param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n";
push @dispatch_params, "param$i";
- $mapping_regex .= ":[^:]+";
+ $mapping_regex .= ":[^:\n]+";
}
else
{
@@ -172,7 +173,7 @@
$param_defs
if( cnt != $param_count )
{
- fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count );
+ polarssl_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count );
return( 2 );
}
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 6546b05..057b8be 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -16,7 +16,7 @@
'config-mini-tls1_1.h'
=> '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
'config-suite-b.h'
- => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p PolarSSL",
+ => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
'config-picocoin.h'
=> 0,
'config-ccm-psk-tls1_2.h'
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4eafed4..5cf4ff6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -20,7 +20,7 @@
O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-G_CLI="$GNUTLS_CLI"
+G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
TESTS=0
FAILS=0
@@ -34,10 +34,10 @@
print_usage() {
echo "Usage: $0 [options]"
- echo -e " -h|--help\tPrint this help."
- echo -e " -m|--memcheck\tCheck memory leaks and errors."
- echo -e " -f|--filter\tOnly matching tests are executed (default: '$FILTER')"
- echo -e " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')"
+ printf " -h|--help\tPrint this help.\n"
+ printf " -m|--memcheck\tCheck memory leaks and errors.\n"
+ printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n"
+ printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n"
}
get_options() {
@@ -80,6 +80,21 @@
fi
}
+# skip next test if OpenSSL doesn't support FALLBACK_SCSV
+requires_openssl_with_fallback_scsv() {
+ if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
+ if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
+ then
+ OPENSSL_HAS_FBSCSV="YES"
+ else
+ OPENSSL_HAS_FBSCSV="NO"
+ fi
+ fi
+ if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if GnuTLS isn't available
requires_gnutls() {
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
@@ -96,10 +111,10 @@
# print_name <name>
print_name() {
- echo -n "$1 "
+ printf "$1 "
LEN=$(( 72 - `echo "$1" | wc -c` ))
- for i in `seq 1 $LEN`; do echo -n '.'; done
- echo -n ' '
+ for i in `seq 1 $LEN`; do printf '.'; done
+ printf ' '
TESTS=$(( $TESTS + 1 ))
}
@@ -148,7 +163,8 @@
WATCHDOG_PID=$!
# make a tight loop, server usually takes less than 1 sec to start
- until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
+ until lsof -nbi TCP:"$PORT" 2>/dev/null | grep LISTEN >/dev/null;
+ do :; done
kill $WATCHDOG_PID
wait $WATCHDOG_PID
@@ -232,14 +248,14 @@
if is_polar "$SRV_CMD"; then
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
else
- fail "server failed to start"
+ fail "server or client failed to reach handshake stage"
return
fi
fi
if is_polar "$CLI_CMD"; then
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
else
- fail "client failed to start"
+ fail "server or client failed to reach handshake stage"
return
fi
fi
@@ -326,6 +342,11 @@
# MAIN
#
+if cd $( dirname $0 ); then :; else
+ echo "cd $( dirname $0 ) failed" >&2
+ exit 1
+fi
+
get_options "$@"
# sanity checks, avoid an avalanche of errors
@@ -356,7 +377,7 @@
# Pick a "unique" port in the range 10000-19999.
PORT="0000$$"
-PORT="1$(echo $PORT | tail -c 5)"
+PORT="1$( printf $PORT | tail -c 4 )"
# fix commands to use this port
P_SRV="$P_SRV server_port=$PORT"
@@ -364,7 +385,7 @@
O_SRV="$O_SRV -accept $PORT"
O_CLI="$O_CLI -connect localhost:$PORT"
G_SRV="$G_SRV -p $PORT"
-G_CLI="$G_CLI -p $PORT"
+G_CLI="$G_CLI -p $PORT localhost"
# Also pick a unique name for intermediate files
SRV_OUT="srv_out.$$"
@@ -392,6 +413,27 @@
-S "error" \
-C "error"
+# Tests for rc4 option
+
+run_test "RC4: server disabled, client enabled" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 1 \
+ -s "SSL - None of the common ciphersuites is usable"
+
+run_test "RC4: server enabled, client disabled" \
+ "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI" \
+ 1 \
+ -s "SSL - The server has no ciphersuites in common"
+
+run_test "RC4: both enabled" \
+ "$P_SRV arc4=1" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - The server has no ciphersuites in common"
+
# Test for SSLv2 ClientHello
requires_openssl_with_sslv2
@@ -413,18 +455,331 @@
# Tests for Truncated HMAC extension
-run_test "Truncated HMAC: reference" \
+run_test "Truncated HMAC: client default, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
- -s "dumping 'computed mac' (20 bytes)"
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
-run_test "Truncated HMAC: actual test" \
+run_test "Truncated HMAC: client disabled, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=0" \
0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server default" \
+ "$P_SRV debug_level=4" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
-s "dumping 'computed mac' (10 bytes)"
+run_test "Truncated HMAC: client enabled, server disabled" \
+ "$P_SRV debug_level=4 trunc_hmac=0" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server enabled" \
+ "$P_SRV debug_level=4 trunc_hmac=1" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
+ -s "dumping 'computed mac' (10 bytes)"
+
+# Tests for Encrypt-then-MAC extension
+
+run_test "Encrypt then MAC: default" \
+ "$P_SRV debug_level=3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -c "client hello, adding encrypt_then_mac extension" \
+ -s "found encrypt then mac extension" \
+ -s "server hello, adding encrypt then mac extension" \
+ -c "found encrypt_then_mac extension" \
+ -c "using encrypt then mac" \
+ -s "using encrypt then mac"
+
+run_test "Encrypt then MAC: client enabled, server disabled" \
+ "$P_SRV debug_level=3 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI debug_level=3 etm=1" \
+ 0 \
+ -c "client hello, adding encrypt_then_mac extension" \
+ -s "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+run_test "Encrypt then MAC: client enabled, aead cipher" \
+ "$P_SRV debug_level=3 etm=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_CLI debug_level=3 etm=1" \
+ 0 \
+ -c "client hello, adding encrypt_then_mac extension" \
+ -s "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+run_test "Encrypt then MAC: client enabled, stream cipher" \
+ "$P_SRV debug_level=3 etm=1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI debug_level=3 etm=1 arc4=1" \
+ 0 \
+ -c "client hello, adding encrypt_then_mac extension" \
+ -s "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+run_test "Encrypt then MAC: client disabled, server enabled" \
+ "$P_SRV debug_level=3 etm=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI debug_level=3 etm=0" \
+ 0 \
+ -C "client hello, adding encrypt_then_mac extension" \
+ -S "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+run_test "Encrypt then MAC: client SSLv3, server enabled" \
+ "$P_SRV debug_level=3 min_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI debug_level=3 force_version=ssl3" \
+ 0 \
+ -C "client hello, adding encrypt_then_mac extension" \
+ -S "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+run_test "Encrypt then MAC: client enabled, server SSLv3" \
+ "$P_SRV debug_level=3 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI debug_level=3 min_version=ssl3" \
+ 0 \
+ -c "client hello, adding encrypt_then_mac extension" \
+ -s "found encrypt then mac extension" \
+ -S "server hello, adding encrypt then mac extension" \
+ -C "found encrypt_then_mac extension" \
+ -C "using encrypt then mac" \
+ -S "using encrypt then mac"
+
+# Tests for Extended Master Secret extension
+
+run_test "Extended Master Secret: default" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -s "server hello, adding extended master secret extension" \
+ -c "found extended_master_secret extension" \
+ -c "using extended master secret" \
+ -s "using extended master secret"
+
+run_test "Extended Master Secret: client enabled, server disabled" \
+ "$P_SRV debug_level=3 extended_ms=0" \
+ "$P_CLI debug_level=3 extended_ms=1" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -C "using extended master secret" \
+ -S "using extended master secret"
+
+run_test "Extended Master Secret: client disabled, server enabled" \
+ "$P_SRV debug_level=3 extended_ms=1" \
+ "$P_CLI debug_level=3 extended_ms=0" \
+ 0 \
+ -C "client hello, adding extended_master_secret extension" \
+ -S "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -C "using extended master secret" \
+ -S "using extended master secret"
+
+run_test "Extended Master Secret: client SSLv3, server enabled" \
+ "$P_SRV debug_level=3 min_version=ssl3" \
+ "$P_CLI debug_level=3 force_version=ssl3" \
+ 0 \
+ -C "client hello, adding extended_master_secret extension" \
+ -S "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -C "using extended master secret" \
+ -S "using extended master secret"
+
+run_test "Extended Master Secret: client enabled, server SSLv3" \
+ "$P_SRV debug_level=3 force_version=ssl3" \
+ "$P_CLI debug_level=3 min_version=ssl3" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -C "using extended master secret" \
+ -S "using extended master secret"
+
+# Tests for FALLBACK_SCSV
+
+run_test "Fallback SCSV: default" \
+ "$P_SRV" \
+ "$P_CLI debug_level=3 force_version=tls1_1" \
+ 0 \
+ -C "adding FALLBACK_SCSV" \
+ -S "received FALLBACK_SCSV" \
+ -S "inapropriate fallback" \
+ -C "is a fatal alert message (msg 86)"
+
+run_test "Fallback SCSV: explicitly disabled" \
+ "$P_SRV" \
+ "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
+ 0 \
+ -C "adding FALLBACK_SCSV" \
+ -S "received FALLBACK_SCSV" \
+ -S "inapropriate fallback" \
+ -C "is a fatal alert message (msg 86)"
+
+run_test "Fallback SCSV: enabled" \
+ "$P_SRV" \
+ "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
+ 1 \
+ -c "adding FALLBACK_SCSV" \
+ -s "received FALLBACK_SCSV" \
+ -s "inapropriate fallback" \
+ -c "is a fatal alert message (msg 86)"
+
+run_test "Fallback SCSV: enabled, max version" \
+ "$P_SRV" \
+ "$P_CLI debug_level=3 fallback=1" \
+ 0 \
+ -c "adding FALLBACK_SCSV" \
+ -s "received FALLBACK_SCSV" \
+ -S "inapropriate fallback" \
+ -C "is a fatal alert message (msg 86)"
+
+requires_openssl_with_fallback_scsv
+run_test "Fallback SCSV: default, openssl server" \
+ "$O_SRV" \
+ "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
+ 0 \
+ -C "adding FALLBACK_SCSV" \
+ -C "is a fatal alert message (msg 86)"
+
+requires_openssl_with_fallback_scsv
+run_test "Fallback SCSV: enabled, openssl server" \
+ "$O_SRV" \
+ "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
+ 1 \
+ -c "adding FALLBACK_SCSV" \
+ -c "is a fatal alert message (msg 86)"
+
+requires_openssl_with_fallback_scsv
+run_test "Fallback SCSV: disabled, openssl client" \
+ "$P_SRV" \
+ "$O_CLI -tls1_1" \
+ 0 \
+ -S "received FALLBACK_SCSV" \
+ -S "inapropriate fallback"
+
+requires_openssl_with_fallback_scsv
+run_test "Fallback SCSV: enabled, openssl client" \
+ "$P_SRV" \
+ "$O_CLI -tls1_1 -fallback_scsv" \
+ 1 \
+ -s "received FALLBACK_SCSV" \
+ -s "inapropriate fallback"
+
+requires_openssl_with_fallback_scsv
+run_test "Fallback SCSV: enabled, max version, openssl client" \
+ "$P_SRV" \
+ "$O_CLI -fallback_scsv" \
+ 0 \
+ -s "received FALLBACK_SCSV" \
+ -S "inapropriate fallback"
+
+# Tests for CBC 1/n-1 record splitting
+
+run_test "CBC Record splitting: TLS 1.2, no splitting" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=tls1_2" \
+ 0 \
+ -s "Read from client: 123 bytes read" \
+ -S "Read from client: 1 bytes read" \
+ -S "122 bytes read"
+
+run_test "CBC Record splitting: TLS 1.1, no splitting" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=tls1_1" \
+ 0 \
+ -s "Read from client: 123 bytes read" \
+ -S "Read from client: 1 bytes read" \
+ -S "122 bytes read"
+
+run_test "CBC Record splitting: TLS 1.0, splitting" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=tls1" \
+ 0 \
+ -S "Read from client: 123 bytes read" \
+ -s "Read from client: 1 bytes read" \
+ -s "122 bytes read"
+
+run_test "CBC Record splitting: SSLv3, splitting" \
+ "$P_SRV min_version=ssl3" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=ssl3" \
+ 0 \
+ -S "Read from client: 123 bytes read" \
+ -s "Read from client: 1 bytes read" \
+ -s "122 bytes read"
+
+run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
+ "$P_SRV arc4=1" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ request_size=123 force_version=tls1" \
+ 0 \
+ -s "Read from client: 123 bytes read" \
+ -S "Read from client: 1 bytes read" \
+ -S "122 bytes read"
+
+run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=tls1 recsplit=0" \
+ 0 \
+ -s "Read from client: 123 bytes read" \
+ -S "Read from client: 1 bytes read" \
+ -S "122 bytes read"
+
+run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
+ "$P_SRV nbio=2" \
+ "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ request_size=123 force_version=tls1" \
+ 0 \
+ -S "Read from client: 123 bytes read" \
+ -s "Read from client: 1 bytes read" \
+ -s "122 bytes read"
+
# Tests for Session Tickets
run_test "Session resume using tickets: basic" \
@@ -770,6 +1125,71 @@
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
+run_test "Renegotiation: periodic, just below period" \
+ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
+ 0 \
+ -C "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -S "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -S "record counter limit reached: renegotiate" \
+ -C "=> renegotiate" \
+ -S "=> renegotiate" \
+ -S "write hello request" \
+ -S "SSL - An unexpected message was received from our peer" \
+ -S "failed"
+
+# one extra exchange to be able to complete renego
+run_test "Renegotiation: periodic, just above period" \
+ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -s "record counter limit reached: renegotiate" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request" \
+ -S "SSL - An unexpected message was received from our peer" \
+ -S "failed"
+
+run_test "Renegotiation: periodic, two times period" \
+ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+ "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -s "record counter limit reached: renegotiate" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request" \
+ -S "SSL - An unexpected message was received from our peer" \
+ -S "failed"
+
+run_test "Renegotiation: periodic, above period, disabled" \
+ "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3" \
+ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
+ 0 \
+ -C "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -S "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -S "record counter limit reached: renegotiate" \
+ -C "=> renegotiate" \
+ -S "=> renegotiate" \
+ -S "write hello request" \
+ -S "SSL - An unexpected message was received from our peer" \
+ -S "failed"
+
run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -803,21 +1223,113 @@
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
- -C "ssl_handshake returned" \
+ -C "ssl_hanshake() returned" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
-run_test "Renegotiation: gnutls server, client-initiated" \
- "$G_SRV" \
+requires_gnutls
+run_test "Renegotiation: gnutls server strict, client-initiated" \
+ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
- -C "ssl_handshake returned" \
+ -C "ssl_hanshake() returned" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
+requires_gnutls
+run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
+ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
+ 1 \
+ -c "client hello, adding renegotiation extension" \
+ -C "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -c "ssl_handshake() returned" \
+ -c "error" \
+ -C "HTTP/1.0 200 [Oo][Kk]"
+
+requires_gnutls
+run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
+ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
+ allow_legacy=0" \
+ 1 \
+ -c "client hello, adding renegotiation extension" \
+ -C "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -c "ssl_handshake() returned" \
+ -c "error" \
+ -C "HTTP/1.0 200 [Oo][Kk]"
+
+requires_gnutls
+run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
+ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
+ allow_legacy=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -C "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -C "ssl_hanshake() returned" \
+ -C "error" \
+ -c "HTTP/1.0 200 [Oo][Kk]"
+
+# Test for the "secure renegotation" extension only (no actual renegotiation)
+
+requires_gnutls
+run_test "Renego ext: gnutls server strict, client default" \
+ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -c "found renegotiation extension" \
+ -C "error" \
+ -c "HTTP/1.0 200 [Oo][Kk]"
+
+requires_gnutls
+run_test "Renego ext: gnutls server unsafe, client default" \
+ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -C "found renegotiation extension" \
+ -C "error" \
+ -c "HTTP/1.0 200 [Oo][Kk]"
+
+requires_gnutls
+run_test "Renego ext: gnutls server unsafe, client break legacy" \
+ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_CLI debug_level=3 allow_legacy=-1" \
+ 1 \
+ -C "found renegotiation extension" \
+ -c "error" \
+ -C "HTTP/1.0 200 [Oo][Kk]"
+
+requires_gnutls
+run_test "Renego ext: gnutls client strict, server default" \
+ "$P_SRV debug_level=3" \
+ "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
+ 0 \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
+ -s "server hello, secure renegotiation extension"
+
+requires_gnutls
+run_test "Renego ext: gnutls client unsafe, server default" \
+ "$P_SRV debug_level=3" \
+ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ 0 \
+ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
+ -S "server hello, secure renegotiation extension"
+
+requires_gnutls
+run_test "Renego ext: gnutls client unsafe, server break legacy" \
+ "$P_SRV debug_level=3 allow_legacy=-1" \
+ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ 1 \
+ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
+ -S "server hello, secure renegotiation extension"
+
# Tests for auth_mode
run_test "Authentication: server badcert, client required" \
@@ -826,7 +1338,7 @@
"$P_CLI debug_level=1 auth_mode=required" \
1 \
-c "x509_verify_cert() returned" \
- -c "! self-signed or not signed by a trusted CA" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
-c "! ssl_handshake returned" \
-c "X509 - Certificate verification failed"
@@ -836,7 +1348,7 @@
"$P_CLI debug_level=1 auth_mode=optional" \
0 \
-c "x509_verify_cert() returned" \
- -c "! self-signed or not signed by a trusted CA" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
-C "! ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -846,7 +1358,7 @@
"$P_CLI debug_level=1 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
- -C "! self-signed or not signed by a trusted CA" \
+ -C "! The certificate is not correctly signed by the trusted CA" \
-C "! ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -862,7 +1374,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \
- -S "! self-signed or not signed by a trusted CA" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
-s "! ssl_handshake returned" \
-c "! ssl_handshake returned" \
-s "X509 - Certificate verification failed"
@@ -879,7 +1391,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \
- -s "! self-signed or not signed by a trusted CA" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
-S "! ssl_handshake returned" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -896,7 +1408,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify" \
-S "x509_verify_cert() returned" \
- -S "! self-signed or not signed by a trusted CA" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
-S "! ssl_handshake returned" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -913,7 +1425,7 @@
-S "SSLv3 client has no certificate" \
-c "skip write certificate verify" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! ssl_handshake returned" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -924,7 +1436,7 @@
0 \
-S "skip write certificate request" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -940,7 +1452,7 @@
run_test "Authentication: client no cert, ssl3" \
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
- "$P_CLI debug_level=3 crt_file=none key_file=none" \
+ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -950,11 +1462,65 @@
-c "got no certificate to send" \
-s "SSLv3 client has no certificate" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! ssl_handshake returned" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+# Tests for certificate selection based on SHA verson
+
+run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_2" \
+ 0 \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -C "signed using.*ECDSA with SHA256" \
+ -c "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1" \
+ 0 \
+ -C "signed using.*ECDSA with SHA256" \
+ -c "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server6.crt \
+ key_file2=data_files/server6.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -c "serial number.*09" \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
+ "$P_SRV crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key \
+ crt_file2=data_files/server5.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -c "serial number.*0A" \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
# tests for SNI
run_test "SNI: no SNI callback" \
@@ -1312,6 +1878,17 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
+ "$O_SRV -key data_files/server2.key \
+ -cert data_files/server2.ku-ke.crt" \
+ "$P_CLI debug_level=1 auth_mode=optional \
+ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ 0 \
+ -c "bad certificate (usage extensions)" \
+ -C "Processing of the Certificate handshake message failed" \
+ -c "Ciphersuite is TLS-" \
+ -c "! Usage does not match the keyUsage extension"
+
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@@ -1332,6 +1909,17 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
+ "$O_SRV -key data_files/server2.key \
+ -cert data_files/server2.ku-ds.crt" \
+ "$P_CLI debug_level=1 auth_mode=optional \
+ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ 0 \
+ -c "bad certificate (usage extensions)" \
+ -C "Processing of the Certificate handshake message failed" \
+ -c "Ciphersuite is TLS-" \
+ -c "! Usage does not match the keyUsage extension"
+
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
@@ -1507,7 +2095,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1516,7 +2104,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
1 \
- -s "SSL - The server has no ciphersuites in common" \
+ -s "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1525,7 +2113,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1534,7 +2122,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1543,7 +2131,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1552,7 +2140,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=ghi psk=beef" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -1561,21 +2149,21 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=beef" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-s "SSL - Verification of the message MAC failed"
# Tests for ciphersuites per version
run_test "Per-version suites: SSL3" \
- "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
run_test "Per-version suites: TLS 1.0" \
- "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1" \
+ "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_CLI force_version=tls1 arc4=1" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
@@ -1608,14 +2196,14 @@
# Tests for small packets
run_test "Small packet SSLv3 BlockCipher" \
- "$P_SRV" \
+ "$P_SRV min_version=ssl3" \
"$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet SSLv3 StreamCipher" \
- "$P_SRV" \
+ "$P_SRV min_version=ssl3 arc4=1" \
"$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
@@ -1628,6 +2216,13 @@
0 \
-s "Read from client: 1 bytes read"
+run_test "Small packet TLS 1.0 BlockCipher without EtM" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 \
@@ -1637,7 +2232,7 @@
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1651,8 +2246,15 @@
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 StreamCipher" \
+run_test "Small packet TLS 1.1 BlockCipher without EtM" \
"$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.1 StreamCipher" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
@@ -1667,7 +2269,7 @@
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1681,9 +2283,17 @@
0 \
-s "Read from client: 1 bytes read"
+run_test "Small packet TLS 1.2 BlockCipher without EtM" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-s "Read from client: 1 bytes read"
@@ -1696,14 +2306,14 @@
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1727,14 +2337,14 @@
# Test for large packets
run_test "Large packet SSLv3 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=ssl3 \
+ "$P_SRV min_version=ssl3" \
+ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet SSLv3 StreamCipher" \
- "$P_SRV" \
+ "$P_SRV min_version=ssl3 arc4=1" \
"$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
@@ -1742,21 +2352,21 @@
run_test "Large packet TLS 1.0 BlockCipher" \
"$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 \
+ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
"$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 \
+ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1771,7 +2381,7 @@
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
@@ -1786,7 +2396,7 @@
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1802,7 +2412,8 @@
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-s "Read from client: 16384 bytes read"
@@ -1815,14 +2426,14 @@
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
- "$P_SRV" \
+ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
@@ -1848,9 +2459,9 @@
echo "------------------------------------------------------------------------"
if [ $FAILS = 0 ]; then
- echo -n "PASSED"
+ printf "PASSED"
else
- echo -n "FAILED"
+ printf "FAILED"
fi
PASSES=$(( $TESTS - $FAILS ))
echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index b006429..0f07485 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,12 +1,15 @@
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-#include "polarssl/memory.h"
-#endif
-
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
+#define polarssl_printf printf
+#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
+#define polarssl_exit exit
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
#endif
#ifdef _MSC_VER
@@ -16,10 +19,17 @@
#include <inttypes.h>
#endif
-#include <assert.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#define assert(a) if( !( a ) ) \
+{ \
+ polarssl_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
+ __FILE__, __LINE__, #a ); \
+ polarssl_exit( 1 ); \
+}
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -43,13 +53,13 @@
}
#endif
-static int unhexify(unsigned char *obuf, const char *ibuf)
+static int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
- int len = strlen(ibuf) / 2;
- assert(!(strlen(ibuf) %1)); // must be even number of bytes
+ int len = strlen( ibuf ) / 2;
+ assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes
- while (*ibuf != 0)
+ while( *ibuf != 0 )
{
c = *ibuf++;
if( c >= '0' && c <= '9' )
@@ -77,14 +87,14 @@
return len;
}
-static void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
+static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
- while (len != 0)
+ while( len != 0 )
{
- h = (*ibuf) / 16;
- l = (*ibuf) % 16;
+ h = *ibuf / 16;
+ l = *ibuf % 16;
if( h < 10 )
*obuf++ = '0' + h;
@@ -111,7 +121,7 @@
static unsigned char *zero_alloc( size_t len )
{
void *p;
- size_t actual_len = len != 0 ? len : 1;
+ size_t actual_len = ( len != 0 ) ? len : 1;
p = polarssl_malloc( actual_len );
assert( p != NULL );
@@ -135,7 +145,7 @@
{
unsigned char *obuf;
- *olen = strlen(ibuf) / 2;
+ *olen = strlen( ibuf ) / 2;
if( *olen == 0 )
return( zero_alloc( *olen ) );
@@ -273,9 +283,11 @@
for( i = 0; i < 32; i++ )
{
- info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
+ info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) )
+ + info->v1 ) ^ ( sum + k[sum & 3] );
sum += delta;
- info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
+ info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) )
+ + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] );
}
PUT_UINT32_BE( info->v0, result, 0 );
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 318ca9a..d67d875 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,12 +1,18 @@
-#include <stdio.h>
#include <string.h>
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
-#define polarssl_malloc malloc
+#include <stdio.h>
+#define polarssl_exit exit
#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#include "polarssl/memory_buffer_alloc.h"
#endif
static int test_errors = 0;
@@ -21,8 +27,8 @@
test_errors++;
if( test_errors == 1 )
- printf( "FAILED\n" );
- printf( " %s\n", test );
+ polarssl_printf( "FAILED\n" );
+ polarssl_printf( " %s\n", test );
return( 1 );
}
@@ -37,7 +43,7 @@
if( (*str)[0] != '"' ||
(*str)[strlen( *str ) - 1] != '"' )
{
- printf( "Expected string (with \"\") for parameter and got: %s\n", *str );
+ polarssl_printf( "Expected string (with \"\") for parameter and got: %s\n", *str );
return( -1 );
}
@@ -90,7 +96,7 @@
MAPPING_CODE
- printf( "Expected integer for parameter and got: %s\n", str );
+ polarssl_printf( "Expected integer for parameter and got: %s\n", str );
return( -1 );
}
@@ -116,7 +122,7 @@
#if defined(TEST_SUITE_ACTIVE)
DISPATCH_FUNCTION
{
- fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] );
+ polarssl_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] );
fflush( stdout );
return( 1 );
}
@@ -211,7 +217,8 @@
char buf[5000];
char *params[50];
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && \
+ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
unsigned char alloc_buf[1000000];
memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
@@ -219,7 +226,7 @@
file = fopen( filename, "r" );
if( file == NULL )
{
- fprintf( stderr, "Failed to open\n" );
+ polarssl_fprintf( stderr, "Failed to open\n" );
return( 1 );
}
@@ -229,11 +236,11 @@
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
- fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf );
- fprintf( stdout, " " );
+ polarssl_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf );
+ polarssl_fprintf( stdout, " " );
for( i = strlen( buf ) + 1; i < 67; i++ )
- fprintf( stdout, "." );
- fprintf( stdout, " " );
+ polarssl_fprintf( stdout, "." );
+ polarssl_fprintf( stdout, " " );
fflush( stdout );
total_tests++;
@@ -262,19 +269,19 @@
if( skip == 1 || ret == 3 )
{
total_skipped++;
- fprintf( stdout, "----\n" );
+ polarssl_fprintf( stdout, "----\n" );
fflush( stdout );
}
else if( ret == 0 && test_errors == 0 )
{
- fprintf( stdout, "PASS\n" );
+ polarssl_fprintf( stdout, "PASS\n" );
fflush( stdout );
}
else if( ret == 2 )
{
- fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
+ polarssl_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
fclose(file);
- exit( 2 );
+ polarssl_exit( 2 );
}
else
total_errors++;
@@ -283,22 +290,23 @@
break;
if( strlen(buf) != 0 )
{
- fprintf( stderr, "Should be empty %d\n", (int) strlen(buf) );
+ polarssl_fprintf( stderr, "Should be empty %d\n", (int) strlen(buf) );
return( 1 );
}
}
fclose(file);
- fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
+ polarssl_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
if( total_errors == 0 )
- fprintf( stdout, "PASSED" );
+ polarssl_fprintf( stdout, "PASSED" );
else
- fprintf( stdout, "FAILED" );
+ polarssl_fprintf( stdout, "FAILED" );
- fprintf( stdout, " (%d / %d tests (%d skipped))\n",
+ polarssl_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
total_tests - total_errors, total_tests, total_skipped );
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && \
+ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
#if defined(POLARSSL_MEMORY_DEBUG)
memory_buffer_alloc_status();
#endif
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 3bd7d4a..7027247 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/aes.h>
+#include "polarssl/aes.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index b6d3d4c..dc7b24b 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/arc4.h>
+#include "polarssl/arc4.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 72e9b4b..49b073a 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/asn1write.h>
+#include "polarssl/asn1write.h"
#define GUARD_LEN 4
#define GUARD_VAL 0x2a
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 01d8aa6..a8348d2 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/base64.h>
+#include "polarssl/base64.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 6d88f8c..e73aa86 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/camellia.h>
+#include "polarssl/camellia.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index d513a15..d8ca4f5 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/ccm.h>
+#include "polarssl/ccm.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -146,6 +146,7 @@
if( strcmp( "FAIL", result_hex ) == 0 )
{
ret = POLARSSL_ERR_CCM_AUTH_FAILED;
+ result_len = -1;
}
else
{
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 2bc1ef9..448bfcc 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1,8 +1,8 @@
/* BEGIN_HEADER */
-#include <polarssl/cipher.h>
+#include "polarssl/cipher.h"
#if defined(POLARSSL_GCM_C)
-#include <polarssl/gcm.h>
+#include "polarssl/gcm.h"
#endif
/* END_HEADER */
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index fd9f087..644eb46 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/ctr_drbg.h>
+#include "polarssl/ctr_drbg.h"
int test_offset_idx;
int entropy_func( void *data, unsigned char *buf, size_t len )
@@ -141,6 +141,10 @@
}
TEST_ASSERT( last_idx == test_offset_idx );
+ /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
+ * (just make sure it doesn't cause memory corruption) */
+ ctr_drbg_update( &ctx, entropy, sizeof( entropy ) );
+
/* Now enable PR, so the next few calls should all reseed */
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
TEST_ASSERT( ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 9b49f6a..e0b3bd6 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -32,19 +32,19 @@
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
Debug print buffer #2
-debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00\n"
+debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
Debug print buffer #3
-debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n"
+debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
Debug print buffer #4
-debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00\n"
+debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
Debug print buffer #5
-debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0030\: 00\n"
+debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print buffer #5 (raw)
-debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0030\: 00\n"
+debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F707172737475767778797A7B7C7D7E7F8081828384858687F8F9FAFBFCFDFEFF00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n0010\: 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n0020\: 80 81 82 83 84 85 86 87 f8 f9 fa fb fc fd fe ff ................\n0030\: 00 .\n"
Debug print certificate #1 (RSA)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C
@@ -55,11 +55,11 @@
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/server1.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nvalue of 'crt->rsa.N' (2048 bits) is\:\n a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\n 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\n 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\n dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\n 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\n 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\n 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\n f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\n ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\n 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\n ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\n 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\n 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\n db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\n 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\n ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nvalue of 'crt->rsa.E' (17 bits) is\:\n 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
debug_print_crt:POLARSSL_DEBUG_LOG_FULL:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print certificate #2 (EC, raw)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2013-09-24 15\:49\:48\nexpires on \: 2023-09-22 15\:49\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\nvalue of 'crt->eckey.Q(X)' (384 bits) is\:\n c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\n 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\n 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nvalue of 'crt->eckey.Q(Y)' (384 bits) is\:\n 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\n b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\n 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mpi #1
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index b31b72a..7db04e5 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/debug.h>
+#include "polarssl/debug.h"
struct buffer_data
{
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 4b5d53d..dfa168f 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/des.h>
+#include "polarssl/des.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 57db3db..f2cdeff 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -10,5 +10,8 @@
Diffie-Hallman load parameters from file
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
+Diffie-Hallman load parameters from file
+dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
+
Diffie-Hellman selftest
dhm_selftest:
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index ba9477f..d7cabf4 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/dhm.h>
+#include "polarssl/dhm.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index c84d2b1..27be969 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/ecdh.h>
+#include "polarssl/ecdh.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 144326b..ee379dc 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/ecdsa.h>
+#include "polarssl/ecdsa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index d871a8d..a5dc528 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -324,6 +324,33 @@
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_check_privkey:POLARSSL_ECP_DP_M255:"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":0
+ECP check public-private #1 (OK)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":0
+
+ECP check public-private #2 (group none)
+ecp_check_pub_priv:POLARSSL_ECP_DP_NONE:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_NONE:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+ECP check public-private #3 (group mismatch)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP384R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+ECP check public-private #4 (Qx mismatch)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+ECP check public-private #5 (Qy mismatch)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+ECP check public-private #6 (wrong Qx)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+ECP check public-private #7 (wrong Qy)
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
ECP gen keypair
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 62dc606..696c597 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/ecp.h>
+#include "polarssl/ecp.h"
#define POLARSSL_ECP_PF_UNKNOWN -1
/* END_HEADER */
@@ -599,6 +599,32 @@
/* END_CASE */
/* BEGIN_CASE */
+void ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub,
+ int id, char *d, char *Qx, char *Qy, int ret )
+{
+ ecp_keypair pub, prv;
+
+ ecp_keypair_init( &pub );
+ ecp_keypair_init( &prv );
+
+ if( id_pub != POLARSSL_ECP_DP_NONE )
+ TEST_ASSERT( ecp_use_known_dp( &pub.grp, id_pub ) == 0 );
+ TEST_ASSERT( ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 );
+
+ if( id != POLARSSL_ECP_DP_NONE )
+ TEST_ASSERT( ecp_use_known_dp( &prv.grp, id ) == 0 );
+ TEST_ASSERT( ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
+ TEST_ASSERT( mpi_read_string( &prv.d, 16, d ) == 0 );
+
+ TEST_ASSERT( ecp_check_pub_priv( &pub, &prv ) == ret );
+
+exit:
+ ecp_keypair_free( &pub );
+ ecp_keypair_free( &prv );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void ecp_gen_keypair( int id )
{
ecp_group grp;
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 6d137ad..c46246c 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/entropy.h>
+#include "polarssl/entropy.h"
/*
* Number of calls made to entropy_dummy_source()
diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function
index 4532530..87287b7 100644
--- a/tests/suites/test_suite_error.function
+++ b/tests/suites/test_suite_error.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/error.h>
+#include "polarssl/error.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index c30b755..2ac7628 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/gcm.h>
+#include "polarssl/gcm.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index bd45112..56267e0 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/hmac_drbg.h>
+#include "polarssl/hmac_drbg.h"
typedef struct
{
diff --git a/tests/suites/test_suite_hmac_shax.function b/tests/suites/test_suite_hmac_shax.function
index 54ad02f..b31d772 100644
--- a/tests/suites/test_suite_hmac_shax.function
+++ b/tests/suites/test_suite_hmac_shax.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
-#include <polarssl/sha1.h>
-#include <polarssl/sha256.h>
-#include <polarssl/sha512.h>
+#include "polarssl/sha1.h"
+#include "polarssl/sha256.h"
+#include "polarssl/sha512.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:POLARSSL_SHA1_C */
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index ea92726..40eb717 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/md.h>
+#include "polarssl/md.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index ecc1b92..6e4c6d8 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -1,8 +1,8 @@
/* BEGIN_HEADER */
-#include <polarssl/md2.h>
-#include <polarssl/md4.h>
-#include <polarssl/md5.h>
-#include <polarssl/ripemd160.h>
+#include "polarssl/md2.h"
+#include "polarssl/md4.h"
+#include "polarssl/md5.h"
+#include "polarssl/ripemd160.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:POLARSSL_MD2_C */
diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data
new file mode 100644
index 0000000..2542d4d
--- /dev/null
+++ b/tests/suites/test_suite_memory_buffer_alloc.data
@@ -0,0 +1,2 @@
+Memory buffer alloc self test
+memory_buffer_alloc_self_test:
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
new file mode 100644
index 0000000..e9cd021
--- /dev/null
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -0,0 +1,16 @@
+/* BEGIN_HEADER */
+#include "polarssl/memory_buffer_alloc.h"
+#define TEST_SUITE_MEMORY_BUFFER_ALLOC
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */
+void memory_buffer_alloc_self_test( )
+{
+ TEST_ASSERT( memory_buffer_alloc_self_test( 0 ) == 0 );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 7908f91..56817cc 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,3 +1,6 @@
+Arguments with no value
+mpi_null:
+
Base test mpi_read_write_string #1
mpi_read_write_string:10:"128":10:"128":100:0:0
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 2835acb..023cab4 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/bignum.h>
+#include "polarssl/bignum.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -8,6 +8,25 @@
*/
/* BEGIN_CASE */
+void mpi_null( )
+{
+ mpi X, Y, Z;
+
+ mpi_init( &X );
+ mpi_init( &Y );
+ mpi_init( &Z );
+
+ TEST_ASSERT( mpi_get_bit( &X, 42 ) == 0 );
+ TEST_ASSERT( mpi_lsb( &X ) == 0 );
+ TEST_ASSERT( mpi_msb( &X ) == 0 );
+ TEST_ASSERT( mpi_size( &X ) == 0 );
+
+exit:
+ mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
char *input_A, int output_size, int result_read,
int result_write )
@@ -97,6 +116,7 @@
unsigned char buf[1000];
size_t buflen;
FILE *file;
+ int ret;
memset( buf, 0x00, 1000 );
memset( str, 0x00, 1000 );
@@ -105,8 +125,9 @@
file = fopen( input_file, "r" );
TEST_ASSERT( file != NULL );
- TEST_ASSERT( mpi_read_file( &X, radix_X, file ) == result );
+ ret = mpi_read_file( &X, radix_X, file );
fclose(file);
+ TEST_ASSERT( ret == result );
if( result == 0 )
{
diff --git a/tests/suites/test_suite_pbkdf2.function b/tests/suites/test_suite_pbkdf2.function
index cbac80e..73dbd15 100644
--- a/tests/suites/test_suite_pbkdf2.function
+++ b/tests/suites/test_suite_pbkdf2.function
@@ -1,9 +1,9 @@
/* BEGIN_HEADER */
-#include <polarssl/pbkdf2.h>
+#include "polarssl/pbkdf2.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:POLARSSL_PBKDF2_C
+ * depends_on:POLARSSL_PBKDF2_C:!POLARSSL_DEPRECATED_REMOVED
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index e8b05eb..f8aab47 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
-#include <polarssl/base64.h>
-#include <polarssl/pem.h>
+#include "polarssl/base64.h"
+#include "polarssl/pem.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 47640a6..73694d2 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -130,3 +130,23 @@
depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15
pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0
+Check pair #1 (EC, OK)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
+
+Check pair #2 (EC, bad)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+Check pair #3 (RSA, OK)
+depends_on:POLARSSL_RSA_C
+pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
+
+Check pair #4 (RSA, bad)
+depends_on:POLARSSL_RSA_C
+pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+Check pair #5 (RSA vs EC)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
+
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index dc7dee9..cc378c4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -1,5 +1,9 @@
/* BEGIN_HEADER */
-#include <polarssl/pk.h>
+#include "polarssl/pk.h"
+
+/* For error codes */
+#include "polarssl/ecp.h"
+#include "polarssl/rsa.h"
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
@@ -80,6 +84,35 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C:POLARSSL_FS_IO */
+void pk_check_pair( char *pub_file, char *prv_file, int ret )
+{
+ pk_context pub, prv, alt;
+
+ pk_init( &pub );
+ pk_init( &prv );
+ pk_init( &alt );
+
+ TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
+ TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+
+ TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
+
+#if defined(POLARSSL_RSA_C)
+ if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
+ {
+ TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
+ rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 );
+ TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret );
+ }
+#endif
+
+ pk_free( &pub );
+ pk_free( &prv );
+ pk_free( &alt );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
int mod, int radix_N, char *input_N, int radix_E,
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 24b200e..6fbe2e1 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
-#include <polarssl/rsa.h>
-#include <polarssl/md.h>
+#include "polarssl/rsa.h"
+#include "polarssl/md.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 1f61db6..f7165f6 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/pkcs5.h>
+#include "polarssl/pkcs5.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index b502017..aab568d 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -146,6 +146,10 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
+Parse EC Key #1a (SEC1 DER, no optional part)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.noopt.der":"NULL":0
+
Parse EC Key #2 (SEC1 PEM)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index c074326..9479cd9 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
-#include <polarssl/pk.h>
-#include <polarssl/pem.h>
-#include <polarssl/oid.h>
+#include "polarssl/pk.h"
+#include "polarssl/pem.h"
+#include "polarssl/oid.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index a4d49e7..d1738ac 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -35,5 +35,5 @@
pk_write_key_check:"data_files/ec_521_prv.pem"
Private key write check EC Brainpool 512 bits
-depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
+depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.pem"
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index b6cb943..8b5fafb 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
-#include <polarssl/pk.h>
-#include <polarssl/pem.h>
-#include <polarssl/oid.h>
+#include "polarssl/pk.h"
+#include "polarssl/pem.h"
+#include "polarssl/oid.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 131e273..c76e5a0 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -318,6 +318,21 @@
RSA Check Public key #10 (E has size N)
rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+RSA Check Public-Private key #1 (Correct)
+rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":0
+
+RSA Check Public-Private key #2 (Public no N)
+rsa_check_pubpriv:2048:16:"":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+RSA Check Public-Private key #3 (Private no N)
+rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+RSA Check Public-Private key #4 (N mismatch)
+rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034e":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+RSA Check Public-Private key #5 (E mismatch)
+rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
RSA Private (Correct)
rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 9b3d05a..45d5723 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -1,13 +1,13 @@
/* BEGIN_HEADER */
-#include <polarssl/rsa.h>
-#include <polarssl/md2.h>
-#include <polarssl/md4.h>
-#include <polarssl/md5.h>
-#include <polarssl/sha1.h>
-#include <polarssl/sha256.h>
-#include <polarssl/sha512.h>
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
+#include "polarssl/rsa.h"
+#include "polarssl/md2.h"
+#include "polarssl/md4.h"
+#include "polarssl/md5.h"
+#include "polarssl/sha1.h"
+#include "polarssl/sha256.h"
+#include "polarssl/sha512.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -590,6 +590,74 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
+ int radix_Epub, char *input_Epub,
+ int radix_P, char *input_P, int radix_Q,
+ char *input_Q, int radix_N, char *input_N,
+ int radix_E, char *input_E, int radix_D, char *input_D,
+ int radix_DP, char *input_DP, int radix_DQ,
+ char *input_DQ, int radix_QP, char *input_QP,
+ int result )
+{
+ rsa_context pub, prv;
+
+ rsa_init( &pub, RSA_PKCS_V15, 0 );
+ rsa_init( &prv, RSA_PKCS_V15, 0 );
+
+ pub.len = mod / 8;
+ prv.len = mod / 8;
+
+ if( strlen( input_Npub ) )
+ {
+ TEST_ASSERT( mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
+ }
+ if( strlen( input_Epub ) )
+ {
+ TEST_ASSERT( mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
+ }
+
+ if( strlen( input_P ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
+ }
+ if( strlen( input_Q ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
+ }
+ if( strlen( input_N ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
+ }
+ if( strlen( input_E ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
+ }
+ if( strlen( input_D ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
+ }
+ if( strlen( input_DP ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
+ }
+ if( strlen( input_DQ ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
+ }
+ if( strlen( input_QP ) )
+ {
+ TEST_ASSERT( mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
+ }
+
+ TEST_ASSERT( rsa_check_pub_priv( &pub, &prv ) == result );
+
+exit:
+ rsa_free( &pub );
+ rsa_free( &prv );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
void rsa_gen_key( int nrbits, int exponent, int result)
{
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 73190dc..51c3301 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
-#include <polarssl/sha1.h>
-#include <polarssl/sha256.h>
-#include <polarssl/sha512.h>
+#include "polarssl/sha1.h"
+#include "polarssl/sha256.h"
+#include "polarssl/sha512.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:POLARSSL_SHA1_C */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 4c205e6..bdce6e5 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"1.3.9"
+check_compiletime_version:"1.3.10"
Check runtime library version
-check_runtime_version:"1.3.9"
+check_runtime_version:"1.3.10"
Check for POLARSSL_VERSION_C
check_feature:"POLARSSL_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 0619007..fd12032 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/version.h>
+#include "polarssl/version.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -17,10 +17,10 @@
memset( build_str, 0, 100 );
memset( build_str_full, 0, 100 );
- snprintf (build_str, 100, "%d.%d.%d", POLARSSL_VERSION_MAJOR,
+ polarssl_snprintf( build_str, 100, "%d.%d.%d", POLARSSL_VERSION_MAJOR,
POLARSSL_VERSION_MINOR, POLARSSL_VERSION_PATCH );
- snprintf( build_str_full, 100, "PolarSSL %d.%d.%d", POLARSSL_VERSION_MAJOR,
+ polarssl_snprintf( build_str_full, 100, "mbed TLS %d.%d.%d", POLARSSL_VERSION_MAJOR,
POLARSSL_VERSION_MINOR, POLARSSL_VERSION_PATCH );
build_int = POLARSSL_VERSION_MAJOR << 24 |
@@ -52,11 +52,11 @@
version_get_string( get_str );
version_get_string_full( get_str_full );
- snprintf( build_str, 100, "%d.%d.%d",
+ polarssl_snprintf( build_str, 100, "%d.%d.%d",
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF );
- snprintf( build_str_full, 100, "PolarSSL %s", version_str );
+ polarssl_snprintf( build_str_full, 100, "mbed TLS %s", version_str );
TEST_ASSERT( strcmp( build_str, version_str ) == 0 );
TEST_ASSERT( strcmp( build_str_full, get_str_full ) == 0 );
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 4cc924f..47eef41 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -110,6 +110,10 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
+X509 Certificate information Bitstring in subject name
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n"
+
X509 certificate v1 with extension
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"
@@ -219,23 +223,23 @@
x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
-depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
+depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA224
-depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
+depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA256
-depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
+depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA384
-depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
+depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA512
-depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
+depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 CSR Information RSA-PSS with SHA1
@@ -258,6 +262,27 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA512_C
x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
+X509 Verify Information: empty
+x509_verify_info:0:"":""
+
+X509 Verify Information: one issue
+x509_verify_info:BADCERT_MISSING:"":"Certificate was missing\n"
+
+X509 Verify Information: two issues
+x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
+
+X509 Verify Information: two issues, one unknown
+x509_verify_info:BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
+
+X509 Verify Information: empty, with prefix
+x509_verify_info:0:" ! ":""
+
+X509 Verify Information: one issue, with prefix
+x509_verify_info:BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
+
+X509 Verify Information: two issues, with prefix
+x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
+
X509 Get Distinguished Name #1
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
@@ -607,7 +632,7 @@
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
@@ -635,17 +660,41 @@
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #73 (selfsigned trusted without CA bit)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #75 (encoding mismatch)
depends_on:POLARSSL_PEM_PARSE_C
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL"
+X509 Certificate verification #76 (multiple CRLs, not revoked)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #77 (multiple CRLs, revoked)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
+
+X509 Certificate verification #78 (multiple CRLs, revoked by second)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
+
+X509 Certificate verification #79 (multiple CRLs, revoked by future)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED|BADCRL_FUTURE:"NULL"
+
+X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
+
+X509 Certificate verification #81 (multiple CRLs, none relevant)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
+x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL"
+
X509 Parse Selftest
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C
x509_selftest:
@@ -754,7 +803,7 @@
x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
-x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
+x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_INVALID_NAME+POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
@@ -869,6 +918,18 @@
depends_on:POLARSSL_RSA_C
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (SubjectAltName repeated)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
+
+X509 Certificate ASN1 (ExtKeyUsage repeated)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
+
X509 Certificate ASN1 (correct pubkey, no sig_alg)
depends_on:POLARSSL_RSA_C
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
@@ -925,6 +986,10 @@
depends_on:POLARSSL_RSA_C
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 Certificate ASN1 (Name with composite RDN)
+depends_on:POLARSSL_RSA_C
+x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
+
X509 Certificate ASN1 (Name with PKCS9 email)
depends_on:POLARSSL_RSA_C
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
@@ -1190,7 +1255,7 @@
x509_parse_rsassa_pss_params:"A303020102":ASN1_CONSTRUCTED | ASN1_SEQUENCE:POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:20:POLARSSL_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
X509 CSR ASN.1 (bad first tag)
@@ -1236,51 +1301,51 @@
x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: missing)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: bad tag)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad attributes: overlong)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: missing)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: not a sequence)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sigAlg: overlong)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: unknown)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
X509 CSR ASN.1 (bad sig: missing)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sig: not a bit string)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sig: overlong)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extra data after signature)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 File parse (no issues)
-depends_on:POLARSSL_ECP_C
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509parse_crt_file:"data_files/server7_int-ca.crt":0
X509 File parse (extra space in one certificate)
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 89b40b7..ab397e5 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1,10 +1,10 @@
/* BEGIN_HEADER */
-#include <polarssl/x509_crt.h>
-#include <polarssl/x509_crl.h>
-#include <polarssl/x509_csr.h>
-#include <polarssl/pem.h>
-#include <polarssl/oid.h>
-#include <polarssl/base64.h>
+#include "polarssl/x509_crt.h"
+#include "polarssl/x509_crl.h"
+#include "polarssl/x509_csr.h"
+#include "polarssl/pem.h"
+#include "polarssl/oid.h"
+#include "polarssl/base64.h"
int verify_none( void *data, x509_crt *crt, int certificate_depth, int *flags )
{
@@ -102,6 +102,22 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
+void x509_verify_info( int flags, char *prefix, char *result_str )
+{
+ char buf[2000];
+ int res;
+
+ memset( buf, 0, sizeof( buf ) );
+
+ res = x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
+
+ TEST_ASSERT( res >= 0 );
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
@@ -346,8 +362,9 @@
void x509_oid_desc( char *oid_str, char *ref_desc )
{
x509_buf oid;
- const char *desc;
+ const char *desc = NULL;
unsigned char buf[20];
+ int ret;
memset( buf, 0, sizeof buf );
@@ -355,12 +372,16 @@
oid.len = unhexify( buf, oid_str );
oid.p = buf;
- desc = x509_oid_get_description( &oid );
+ ret = oid_get_extended_key_usage( &oid, &desc );
if( strcmp( ref_desc, "notfound" ) == 0 )
+ {
+ TEST_ASSERT( ret != 0 );
TEST_ASSERT( desc == NULL );
+ }
else
{
+ TEST_ASSERT( ret == 0 );
TEST_ASSERT( desc != NULL );
TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
}
@@ -383,7 +404,7 @@
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
- TEST_ASSERT( x509_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
+ TEST_ASSERT( oid_get_numeric_string( num_buf, blen, &oid ) == ret );
if( ret >= 0 )
{
@@ -445,8 +466,6 @@
my_ret = x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
&my_salt_len );
- if( my_ret != ref_ret ) printf( "\n%04X\n", - my_ret );
-
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 701ed00..63f35a6 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -1,8 +1,8 @@
/* BEGIN_HEADER */
-#include <polarssl/x509_crt.h>
-#include <polarssl/x509_csr.h>
-#include <polarssl/pem.h>
-#include <polarssl/oid.h>
+#include "polarssl/x509_crt.h"
+#include "polarssl/x509_csr.h"
+#include "polarssl/pem.h"
+#include "polarssl/oid.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 74ca678..d22c7fd 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include <polarssl/xtea.h>
+#include "polarssl/xtea.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/visualc/VS2010/PolarSSL.sln b/visualc/VS2010/PolarSSL.sln
deleted file mode 100644
index c46a91a..0000000
--- a/visualc/VS2010/PolarSSL.sln
+++ /dev/null
@@ -1,585 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual C++ Express 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PolarSSL", "PolarSSL.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{46298485-CE22-B800-3D95-6D6C821819A1}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{84F76F01-FA6C-7C48-1979-06FD24B476C1}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{7036A174-35D6-54AE-7613-A50F5FD8AF86}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "md5sum", "md5sum.vcxproj", "{D4F79297-4960-6D63-D50E-5823C50ED124}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sha1sum", "sha1sum.vcxproj", "{A0278E64-D98F-842D-438A-6747411CE76F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sha2sum", "sha2sum.vcxproj", "{BAF92F6C-E5BE-95B7-6E36-823A1779A818}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_client", "dh_client.vcxproj", "{92253FCF-72E1-7AF6-EAD1-E9037A194C9F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_genprime", "dh_genprime.vcxproj", "{8972AF2C-6333-2827-F75D-3BAC5E07915A}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_server", "dh_server.vcxproj", "{9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_key", "gen_key.vcxproj", "{7721EBA2-C892-AD9B-4994-A0E988BA4BF8}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app", "key_app.vcxproj", "{5129B724-3FB6-CE34-FF51-57031A33C50B}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app_writer", "key_app_writer.vcxproj", "{090B665D-0F4C-4D77-D1B1-A6D882842AA3}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mpi_demo", "mpi_demo.vcxproj", "{08A79AF8-5B8A-4343-D01A-B8AB47F3366C}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_decrypt", "pk_decrypt.vcxproj", "{C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_encrypt", "pk_encrypt.vcxproj", "{239051A9-0CE6-7730-7BB0-83599DC37AA4}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_sign", "pk_sign.vcxproj", "{EBDBB632-13A2-45F8-A44E-4837F6467512}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_verify", "pk_verify.vcxproj", "{CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{7E3D99BD-3D9E-762A-E235-9C8275E7010F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_encrypt", "rsa_encrypt.vcxproj", "{DA85604D-9ED1-FD08-4F37-FBD33E5E3642}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign", "rsa_sign.vcxproj", "{CFC883CE-9BAE-B26F-B08B-7F194AD35929}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{77834257-2878-A38D-AEBE-79423968B6DB}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{34A00BC1-32A6-5145-606F-F081D31CC1D1}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify_pss", "rsa_verify_pss.vcxproj", "{DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{CE90D346-EBC0-D292-6D68-24717DB3F510}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client2", "ssl_client2.vcxproj", "{436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{C49B1EF8-D169-70C5-2FA4-837A900267A7}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2.vcxproj", "{870B39B9-8F38-D9A4-8A07-87047C565061}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{D8295912-D341-F4E4-DC8E-98A2A0604221}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{68EFA4E3-08B0-2925-0EF6-177996B08B24}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{2E5B8634-26AC-5819-5AF7-16F996A7F529}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{D93D1FF0-5E83-2247-31A0-017D20F8011F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{173A0BC9-FF81-3C36-7887-4FBD6032C9FD}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{58A8E53D-21CB-5F27-5111-737EBD3F37A0}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_test", "ssl_test.vcxproj", "{0FC4D326-CF64-AB19-B037-3E3D06EA6798}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "strerror", "strerror.vcxproj", "{9D625831-AF31-CFBA-8855-61C024DA2DE0}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_app", "cert_app.vcxproj", "{E3172E20-4935-69C7-A398-C13EAA76818F}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{10F967D6-468F-3BCA-2D58-36A32E376930}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{5ABF68F6-5360-DE1F-74B6-66ED5BF52619}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Global
- GlobalSection(SolutionConfigurationPlatforms) = preSolution
- Debug|Win32 = Debug|Win32
- Debug|x64 = Debug|x64
- Release|Win32 = Release|Win32
- Release|x64 = Release|x64
- EndGlobalSection
- GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.ActiveCfg = Debug|Win32
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.Build.0 = Debug|Win32
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.ActiveCfg = Debug|x64
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.Build.0 = Debug|x64
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.ActiveCfg = Release|Win32
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
- {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
- {46298485-CE22-B800-3D95-6D6C821819A1}.Debug|Win32.ActiveCfg = Debug|Win32
- {46298485-CE22-B800-3D95-6D6C821819A1}.Debug|Win32.Build.0 = Debug|Win32
- {46298485-CE22-B800-3D95-6D6C821819A1}.Debug|x64.ActiveCfg = Debug|x64
- {46298485-CE22-B800-3D95-6D6C821819A1}.Debug|x64.Build.0 = Debug|x64
- {46298485-CE22-B800-3D95-6D6C821819A1}.Release|Win32.ActiveCfg = Release|Win32
- {46298485-CE22-B800-3D95-6D6C821819A1}.Release|Win32.Build.0 = Release|Win32
- {46298485-CE22-B800-3D95-6D6C821819A1}.Release|x64.ActiveCfg = Release|x64
- {46298485-CE22-B800-3D95-6D6C821819A1}.Release|x64.Build.0 = Release|x64
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Debug|Win32.ActiveCfg = Debug|Win32
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Debug|Win32.Build.0 = Debug|Win32
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Debug|x64.ActiveCfg = Debug|x64
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Debug|x64.Build.0 = Debug|x64
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Release|Win32.ActiveCfg = Release|Win32
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Release|Win32.Build.0 = Release|Win32
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Release|x64.ActiveCfg = Release|x64
- {84F76F01-FA6C-7C48-1979-06FD24B476C1}.Release|x64.Build.0 = Release|x64
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Debug|Win32.ActiveCfg = Debug|Win32
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Debug|Win32.Build.0 = Debug|Win32
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Debug|x64.ActiveCfg = Debug|x64
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Debug|x64.Build.0 = Debug|x64
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Release|Win32.ActiveCfg = Release|Win32
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Release|Win32.Build.0 = Release|Win32
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Release|x64.ActiveCfg = Release|x64
- {7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}.Release|x64.Build.0 = Release|x64
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Debug|Win32.ActiveCfg = Debug|Win32
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Debug|Win32.Build.0 = Debug|Win32
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Debug|x64.ActiveCfg = Debug|x64
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Debug|x64.Build.0 = Debug|x64
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Release|Win32.ActiveCfg = Release|Win32
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Release|Win32.Build.0 = Release|Win32
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Release|x64.ActiveCfg = Release|x64
- {7036A174-35D6-54AE-7613-A50F5FD8AF86}.Release|x64.Build.0 = Release|x64
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Debug|Win32.ActiveCfg = Debug|Win32
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Debug|Win32.Build.0 = Debug|Win32
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Debug|x64.ActiveCfg = Debug|x64
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Debug|x64.Build.0 = Debug|x64
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Release|Win32.ActiveCfg = Release|Win32
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Release|Win32.Build.0 = Release|Win32
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Release|x64.ActiveCfg = Release|x64
- {D4F79297-4960-6D63-D50E-5823C50ED124}.Release|x64.Build.0 = Release|x64
- {A0278E64-D98F-842D-438A-6747411CE76F}.Debug|Win32.ActiveCfg = Debug|Win32
- {A0278E64-D98F-842D-438A-6747411CE76F}.Debug|Win32.Build.0 = Debug|Win32
- {A0278E64-D98F-842D-438A-6747411CE76F}.Debug|x64.ActiveCfg = Debug|x64
- {A0278E64-D98F-842D-438A-6747411CE76F}.Debug|x64.Build.0 = Debug|x64
- {A0278E64-D98F-842D-438A-6747411CE76F}.Release|Win32.ActiveCfg = Release|Win32
- {A0278E64-D98F-842D-438A-6747411CE76F}.Release|Win32.Build.0 = Release|Win32
- {A0278E64-D98F-842D-438A-6747411CE76F}.Release|x64.ActiveCfg = Release|x64
- {A0278E64-D98F-842D-438A-6747411CE76F}.Release|x64.Build.0 = Release|x64
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Debug|Win32.ActiveCfg = Debug|Win32
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Debug|Win32.Build.0 = Debug|Win32
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Debug|x64.ActiveCfg = Debug|x64
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Debug|x64.Build.0 = Debug|x64
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Release|Win32.ActiveCfg = Release|Win32
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Release|Win32.Build.0 = Release|Win32
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Release|x64.ActiveCfg = Release|x64
- {BAF92F6C-E5BE-95B7-6E36-823A1779A818}.Release|x64.Build.0 = Release|x64
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Debug|Win32.ActiveCfg = Debug|Win32
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Debug|Win32.Build.0 = Debug|Win32
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Debug|x64.ActiveCfg = Debug|x64
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Debug|x64.Build.0 = Debug|x64
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Release|Win32.ActiveCfg = Release|Win32
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Release|Win32.Build.0 = Release|Win32
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Release|x64.ActiveCfg = Release|x64
- {92253FCF-72E1-7AF6-EAD1-E9037A194C9F}.Release|x64.Build.0 = Release|x64
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Debug|Win32.ActiveCfg = Debug|Win32
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Debug|Win32.Build.0 = Debug|Win32
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Debug|x64.ActiveCfg = Debug|x64
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Debug|x64.Build.0 = Debug|x64
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Release|Win32.ActiveCfg = Release|Win32
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Release|Win32.Build.0 = Release|Win32
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Release|x64.ActiveCfg = Release|x64
- {8972AF2C-6333-2827-F75D-3BAC5E07915A}.Release|x64.Build.0 = Release|x64
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Debug|Win32.ActiveCfg = Debug|Win32
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Debug|Win32.Build.0 = Debug|Win32
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Debug|x64.ActiveCfg = Debug|x64
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Debug|x64.Build.0 = Debug|x64
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Release|Win32.ActiveCfg = Release|Win32
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Release|Win32.Build.0 = Release|Win32
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Release|x64.ActiveCfg = Release|x64
- {9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}.Release|x64.Build.0 = Release|x64
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Debug|Win32.ActiveCfg = Debug|Win32
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Debug|Win32.Build.0 = Debug|Win32
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Debug|x64.ActiveCfg = Debug|x64
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Debug|x64.Build.0 = Debug|x64
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Release|Win32.ActiveCfg = Release|Win32
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Release|Win32.Build.0 = Release|Win32
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Release|x64.ActiveCfg = Release|x64
- {7721EBA2-C892-AD9B-4994-A0E988BA4BF8}.Release|x64.Build.0 = Release|x64
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Debug|Win32.ActiveCfg = Debug|Win32
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Debug|Win32.Build.0 = Debug|Win32
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Debug|x64.ActiveCfg = Debug|x64
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Debug|x64.Build.0 = Debug|x64
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Release|Win32.ActiveCfg = Release|Win32
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Release|Win32.Build.0 = Release|Win32
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Release|x64.ActiveCfg = Release|x64
- {5129B724-3FB6-CE34-FF51-57031A33C50B}.Release|x64.Build.0 = Release|x64
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Debug|Win32.ActiveCfg = Debug|Win32
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Debug|Win32.Build.0 = Debug|Win32
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Debug|x64.ActiveCfg = Debug|x64
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Debug|x64.Build.0 = Debug|x64
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Release|Win32.ActiveCfg = Release|Win32
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Release|Win32.Build.0 = Release|Win32
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Release|x64.ActiveCfg = Release|x64
- {090B665D-0F4C-4D77-D1B1-A6D882842AA3}.Release|x64.Build.0 = Release|x64
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Debug|Win32.ActiveCfg = Debug|Win32
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Debug|Win32.Build.0 = Debug|Win32
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Debug|x64.ActiveCfg = Debug|x64
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Debug|x64.Build.0 = Debug|x64
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Release|Win32.ActiveCfg = Release|Win32
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Release|Win32.Build.0 = Release|Win32
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Release|x64.ActiveCfg = Release|x64
- {08A79AF8-5B8A-4343-D01A-B8AB47F3366C}.Release|x64.Build.0 = Release|x64
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Debug|Win32.ActiveCfg = Debug|Win32
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Debug|Win32.Build.0 = Debug|Win32
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Debug|x64.ActiveCfg = Debug|x64
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Debug|x64.Build.0 = Debug|x64
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Release|Win32.ActiveCfg = Release|Win32
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Release|Win32.Build.0 = Release|Win32
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Release|x64.ActiveCfg = Release|x64
- {C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}.Release|x64.Build.0 = Release|x64
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Debug|Win32.ActiveCfg = Debug|Win32
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Debug|Win32.Build.0 = Debug|Win32
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Debug|x64.ActiveCfg = Debug|x64
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Debug|x64.Build.0 = Debug|x64
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Release|Win32.ActiveCfg = Release|Win32
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Release|Win32.Build.0 = Release|Win32
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Release|x64.ActiveCfg = Release|x64
- {239051A9-0CE6-7730-7BB0-83599DC37AA4}.Release|x64.Build.0 = Release|x64
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Debug|Win32.ActiveCfg = Debug|Win32
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Debug|Win32.Build.0 = Debug|Win32
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Debug|x64.ActiveCfg = Debug|x64
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Debug|x64.Build.0 = Debug|x64
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Release|Win32.ActiveCfg = Release|Win32
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Release|Win32.Build.0 = Release|Win32
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Release|x64.ActiveCfg = Release|x64
- {EBDBB632-13A2-45F8-A44E-4837F6467512}.Release|x64.Build.0 = Release|x64
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Debug|Win32.ActiveCfg = Debug|Win32
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Debug|Win32.Build.0 = Debug|Win32
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Debug|x64.ActiveCfg = Debug|x64
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Debug|x64.Build.0 = Debug|x64
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Release|Win32.ActiveCfg = Release|Win32
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Release|Win32.Build.0 = Release|Win32
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Release|x64.ActiveCfg = Release|x64
- {CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}.Release|x64.Build.0 = Release|x64
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Debug|Win32.ActiveCfg = Debug|Win32
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Debug|Win32.Build.0 = Debug|Win32
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Debug|x64.ActiveCfg = Debug|x64
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Debug|x64.Build.0 = Debug|x64
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Release|Win32.ActiveCfg = Release|Win32
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Release|Win32.Build.0 = Release|Win32
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Release|x64.ActiveCfg = Release|x64
- {AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}.Release|x64.Build.0 = Release|x64
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Debug|Win32.ActiveCfg = Debug|Win32
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Debug|Win32.Build.0 = Debug|Win32
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Debug|x64.ActiveCfg = Debug|x64
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Debug|x64.Build.0 = Debug|x64
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Release|Win32.ActiveCfg = Release|Win32
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Release|Win32.Build.0 = Release|Win32
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Release|x64.ActiveCfg = Release|x64
- {7E3D99BD-3D9E-762A-E235-9C8275E7010F}.Release|x64.Build.0 = Release|x64
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Debug|Win32.ActiveCfg = Debug|Win32
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Debug|Win32.Build.0 = Debug|Win32
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Debug|x64.ActiveCfg = Debug|x64
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Debug|x64.Build.0 = Debug|x64
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Release|Win32.ActiveCfg = Release|Win32
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Release|Win32.Build.0 = Release|Win32
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Release|x64.ActiveCfg = Release|x64
- {DA85604D-9ED1-FD08-4F37-FBD33E5E3642}.Release|x64.Build.0 = Release|x64
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Debug|Win32.ActiveCfg = Debug|Win32
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Debug|Win32.Build.0 = Debug|Win32
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Debug|x64.ActiveCfg = Debug|x64
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Debug|x64.Build.0 = Debug|x64
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Release|Win32.ActiveCfg = Release|Win32
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Release|Win32.Build.0 = Release|Win32
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Release|x64.ActiveCfg = Release|x64
- {CFC883CE-9BAE-B26F-B08B-7F194AD35929}.Release|x64.Build.0 = Release|x64
- {77834257-2878-A38D-AEBE-79423968B6DB}.Debug|Win32.ActiveCfg = Debug|Win32
- {77834257-2878-A38D-AEBE-79423968B6DB}.Debug|Win32.Build.0 = Debug|Win32
- {77834257-2878-A38D-AEBE-79423968B6DB}.Debug|x64.ActiveCfg = Debug|x64
- {77834257-2878-A38D-AEBE-79423968B6DB}.Debug|x64.Build.0 = Debug|x64
- {77834257-2878-A38D-AEBE-79423968B6DB}.Release|Win32.ActiveCfg = Release|Win32
- {77834257-2878-A38D-AEBE-79423968B6DB}.Release|Win32.Build.0 = Release|Win32
- {77834257-2878-A38D-AEBE-79423968B6DB}.Release|x64.ActiveCfg = Release|x64
- {77834257-2878-A38D-AEBE-79423968B6DB}.Release|x64.Build.0 = Release|x64
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Debug|Win32.ActiveCfg = Debug|Win32
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Debug|Win32.Build.0 = Debug|Win32
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Debug|x64.ActiveCfg = Debug|x64
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Debug|x64.Build.0 = Debug|x64
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Release|Win32.ActiveCfg = Release|Win32
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Release|Win32.Build.0 = Release|Win32
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Release|x64.ActiveCfg = Release|x64
- {34A00BC1-32A6-5145-606F-F081D31CC1D1}.Release|x64.Build.0 = Release|x64
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Debug|Win32.ActiveCfg = Debug|Win32
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Debug|Win32.Build.0 = Debug|Win32
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Debug|x64.ActiveCfg = Debug|x64
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Debug|x64.Build.0 = Debug|x64
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Release|Win32.ActiveCfg = Release|Win32
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Release|Win32.Build.0 = Release|Win32
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Release|x64.ActiveCfg = Release|x64
- {DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}.Release|x64.Build.0 = Release|x64
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Debug|Win32.ActiveCfg = Debug|Win32
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Debug|Win32.Build.0 = Debug|Win32
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Debug|x64.ActiveCfg = Debug|x64
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Debug|x64.Build.0 = Debug|x64
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Release|Win32.ActiveCfg = Release|Win32
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Release|Win32.Build.0 = Release|Win32
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Release|x64.ActiveCfg = Release|x64
- {CE90D346-EBC0-D292-6D68-24717DB3F510}.Release|x64.Build.0 = Release|x64
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Debug|Win32.ActiveCfg = Debug|Win32
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Debug|Win32.Build.0 = Debug|Win32
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Debug|x64.ActiveCfg = Debug|x64
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Debug|x64.Build.0 = Debug|x64
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Release|Win32.ActiveCfg = Release|Win32
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Release|Win32.Build.0 = Release|Win32
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Release|x64.ActiveCfg = Release|x64
- {436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}.Release|x64.Build.0 = Release|x64
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Debug|Win32.ActiveCfg = Debug|Win32
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Debug|Win32.Build.0 = Debug|Win32
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Debug|x64.ActiveCfg = Debug|x64
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Debug|x64.Build.0 = Debug|x64
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Release|Win32.ActiveCfg = Release|Win32
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Release|Win32.Build.0 = Release|Win32
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Release|x64.ActiveCfg = Release|x64
- {C49B1EF8-D169-70C5-2FA4-837A900267A7}.Release|x64.Build.0 = Release|x64
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Debug|Win32.ActiveCfg = Debug|Win32
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Debug|Win32.Build.0 = Debug|Win32
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Debug|x64.ActiveCfg = Debug|x64
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Debug|x64.Build.0 = Debug|x64
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Release|Win32.ActiveCfg = Release|Win32
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Release|Win32.Build.0 = Release|Win32
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Release|x64.ActiveCfg = Release|x64
- {870B39B9-8F38-D9A4-8A07-87047C565061}.Release|x64.Build.0 = Release|x64
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Debug|Win32.ActiveCfg = Debug|Win32
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Debug|Win32.Build.0 = Debug|Win32
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Debug|x64.ActiveCfg = Debug|x64
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Debug|x64.Build.0 = Debug|x64
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Release|Win32.ActiveCfg = Release|Win32
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Release|Win32.Build.0 = Release|Win32
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Release|x64.ActiveCfg = Release|x64
- {D8295912-D341-F4E4-DC8E-98A2A0604221}.Release|x64.Build.0 = Release|x64
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Debug|Win32.ActiveCfg = Debug|Win32
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Debug|Win32.Build.0 = Debug|Win32
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Debug|x64.ActiveCfg = Debug|x64
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Debug|x64.Build.0 = Debug|x64
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Release|Win32.ActiveCfg = Release|Win32
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Release|Win32.Build.0 = Release|Win32
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Release|x64.ActiveCfg = Release|x64
- {68EFA4E3-08B0-2925-0EF6-177996B08B24}.Release|x64.Build.0 = Release|x64
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Debug|Win32.ActiveCfg = Debug|Win32
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Debug|Win32.Build.0 = Debug|Win32
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Debug|x64.ActiveCfg = Debug|x64
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Debug|x64.Build.0 = Debug|x64
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Release|Win32.ActiveCfg = Release|Win32
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Release|Win32.Build.0 = Release|Win32
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Release|x64.ActiveCfg = Release|x64
- {2E5B8634-26AC-5819-5AF7-16F996A7F529}.Release|x64.Build.0 = Release|x64
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Debug|Win32.ActiveCfg = Debug|Win32
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Debug|Win32.Build.0 = Debug|Win32
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Debug|x64.ActiveCfg = Debug|x64
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Debug|x64.Build.0 = Debug|x64
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Release|Win32.ActiveCfg = Release|Win32
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Release|Win32.Build.0 = Release|Win32
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Release|x64.ActiveCfg = Release|x64
- {D93D1FF0-5E83-2247-31A0-017D20F8011F}.Release|x64.Build.0 = Release|x64
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Debug|Win32.ActiveCfg = Debug|Win32
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Debug|Win32.Build.0 = Debug|Win32
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Debug|x64.ActiveCfg = Debug|x64
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Debug|x64.Build.0 = Debug|x64
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Release|Win32.ActiveCfg = Release|Win32
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Release|Win32.Build.0 = Release|Win32
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Release|x64.ActiveCfg = Release|x64
- {C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}.Release|x64.Build.0 = Release|x64
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Debug|Win32.ActiveCfg = Debug|Win32
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Debug|Win32.Build.0 = Debug|Win32
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Debug|x64.ActiveCfg = Debug|x64
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Debug|x64.Build.0 = Debug|x64
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Release|Win32.ActiveCfg = Release|Win32
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Release|Win32.Build.0 = Release|Win32
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Release|x64.ActiveCfg = Release|x64
- {173A0BC9-FF81-3C36-7887-4FBD6032C9FD}.Release|x64.Build.0 = Release|x64
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Debug|Win32.ActiveCfg = Debug|Win32
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Debug|Win32.Build.0 = Debug|Win32
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Debug|x64.ActiveCfg = Debug|x64
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Debug|x64.Build.0 = Debug|x64
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Release|Win32.ActiveCfg = Release|Win32
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Release|Win32.Build.0 = Release|Win32
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Release|x64.ActiveCfg = Release|x64
- {58A8E53D-21CB-5F27-5111-737EBD3F37A0}.Release|x64.Build.0 = Release|x64
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Debug|Win32.ActiveCfg = Debug|Win32
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Debug|Win32.Build.0 = Debug|Win32
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Debug|x64.ActiveCfg = Debug|x64
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Debug|x64.Build.0 = Debug|x64
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Release|Win32.ActiveCfg = Release|Win32
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Release|Win32.Build.0 = Release|Win32
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Release|x64.ActiveCfg = Release|x64
- {4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}.Release|x64.Build.0 = Release|x64
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Debug|Win32.ActiveCfg = Debug|Win32
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Debug|Win32.Build.0 = Debug|Win32
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Debug|x64.ActiveCfg = Debug|x64
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Debug|x64.Build.0 = Debug|x64
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Release|Win32.ActiveCfg = Release|Win32
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Release|Win32.Build.0 = Release|Win32
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Release|x64.ActiveCfg = Release|x64
- {0FC4D326-CF64-AB19-B037-3E3D06EA6798}.Release|x64.Build.0 = Release|x64
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Debug|Win32.ActiveCfg = Debug|Win32
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Debug|Win32.Build.0 = Debug|Win32
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Debug|x64.ActiveCfg = Debug|x64
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Debug|x64.Build.0 = Debug|x64
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Release|Win32.ActiveCfg = Release|Win32
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Release|Win32.Build.0 = Release|Win32
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Release|x64.ActiveCfg = Release|x64
- {ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}.Release|x64.Build.0 = Release|x64
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Debug|Win32.ActiveCfg = Debug|Win32
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Debug|Win32.Build.0 = Debug|Win32
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Debug|x64.ActiveCfg = Debug|x64
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Debug|x64.Build.0 = Debug|x64
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Release|Win32.ActiveCfg = Release|Win32
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Release|Win32.Build.0 = Release|Win32
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Release|x64.ActiveCfg = Release|x64
- {9D625831-AF31-CFBA-8855-61C024DA2DE0}.Release|x64.Build.0 = Release|x64
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Debug|Win32.ActiveCfg = Debug|Win32
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Debug|Win32.Build.0 = Debug|Win32
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Debug|x64.ActiveCfg = Debug|x64
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Debug|x64.Build.0 = Debug|x64
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Release|Win32.ActiveCfg = Release|Win32
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Release|Win32.Build.0 = Release|Win32
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Release|x64.ActiveCfg = Release|x64
- {E3172E20-4935-69C7-A398-C13EAA76818F}.Release|x64.Build.0 = Release|x64
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Debug|Win32.ActiveCfg = Debug|Win32
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Debug|Win32.Build.0 = Debug|Win32
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Debug|x64.ActiveCfg = Debug|x64
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Debug|x64.Build.0 = Debug|x64
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Release|Win32.ActiveCfg = Release|Win32
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Release|Win32.Build.0 = Release|Win32
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Release|x64.ActiveCfg = Release|x64
- {10F967D6-468F-3BCA-2D58-36A32E376930}.Release|x64.Build.0 = Release|x64
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Debug|Win32.ActiveCfg = Debug|Win32
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Debug|Win32.Build.0 = Debug|Win32
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Debug|x64.ActiveCfg = Debug|x64
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Debug|x64.Build.0 = Debug|x64
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Release|Win32.ActiveCfg = Release|Win32
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Release|Win32.Build.0 = Release|Win32
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Release|x64.ActiveCfg = Release|x64
- {5ABF68F6-5360-DE1F-74B6-66ED5BF52619}.Release|x64.Build.0 = Release|x64
- EndGlobalSection
- GlobalSection(SolutionProperties) = preSolution
- HideSolutionNode = FALSE
- EndGlobalSection
-EndGlobal
diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj
index 2e2727c..afbfe48 100644
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ b/visualc/VS2010/aescrypt2.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\aes\aescrypt2.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{46298485-CE22-B800-3D95-6D6C821819A1}</ProjectGuid>
+ <ProjectGuid>{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>aescrypt2</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj
index 303f5ec..ee3ada3 100644
--- a/visualc/VS2010/benchmark.vcxproj
+++ b/visualc/VS2010/benchmark.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\test\benchmark.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{58A8E53D-21CB-5F27-5111-737EBD3F37A0}</ProjectGuid>
+ <ProjectGuid>{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>benchmark</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj
index 095ec00..0988a29 100644
--- a/visualc/VS2010/cert_app.vcxproj
+++ b/visualc/VS2010/cert_app.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\x509\cert_app.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{E3172E20-4935-69C7-A398-C13EAA76818F}</ProjectGuid>
+ <ProjectGuid>{D4D691D4-137C-CBFA-735B-D46636D7E4D8}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>cert_app</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj
index 344aba8..ef3ed2e 100644
--- a/visualc/VS2010/cert_req.vcxproj
+++ b/visualc/VS2010/cert_req.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\x509\cert_req.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{5ABF68F6-5360-DE1F-74B6-66ED5BF52619}</ProjectGuid>
+ <ProjectGuid>{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>cert_req</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj
index e0833fe..d759999 100644
--- a/visualc/VS2010/crl_app.vcxproj
+++ b/visualc/VS2010/crl_app.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\x509\crl_app.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{10F967D6-468F-3BCA-2D58-36A32E376930}</ProjectGuid>
+ <ProjectGuid>{DB904B85-AD31-B7FB-114F-88760CC485F2}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>crl_app</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj
index ebab221..d9d70ea 100644
--- a/visualc/VS2010/crypt_and_hash.vcxproj
+++ b/visualc/VS2010/crypt_and_hash.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\aes\crypt_and_hash.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{84F76F01-FA6C-7C48-1979-06FD24B476C1}</ProjectGuid>
+ <ProjectGuid>{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>crypt_and_hash</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj
index e3aa94a..c211bad 100644
--- a/visualc/VS2010/dh_client.vcxproj
+++ b/visualc/VS2010/dh_client.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\dh_client.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{92253FCF-72E1-7AF6-EAD1-E9037A194C9F}</ProjectGuid>
+ <ProjectGuid>{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>dh_client</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj
index b052b3a..4e2ee20 100644
--- a/visualc/VS2010/dh_genprime.vcxproj
+++ b/visualc/VS2010/dh_genprime.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\dh_genprime.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{8972AF2C-6333-2827-F75D-3BAC5E07915A}</ProjectGuid>
+ <ProjectGuid>{718960D9-5DA6-7B56-39AD-637E81076C71}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>dh_genprime</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj
index 44b0a4e..025c548 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/dh_server.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\dh_server.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{9BB33B8B-A1D3-ABEF-9071-D92289A4CEED}</ProjectGuid>
+ <ProjectGuid>{8D91B804-E2CE-142D-8E06-FBB037ED1F65}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>dh_server</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj
index 8bc5294..d3eee21 100644
--- a/visualc/VS2010/gen_entropy.vcxproj
+++ b/visualc/VS2010/gen_entropy.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\random\gen_entropy.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{2E5B8634-26AC-5819-5AF7-16F996A7F529}</ProjectGuid>
+ <ProjectGuid>{DE695064-13C3-18B0-378D-8B22672BF3F4}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>gen_entropy</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj
index 896e820..e72d475 100644
--- a/visualc/VS2010/gen_key.vcxproj
+++ b/visualc/VS2010/gen_key.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\gen_key.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{7721EBA2-C892-AD9B-4994-A0E988BA4BF8}</ProjectGuid>
+ <ProjectGuid>{BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>gen_key</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
index 0798aff..cffbc43 100644
--- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj
+++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\random\gen_random_ctr_drbg.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{C5DF2F0C-3EFC-E5D6-7FD2-AD599CADDB15}</ProjectGuid>
+ <ProjectGuid>{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>gen_random_ctr_drbg</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj
index 58126de..729f8fe 100644
--- a/visualc/VS2010/gen_random_havege.vcxproj
+++ b/visualc/VS2010/gen_random_havege.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\random\gen_random_havege.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{D93D1FF0-5E83-2247-31A0-017D20F8011F}</ProjectGuid>
+ <ProjectGuid>{71257802-BBCA-99F5-E9D2-905738F30893}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>gen_random_havege</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj
index 441c9cb..3ff1563 100644
--- a/visualc/VS2010/generic_sum.vcxproj
+++ b/visualc/VS2010/generic_sum.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\hash\generic_sum.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{7036A174-35D6-54AE-7613-A50F5FD8AF86}</ProjectGuid>
+ <ProjectGuid>{D071CCF7-ACA0-21F8-D382-52A759AEA261}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>generic_sum</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj
index 83c0559..1d36895 100644
--- a/visualc/VS2010/hello.vcxproj
+++ b/visualc/VS2010/hello.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\hash\hello.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{7076F38E-EDC4-1A0C-8D9B-CFB0A3E9724F}</ProjectGuid>
+ <ProjectGuid>{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>hello</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj
index d061574..ecd1154 100644
--- a/visualc/VS2010/key_app.vcxproj
+++ b/visualc/VS2010/key_app.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\key_app.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{5129B724-3FB6-CE34-FF51-57031A33C50B}</ProjectGuid>
+ <ProjectGuid>{10AE376F-1A70-0297-0216-1FD01AD15D19}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>key_app</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj
index a7c4e4f..6443005 100644
--- a/visualc/VS2010/key_app_writer.vcxproj
+++ b/visualc/VS2010/key_app_writer.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\key_app_writer.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{090B665D-0F4C-4D77-D1B1-A6D882842AA3}</ProjectGuid>
+ <ProjectGuid>{E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>key_app_writer</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
new file mode 100644
index 0000000..72e0818
--- /dev/null
+++ b/visualc/VS2010/mbedTLS.sln
@@ -0,0 +1,598 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual C++ Express 2010
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "md5sum", "md5sum.vcxproj", "{80FE1ECF-6992-A275-7973-E2976718D128}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sha1sum", "sha1sum.vcxproj", "{E91D12D7-01C0-357F-CAB1-8478B096743C}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sha2sum", "sha2sum.vcxproj", "{8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_client", "dh_client.vcxproj", "{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_genprime", "dh_genprime.vcxproj", "{718960D9-5DA6-7B56-39AD-637E81076C71}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_server", "dh_server.vcxproj", "{8D91B804-E2CE-142D-8E06-FBB037ED1F65}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_key", "gen_key.vcxproj", "{BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app", "key_app.vcxproj", "{10AE376F-1A70-0297-0216-1FD01AD15D19}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app_writer", "key_app_writer.vcxproj", "{E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mpi_demo", "mpi_demo.vcxproj", "{A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_decrypt", "pk_decrypt.vcxproj", "{1EC6CBA3-6187-D456-D9B7-A35399395D71}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_encrypt", "pk_encrypt.vcxproj", "{55007179-7746-9CFB-97EC-65102FB272C8}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_sign", "pk_sign.vcxproj", "{F2E8CA55-597F-7FDC-6456-D8650FB970A3}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_verify", "pk_verify.vcxproj", "{C429B336-1B30-119C-3B34-21A186D6744F}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_encrypt", "rsa_encrypt.vcxproj", "{D06CF12E-F222-9273-41BF-B8A052FA5527}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign", "rsa_sign.vcxproj", "{10790F49-6887-AAB6-2D86-BCBD516F8D26}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify_pss", "rsa_verify_pss.vcxproj", "{95C50864-854C-2A11-4C91-BCE654E344FB}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{487A2F80-3CA3-678D-88D5-82194872CF08}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client2", "ssl_client2.vcxproj", "{4E590E9D-E28F-87FF-385B-D58736388231}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{E08E0065-896A-7487-DEA5-D3B80B71F975}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2.vcxproj", "{A4DA7463-1047-BDF5-E1B3-5632CB573F41}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{71257802-BBCA-99F5-E9D2-905738F30893}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{3FE0C0E1-D9BA-6A26-380C-F293E543B914}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_test", "ssl_test.vcxproj", "{DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "strerror", "strerror.vcxproj", "{23EF735C-CC4C-3EC4-A75E-903DB340F04A}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_app", "cert_app.vcxproj", "{D4D691D4-137C-CBFA-735B-D46636D7E4D8}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.ActiveCfg = Debug|Win32
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.Build.0 = Debug|Win32
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.ActiveCfg = Debug|x64
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.Build.0 = Debug|x64
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.ActiveCfg = Release|Win32
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
+ {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64
+ {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.Build.0 = Debug|x64
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.ActiveCfg = Release|Win32
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.Build.0 = Release|Win32
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.ActiveCfg = Release|x64
+ {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.Build.0 = Release|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.Build.0 = Debug|Win32
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.ActiveCfg = Debug|x64
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.Build.0 = Debug|x64
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.ActiveCfg = Release|Win32
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64
+ {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Debug|Win32.ActiveCfg = Debug|Win32
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Debug|Win32.Build.0 = Debug|Win32
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Debug|x64.ActiveCfg = Debug|x64
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Debug|x64.Build.0 = Debug|x64
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Release|Win32.ActiveCfg = Release|Win32
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Release|Win32.Build.0 = Release|Win32
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Release|x64.ActiveCfg = Release|x64
+ {80FE1ECF-6992-A275-7973-E2976718D128}.Release|x64.Build.0 = Release|x64
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Debug|Win32.ActiveCfg = Debug|Win32
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Debug|Win32.Build.0 = Debug|Win32
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Debug|x64.ActiveCfg = Debug|x64
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Debug|x64.Build.0 = Debug|x64
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Release|Win32.ActiveCfg = Release|Win32
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Release|Win32.Build.0 = Release|Win32
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Release|x64.ActiveCfg = Release|x64
+ {E91D12D7-01C0-357F-CAB1-8478B096743C}.Release|x64.Build.0 = Release|x64
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Debug|Win32.ActiveCfg = Debug|Win32
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Debug|Win32.Build.0 = Debug|Win32
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Debug|x64.ActiveCfg = Debug|x64
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Debug|x64.Build.0 = Debug|x64
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Release|Win32.ActiveCfg = Release|Win32
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Release|Win32.Build.0 = Release|Win32
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Release|x64.ActiveCfg = Release|x64
+ {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}.Release|x64.Build.0 = Release|x64
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.Build.0 = Debug|x64
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.ActiveCfg = Release|Win32
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.Build.0 = Release|Win32
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.ActiveCfg = Release|x64
+ {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.Build.0 = Release|x64
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.ActiveCfg = Debug|Win32
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.Build.0 = Debug|Win32
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.ActiveCfg = Debug|x64
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.Build.0 = Debug|x64
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.ActiveCfg = Release|Win32
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.Build.0 = Release|Win32
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.ActiveCfg = Release|x64
+ {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.Build.0 = Release|x64
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.ActiveCfg = Debug|Win32
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.Build.0 = Debug|Win32
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.ActiveCfg = Debug|x64
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.Build.0 = Debug|x64
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.ActiveCfg = Release|Win32
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.Build.0 = Release|Win32
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.ActiveCfg = Release|x64
+ {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.Build.0 = Release|x64
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|Win32.ActiveCfg = Debug|Win32
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|Win32.Build.0 = Debug|Win32
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|x64.ActiveCfg = Debug|x64
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|x64.Build.0 = Debug|x64
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|Win32.ActiveCfg = Release|Win32
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|Win32.Build.0 = Release|Win32
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|x64.ActiveCfg = Release|x64
+ {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|x64.Build.0 = Release|x64
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|Win32.ActiveCfg = Debug|Win32
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|Win32.Build.0 = Debug|Win32
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|x64.ActiveCfg = Debug|x64
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|x64.Build.0 = Debug|x64
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|Win32.ActiveCfg = Release|Win32
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|Win32.Build.0 = Release|Win32
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|x64.ActiveCfg = Release|x64
+ {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|x64.Build.0 = Release|x64
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|Win32.Build.0 = Debug|Win32
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|x64.ActiveCfg = Debug|x64
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|x64.Build.0 = Debug|x64
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|Win32.ActiveCfg = Release|Win32
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|Win32.Build.0 = Release|Win32
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|x64.ActiveCfg = Release|x64
+ {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|x64.Build.0 = Release|x64
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|Win32.Build.0 = Debug|Win32
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|x64.ActiveCfg = Debug|x64
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|x64.Build.0 = Debug|x64
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|Win32.ActiveCfg = Release|Win32
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|Win32.Build.0 = Release|Win32
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|x64.ActiveCfg = Release|x64
+ {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|x64.Build.0 = Release|x64
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|Win32.ActiveCfg = Debug|Win32
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|Win32.Build.0 = Debug|Win32
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|x64.ActiveCfg = Debug|x64
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|x64.Build.0 = Debug|x64
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|Win32.ActiveCfg = Release|Win32
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|Win32.Build.0 = Release|Win32
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|x64.ActiveCfg = Release|x64
+ {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|x64.Build.0 = Release|x64
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|Win32.Build.0 = Debug|Win32
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|x64.ActiveCfg = Debug|x64
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|x64.Build.0 = Debug|x64
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Release|Win32.ActiveCfg = Release|Win32
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Release|Win32.Build.0 = Release|Win32
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Release|x64.ActiveCfg = Release|x64
+ {55007179-7746-9CFB-97EC-65102FB272C8}.Release|x64.Build.0 = Release|x64
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|Win32.ActiveCfg = Debug|Win32
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|Win32.Build.0 = Debug|Win32
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|x64.ActiveCfg = Debug|x64
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|x64.Build.0 = Debug|x64
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|Win32.ActiveCfg = Release|Win32
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|Win32.Build.0 = Release|Win32
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|x64.ActiveCfg = Release|x64
+ {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|x64.Build.0 = Release|x64
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|Win32.Build.0 = Debug|Win32
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|x64.ActiveCfg = Debug|x64
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|x64.Build.0 = Debug|x64
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.ActiveCfg = Release|Win32
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.Build.0 = Release|Win32
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.ActiveCfg = Release|x64
+ {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.Build.0 = Release|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.ActiveCfg = Debug|Win32
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.Build.0 = Debug|Win32
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.ActiveCfg = Debug|x64
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.Build.0 = Debug|x64
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|Win32.ActiveCfg = Release|Win32
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|Win32.Build.0 = Release|Win32
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|x64.ActiveCfg = Release|x64
+ {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|x64.Build.0 = Release|x64
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|Win32.Build.0 = Debug|Win32
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|x64.ActiveCfg = Debug|x64
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|x64.Build.0 = Debug|x64
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.ActiveCfg = Release|Win32
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.Build.0 = Release|Win32
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.ActiveCfg = Release|x64
+ {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.Build.0 = Release|x64
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.ActiveCfg = Debug|Win32
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.Build.0 = Debug|Win32
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.ActiveCfg = Debug|x64
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.Build.0 = Debug|x64
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.ActiveCfg = Release|Win32
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.Build.0 = Release|Win32
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.ActiveCfg = Release|x64
+ {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.Build.0 = Release|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.Build.0 = Debug|Win32
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.ActiveCfg = Debug|x64
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.Build.0 = Debug|x64
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.ActiveCfg = Release|Win32
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.Build.0 = Release|Win32
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.ActiveCfg = Release|x64
+ {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.Build.0 = Release|x64
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.ActiveCfg = Debug|Win32
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.Build.0 = Debug|Win32
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.ActiveCfg = Debug|x64
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.Build.0 = Debug|x64
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|Win32.ActiveCfg = Release|Win32
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|Win32.Build.0 = Release|Win32
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.ActiveCfg = Release|x64
+ {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.Build.0 = Release|x64
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.ActiveCfg = Debug|Win32
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.Build.0 = Debug|Win32
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.ActiveCfg = Debug|x64
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.Build.0 = Debug|x64
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|Win32.ActiveCfg = Release|Win32
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|Win32.Build.0 = Release|Win32
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|x64.ActiveCfg = Release|x64
+ {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|x64.Build.0 = Release|x64
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|Win32.Build.0 = Debug|Win32
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|x64.ActiveCfg = Debug|x64
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|x64.Build.0 = Debug|x64
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.ActiveCfg = Release|Win32
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.Build.0 = Release|Win32
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.ActiveCfg = Release|x64
+ {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.Build.0 = Release|x64
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.ActiveCfg = Debug|Win32
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.Build.0 = Debug|Win32
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.ActiveCfg = Debug|x64
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.Build.0 = Debug|x64
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.ActiveCfg = Release|Win32
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.Build.0 = Release|Win32
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.ActiveCfg = Release|x64
+ {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.Build.0 = Release|x64
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.ActiveCfg = Debug|Win32
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.Build.0 = Debug|Win32
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.ActiveCfg = Debug|x64
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.Build.0 = Debug|x64
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.ActiveCfg = Release|Win32
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64
+ {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.Build.0 = Debug|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.ActiveCfg = Release|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.Build.0 = Release|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.ActiveCfg = Release|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.Build.0 = Release|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.ActiveCfg = Debug|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.Build.0 = Debug|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.ActiveCfg = Debug|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.Build.0 = Debug|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.ActiveCfg = Release|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.Build.0 = Release|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.ActiveCfg = Release|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.Build.0 = Release|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.ActiveCfg = Debug|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.Build.0 = Debug|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.ActiveCfg = Debug|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.Build.0 = Debug|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.ActiveCfg = Release|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.Build.0 = Release|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.ActiveCfg = Release|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.Build.0 = Release|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.ActiveCfg = Debug|Win32
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.Build.0 = Debug|Win32
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.ActiveCfg = Debug|x64
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.Build.0 = Debug|x64
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.ActiveCfg = Release|Win32
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.Build.0 = Release|Win32
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.ActiveCfg = Release|x64
+ {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.Build.0 = Release|x64
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.Build.0 = Debug|x64
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.ActiveCfg = Release|Win32
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.Build.0 = Release|Win32
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.ActiveCfg = Release|x64
+ {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.Build.0 = Release|x64
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.ActiveCfg = Debug|Win32
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.Build.0 = Debug|Win32
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.ActiveCfg = Debug|x64
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.Build.0 = Debug|x64
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|Win32.ActiveCfg = Release|Win32
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|Win32.Build.0 = Release|Win32
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|x64.ActiveCfg = Release|x64
+ {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|x64.Build.0 = Release|x64
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Debug|Win32.Build.0 = Debug|Win32
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Debug|x64.ActiveCfg = Debug|x64
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Debug|x64.Build.0 = Debug|x64
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Release|Win32.ActiveCfg = Release|Win32
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Release|Win32.Build.0 = Release|Win32
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Release|x64.ActiveCfg = Release|x64
+ {DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}.Release|x64.Build.0 = Release|x64
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.Build.0 = Debug|x64
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|Win32.ActiveCfg = Release|Win32
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|Win32.Build.0 = Release|Win32
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|x64.ActiveCfg = Release|x64
+ {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|x64.Build.0 = Release|x64
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|Win32.ActiveCfg = Debug|Win32
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|Win32.Build.0 = Debug|Win32
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|x64.ActiveCfg = Debug|x64
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|x64.Build.0 = Debug|x64
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|Win32.ActiveCfg = Release|Win32
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|Win32.Build.0 = Release|Win32
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|x64.ActiveCfg = Release|x64
+ {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|x64.Build.0 = Release|x64
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|Win32.Build.0 = Debug|Win32
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|x64.ActiveCfg = Debug|x64
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|x64.Build.0 = Debug|x64
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.ActiveCfg = Release|Win32
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.Build.0 = Release|Win32
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.ActiveCfg = Release|x64
+ {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.Build.0 = Release|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.Build.0 = Debug|Win32
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.ActiveCfg = Debug|x64
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.Build.0 = Debug|x64
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|Win32.ActiveCfg = Release|Win32
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|Win32.Build.0 = Release|Win32
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|x64.ActiveCfg = Release|x64
+ {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/visualc/VS2010/PolarSSL.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
similarity index 95%
rename from visualc/VS2010/PolarSSL.vcxproj
rename to visualc/VS2010/mbedTLS.vcxproj
index 5ea5b15..0ee568a 100644
--- a/visualc/VS2010/PolarSSL.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -21,7 +21,7 @@
<PropertyGroup Label="Globals">
<ProjectGuid>{46CF2D25-6A36-4189-B59C-E4815388E554}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>PolarSSL</RootNamespace>
+ <RootNamespace>mbedTLS</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -81,7 +81,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
@@ -96,7 +96,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
@@ -113,7 +113,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
@@ -131,7 +131,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;POLARSSL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
</ClCompile>
<Link>
diff --git a/visualc/VS2010/md5sum.vcxproj b/visualc/VS2010/md5sum.vcxproj
index bb4ee8a..02fae33 100644
--- a/visualc/VS2010/md5sum.vcxproj
+++ b/visualc/VS2010/md5sum.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\hash\md5sum.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{D4F79297-4960-6D63-D50E-5823C50ED124}</ProjectGuid>
+ <ProjectGuid>{80FE1ECF-6992-A275-7973-E2976718D128}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>md5sum</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj
new file mode 100644
index 0000000..e3007d7
--- /dev/null
+++ b/visualc/VS2010/mini_client.vcxproj
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="..\..\programs\ssl\mini_client.c" />
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="mbedTLS.vcxproj">
+ <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
+ </ProjectReference>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{C4FE29EA-266D-5295-4840-976B9B5B3843}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>mini_client</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj
index 9c225a6..881ea23 100644
--- a/visualc/VS2010/mpi_demo.vcxproj
+++ b/visualc/VS2010/mpi_demo.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\mpi_demo.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{08A79AF8-5B8A-4343-D01A-B8AB47F3366C}</ProjectGuid>
+ <ProjectGuid>{A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>mpi_demo</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj
index be92d3f..50f877d 100644
--- a/visualc/VS2010/pem2der.vcxproj
+++ b/visualc/VS2010/pem2der.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\util\pem2der.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{ACFFE3C9-3628-9B99-E0C9-36CF95F86B5F}</ProjectGuid>
+ <ProjectGuid>{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>pem2der</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj
index d3df49b..17f0ffe 100644
--- a/visualc/VS2010/pk_decrypt.vcxproj
+++ b/visualc/VS2010/pk_decrypt.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\pk_decrypt.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{C69CD150-7174-FA91-9E6E-B7DDD56FDE8E}</ProjectGuid>
+ <ProjectGuid>{1EC6CBA3-6187-D456-D9B7-A35399395D71}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>pk_decrypt</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj
index 4cd5e89..2e49348 100644
--- a/visualc/VS2010/pk_encrypt.vcxproj
+++ b/visualc/VS2010/pk_encrypt.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\pk_encrypt.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{239051A9-0CE6-7730-7BB0-83599DC37AA4}</ProjectGuid>
+ <ProjectGuid>{55007179-7746-9CFB-97EC-65102FB272C8}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>pk_encrypt</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj
index 52501b7..1549dfd 100644
--- a/visualc/VS2010/pk_sign.vcxproj
+++ b/visualc/VS2010/pk_sign.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\pk_sign.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{EBDBB632-13A2-45F8-A44E-4837F6467512}</ProjectGuid>
+ <ProjectGuid>{F2E8CA55-597F-7FDC-6456-D8650FB970A3}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>pk_sign</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj
index 00ed98f..1aee7ae 100644
--- a/visualc/VS2010/pk_verify.vcxproj
+++ b/visualc/VS2010/pk_verify.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\pk_verify.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{CA8D1EDA-2881-55E0-8F1C-B379B5AA7B56}</ProjectGuid>
+ <ProjectGuid>{C429B336-1B30-119C-3B34-21A186D6744F}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>pk_verify</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj
index d08083d..67404ef 100644
--- a/visualc/VS2010/rsa_decrypt.vcxproj
+++ b/visualc/VS2010/rsa_decrypt.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_decrypt.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{7E3D99BD-3D9E-762A-E235-9C8275E7010F}</ProjectGuid>
+ <ProjectGuid>{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_decrypt</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj
index 8982628..8fab1d5 100644
--- a/visualc/VS2010/rsa_encrypt.vcxproj
+++ b/visualc/VS2010/rsa_encrypt.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_encrypt.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{DA85604D-9ED1-FD08-4F37-FBD33E5E3642}</ProjectGuid>
+ <ProjectGuid>{D06CF12E-F222-9273-41BF-B8A052FA5527}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_encrypt</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj
index e39d46d..87e67f4 100644
--- a/visualc/VS2010/rsa_genkey.vcxproj
+++ b/visualc/VS2010/rsa_genkey.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_genkey.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{AD5B2F84-44A2-8D21-D47D-07E0ED7E0AAD}</ProjectGuid>
+ <ProjectGuid>{F472475C-F677-0E7F-F127-45BF5B64F622}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_genkey</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj
index c506f6e..b24d3a1 100644
--- a/visualc/VS2010/rsa_sign.vcxproj
+++ b/visualc/VS2010/rsa_sign.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_sign.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{CFC883CE-9BAE-B26F-B08B-7F194AD35929}</ProjectGuid>
+ <ProjectGuid>{10790F49-6887-AAB6-2D86-BCBD516F8D26}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_sign</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj
index 0b74bbb..d4b605c 100644
--- a/visualc/VS2010/rsa_sign_pss.vcxproj
+++ b/visualc/VS2010/rsa_sign_pss.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_sign_pss.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{34A00BC1-32A6-5145-606F-F081D31CC1D1}</ProjectGuid>
+ <ProjectGuid>{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_sign_pss</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj
index 8b8410c..daaa29d 100644
--- a/visualc/VS2010/rsa_verify.vcxproj
+++ b/visualc/VS2010/rsa_verify.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_verify.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{77834257-2878-A38D-AEBE-79423968B6DB}</ProjectGuid>
+ <ProjectGuid>{689E28CF-89ED-BA38-3A14-78A75D891D46}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_verify</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj
index df54f61..f8b8c80 100644
--- a/visualc/VS2010/rsa_verify_pss.vcxproj
+++ b/visualc/VS2010/rsa_verify_pss.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\pkey\rsa_verify_pss.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{DAD91B2F-DEC8-E94F-8D9A-66B6E237AF07}</ProjectGuid>
+ <ProjectGuid>{95C50864-854C-2A11-4C91-BCE654E344FB}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>rsa_verify_pss</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj
index 8edf196..44268d2 100644
--- a/visualc/VS2010/selftest.vcxproj
+++ b/visualc/VS2010/selftest.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\test\selftest.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{4DD758B5-6FC5-66C0-1D26-22C74C88FEF3}</ProjectGuid>
+ <ProjectGuid>{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>selftest</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/sha1sum.vcxproj b/visualc/VS2010/sha1sum.vcxproj
index e4b0cea..f0b927d 100644
--- a/visualc/VS2010/sha1sum.vcxproj
+++ b/visualc/VS2010/sha1sum.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\hash\sha1sum.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{A0278E64-D98F-842D-438A-6747411CE76F}</ProjectGuid>
+ <ProjectGuid>{E91D12D7-01C0-357F-CAB1-8478B096743C}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>sha1sum</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/sha2sum.vcxproj b/visualc/VS2010/sha2sum.vcxproj
index 821050a..030bebb 100644
--- a/visualc/VS2010/sha2sum.vcxproj
+++ b/visualc/VS2010/sha2sum.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\hash\sha2sum.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{BAF92F6C-E5BE-95B7-6E36-823A1779A818}</ProjectGuid>
+ <ProjectGuid>{8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>sha2sum</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj
index e47ec9a..187c2ec 100644
--- a/visualc/VS2010/ssl_cert_test.vcxproj
+++ b/visualc/VS2010/ssl_cert_test.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\test\ssl_cert_test.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{173A0BC9-FF81-3C36-7887-4FBD6032C9FD}</ProjectGuid>
+ <ProjectGuid>{3FE0C0E1-D9BA-6A26-380C-F293E543B914}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_cert_test</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj
index bdcec8b..479ca94 100644
--- a/visualc/VS2010/ssl_client1.vcxproj
+++ b/visualc/VS2010/ssl_client1.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_client1.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{CE90D346-EBC0-D292-6D68-24717DB3F510}</ProjectGuid>
+ <ProjectGuid>{487A2F80-3CA3-678D-88D5-82194872CF08}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_client1</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj
index 62cd2bd..a956922 100644
--- a/visualc/VS2010/ssl_client2.vcxproj
+++ b/visualc/VS2010/ssl_client2.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_client2.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{436AF1C2-99E7-32FA-5BFA-641F1FF2C57D}</ProjectGuid>
+ <ProjectGuid>{4E590E9D-E28F-87FF-385B-D58736388231}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_client2</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj
index b0e55f0..18c9165 100644
--- a/visualc/VS2010/ssl_fork_server.vcxproj
+++ b/visualc/VS2010/ssl_fork_server.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_fork_server.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{D8295912-D341-F4E4-DC8E-98A2A0604221}</ProjectGuid>
+ <ProjectGuid>{918CD402-047D-8467-E11C-E1132053F916}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_fork_server</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj
index 8ffc3ad..c185617 100644
--- a/visualc/VS2010/ssl_mail_client.vcxproj
+++ b/visualc/VS2010/ssl_mail_client.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_mail_client.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{68EFA4E3-08B0-2925-0EF6-177996B08B24}</ProjectGuid>
+ <ProjectGuid>{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_mail_client</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj
index d75f9f1..09888b7 100644
--- a/visualc/VS2010/ssl_server.vcxproj
+++ b/visualc/VS2010/ssl_server.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_server.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{C49B1EF8-D169-70C5-2FA4-837A900267A7}</ProjectGuid>
+ <ProjectGuid>{E08E0065-896A-7487-DEA5-D3B80B71F975}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_server</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj
index df0585e..b39ce5d 100644
--- a/visualc/VS2010/ssl_server2.vcxproj
+++ b/visualc/VS2010/ssl_server2.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\ssl\ssl_server2.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{870B39B9-8F38-D9A4-8A07-87047C565061}</ProjectGuid>
+ <ProjectGuid>{A4DA7463-1047-BDF5-E1B3-5632CB573F41}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_server2</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/ssl_test.vcxproj b/visualc/VS2010/ssl_test.vcxproj
index 2332758..33200ab 100644
--- a/visualc/VS2010/ssl_test.vcxproj
+++ b/visualc/VS2010/ssl_test.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\test\ssl_test.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{0FC4D326-CF64-AB19-B037-3E3D06EA6798}</ProjectGuid>
+ <ProjectGuid>{DDD0BF0A-779A-DEFD-6A1C-FA2164AE9A34}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>ssl_test</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj
index 03a4da1..58feabc 100644
--- a/visualc/VS2010/strerror.vcxproj
+++ b/visualc/VS2010/strerror.vcxproj
@@ -22,12 +22,12 @@
<ClCompile Include="..\..\programs\util\strerror.c" />
</ItemGroup>
<ItemGroup>
- <ProjectReference Include="PolarSSL.vcxproj">
+ <ProjectReference Include="mbedTLS.vcxproj">
<Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{9D625831-AF31-CFBA-8855-61C024DA2DE0}</ProjectGuid>
+ <ProjectGuid>{23EF735C-CC4C-3EC4-A75E-903DB340F04A}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>strerror</RootNamespace>
</PropertyGroup>
@@ -96,7 +96,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -116,7 +116,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ShowProgress>NotSet</ShowProgress>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -140,7 +140,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);PolarSSL.lib</AdditionalDependencies>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/visualc/VS6/polarssl.dsp b/visualc/VS6/mbedtls.dsp
similarity index 95%
rename from visualc/VS6/polarssl.dsp
rename to visualc/VS6/mbedtls.dsp
index 17e9e70..134cf7b 100644
--- a/visualc/VS6/polarssl.dsp
+++ b/visualc/VS6/mbedtls.dsp
@@ -1,24 +1,24 @@
-# Microsoft Developer Studio Project File - Name="polarssl" - Package Owner=<4>
+# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Static Library" 0x0104
-CFG=polarssl - Win32 Debug
+CFG=mbedtls - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
-!MESSAGE NMAKE /f "polarssl.mak".
+!MESSAGE NMAKE /f "mbedtls.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
-!MESSAGE NMAKE /f "polarssl.mak" CFG="polarssl - Win32 Debug"
+!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
-!MESSAGE "polarssl - Win32 Release" (based on "Win32 (x86) Static Library")
-!MESSAGE "polarssl - Win32 Debug" (based on "Win32 (x86) Static Library")
+!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library")
+!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library")
!MESSAGE
# Begin Project
@@ -28,7 +28,7 @@
CPP=cl.exe
RSC=rc.exe
-!IF "$(CFG)" == "polarssl - Win32 Release"
+!IF "$(CFG)" == "mbedtls - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
@@ -51,7 +51,7 @@
# ADD BASE LIB32 /nologo
# ADD LIB32 /nologo
-!ELSEIF "$(CFG)" == "polarssl - Win32 Debug"
+!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
@@ -78,8 +78,8 @@
# Begin Target
-# Name "polarssl - Win32 Release"
-# Name "polarssl - Win32 Debug"
+# Name "mbedtls - Win32 Release"
+# Name "mbedtls - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
diff --git a/visualc/VS6/polarssl.dsw b/visualc/VS6/mbedtls.dsw
similarity index 87%
rename from visualc/VS6/polarssl.dsw
rename to visualc/VS6/mbedtls.dsw
index 105e604..c9cd7fd 100644
--- a/visualc/VS6/polarssl.dsw
+++ b/visualc/VS6/mbedtls.dsw
@@ -12,7 +12,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -27,7 +27,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -42,7 +42,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -57,7 +57,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -72,7 +72,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -87,7 +87,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -102,7 +102,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -117,7 +117,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -132,7 +132,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -147,7 +147,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -162,7 +162,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -177,7 +177,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -192,7 +192,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -207,7 +207,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -222,7 +222,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -237,7 +237,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -252,7 +252,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -267,7 +267,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -282,7 +282,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -297,7 +297,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -312,7 +312,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -327,7 +327,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -342,7 +342,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -357,7 +357,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -372,7 +372,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -387,7 +387,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -402,7 +402,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -417,7 +417,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -432,7 +432,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -447,7 +447,22 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
+ End Project Dependency
+}}}
+
+###############################################################################
+
+Project: "mini_client"=.\mini_client.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+ Begin Project Dependency
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -462,7 +477,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -477,7 +492,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -492,7 +507,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -507,7 +522,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -522,7 +537,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -537,7 +552,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -552,7 +567,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -567,7 +582,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -582,7 +597,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -597,7 +612,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -612,7 +627,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -627,7 +642,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
@@ -642,7 +657,7 @@
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name polarssl
+ Project_Dep_Name mbedtls
End Project Dependency
}}}
diff --git a/visualc/VS6/mini_client.dsp b/visualc/VS6/mini_client.dsp
new file mode 100644
index 0000000..9462cb6
--- /dev/null
+++ b/visualc/VS6/mini_client.dsp
@@ -0,0 +1,101 @@
+# Microsoft Developer Studio Project File - Name="mini_client" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=mini_client - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mini_client.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mini_client.mak" CFG="mini_client - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mini_client - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "mini_client - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mini_client - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ""
+# PROP BASE Intermediate_Dir "temp"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ""
+# PROP Intermediate_Dir "temp"
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x40c /d "NDEBUG"
+# ADD RSC /l 0x40c /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+
+!ELSEIF "$(CFG)" == "mini_client - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ""
+# PROP BASE Intermediate_Dir "temp"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ""
+# PROP Intermediate_Dir "temp"
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD BASE RSC /l 0x40c /d "_DEBUG"
+# ADD RSC /l 0x40c /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "mini_client - Win32 Release"
+# Name "mini_client - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\..\programs\ssl\mini_client.c
+# ADD CPP /I "../../include"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project