Merge mbedtls 2.16.6 into baremetal
Conflicts:
mbedtls.doxyfile - PROJECT_NAME - mbed TLS v2.16.6 chosen.
doc_mainpage.h - mbed TLS v2.16.6 version chosen.
hmac_drbg.h - line 260, extended description chosen.
- line 313, extended description chosen.
- line 338, extended description chosen.
version.h - 2.16.6 chosen.
CMakeLists.txt - 2.16.6 chosen.
test_suite_version.data - 2.16.6 chosen.
Makefile - 141 - manual correction - baremetal version of C_SOURCE_FILES
with variables for directories plus 2.16.6 CTAGS addition.
pkparse.c - lines 846 onwards - the asn1_get_nonzero_mpi implementation chosen.
ssl_tls.c - line 5269 - edited manually, left the ret=0, because baremetal has
a different behaviour since commit 87b5626, but added a debug
message that's new in 2.16.6.
all.sh:
- component_build_deprecated - chosen the refactored version from 2.16.6,
but with extra flags from baremetal.
- rest of the _no_xxx tests - merged make options to have PTHREAD=1 and
other changes from 2.16.6 (like -O1 instead of -O0).
- component_build_arm_none_eabi_gcc_no_64bit_multiplication - added
TINYCRYPT_BUILD=0 to the 2.16.6 version of make.
x509/req_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/crl_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
x509/cert_app.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_mail_client.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_pthread_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl/ssl_fork_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client1.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_client2.c - line 54 - left baremetal log but with mbedtls_exit( 0 ) call.
- line 132 - new options of both branches added.
- skip close notify handled as in 2.16.6, but with `ssl` instead of `&ssl`.
- Merged the 2.16.6 usage split with additional baremetal usages.
- Merged options from baremetal and 2.16.6.
ssl_server.c - left baremetal log but with mbedtls_exit( 0 ) call.
ssl_server2.c - Merged the 2.16.6 usage split with additional baremetal usages.
config.pl - fixed missing defines from the documentation, removed duplicates,
and reorganised so that the documentation and excluded list
are ordered in the same way.
test_suite_x509parse.data - only added the two new pathlen tests.
x509_crt.c - change the return code by removing
MBEDTLS_ERR_X509_INVALID_EXTENSIONS, since it's added by
x509_crt_frame_parse_ext not by an "or", but by "+=".
Changelog - Assigned all entries to appropriate sections.
ssl-opt.sh - line 8263 - merged options.
- removed lines 1165 - 1176 - there was a duplicate test, probably
an artifact of previous merges.
check-files.py - sticked to old formatting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 70f0a1e..df747c9 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -76,7 +76,7 @@
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
"and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -477,6 +477,6 @@
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index f9cf6b2..47497f6 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -78,7 +78,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -97,7 +97,8 @@
int main( int argc, char *argv[] )
{
- int ret = 1, i, n;
+ int ret = 1, i;
+ unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
@@ -574,6 +575,6 @@
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index d154e59..afb0ae5 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -48,7 +48,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -215,7 +215,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
/*
@@ -225,12 +225,12 @@
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
ret = 0;
@@ -249,6 +249,6 @@
exit:
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 7e3b20e..9200de2 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -44,7 +44,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -70,7 +70,7 @@
mbedtls_printf( "\n MD5('%s') = ", str );
if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
- return( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
for( i = 0; i < 16; i++ )
mbedtls_printf( "%02x", digest[i] );
@@ -82,6 +82,6 @@
fflush( stdout ); getchar();
#endif
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
#endif /* MBEDTLS_MD5_C */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 12f4de7..4ace16c 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -68,7 +68,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -319,7 +319,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 8431ae6..d2109ed 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -103,7 +103,7 @@
{
usage:
mbedtls_printf( USAGE );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
for( i = 1; i < argc; i++ )
@@ -209,7 +209,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 78efba1..fc89aaf 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -68,7 +68,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -342,7 +342,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 9f849dd..e79dce0 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -45,7 +45,7 @@
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -238,7 +238,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 4cde070..6efa17b 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -66,7 +66,7 @@
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
#if defined(VERBOSE)
@@ -201,7 +201,7 @@
sig, &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
@@ -260,7 +260,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 8fcfeb4..1891eb4 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -133,7 +133,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -458,7 +458,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index a106dbb..207f369 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -70,7 +70,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -323,6 +323,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 315810d..05224f4 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -95,7 +95,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -449,6 +449,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 2ae441c..e907dbb 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -46,7 +46,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -124,6 +124,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 19ec2da..bb6b0a8 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -56,7 +56,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -76,7 +76,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
@@ -183,7 +184,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 4ab2cac..9673237 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -57,7 +57,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -188,7 +188,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 84a613b..b7ea9d6 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -47,7 +47,7 @@
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -197,7 +197,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index ccfc149..7c14ac2 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -160,7 +160,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index cde5f24..e01ca5e 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -55,7 +55,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -77,7 +77,7 @@
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
- int c;
+ unsigned c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -219,6 +219,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 7210578..5b5489e 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -55,7 +55,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -196,7 +196,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index a8d5f05..b1bd86b 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -60,7 +60,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -198,7 +198,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 4db0528..7f20752 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -46,7 +46,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -200,7 +200,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 2e25163..37f8574 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -47,7 +47,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -187,7 +187,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 73f5473..13f915b 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -71,7 +71,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
@@ -173,7 +174,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 27533a8..cd17b8f 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -47,7 +47,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -164,7 +164,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index f2596f9..965b942 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -47,7 +47,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -75,13 +75,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -111,6 +111,6 @@
fclose( f );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 4fc8086..51bc4e5 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -50,7 +50,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -81,13 +81,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -144,6 +144,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 5ea52ae..6a65de0 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -48,7 +48,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -65,13 +65,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_havege_init( &hs );
@@ -104,6 +104,6 @@
exit:
mbedtls_havege_free( &hs );
fclose( f );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 336d695..28393c8 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_exit exit
@@ -48,7 +49,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -409,7 +410,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 8190f1e..2a2891c 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_time_t time_t
@@ -61,7 +62,7 @@
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
"MBEDTLS_TIMING_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -479,7 +480,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 3d15c60..8878706 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -60,7 +60,7 @@
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -332,6 +332,6 @@
mbedtls_x509_crt_free( &ca );
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 1ab2e10..254ecb1 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -52,7 +52,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or"
"not defined, and/or MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -363,7 +363,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 207b0a2..3bf9e62 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -53,7 +53,7 @@
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C not defined, or "
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -131,6 +131,7 @@
#define DFL_ETM -1
#define DFL_SERIALIZE 0
#define DFL_EXTENDED_MS_ENFORCE -1
+#define DFL_SKIP_CLOSE_NOTIFY 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -335,7 +336,9 @@
#define USAGE_FORCE_VERSION ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
@@ -355,17 +358,22 @@
" options: 1 (level-triggered, implies nbio=1),\n" \
USAGE_READ_TIMEOUT \
" max_resend=%%d default: 0 (no resend on timeout)\n" \
+ " skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \
USAGE_DTLS \
USAGE_CID \
- "\n" \
+ "\n"
+
+#define USAGE2 \
USAGE_AUTH_MODE \
USAGE_IO \
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
USAGE_ECRESTART \
- "\n" \
+ "\n"
+
+#define USAGE3 \
USAGE_ALLOW_LEGACY_RENEGO \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -385,7 +393,8 @@
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
USAGE_MIN_VERSION \
@@ -466,6 +475,7 @@
int serialize; /* serialize/deserialize connection */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
+ int skip_close_notify; /* skip sending the close_notify alert */
} opt;
int query_config( const char *config );
@@ -1060,7 +1070,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -1129,6 +1142,7 @@
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.serialize = DFL_SERIALIZE;
+ opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
for( i = 1; i < argc; i++ )
{
@@ -1523,7 +1537,13 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
+ }
+ else if( strcmp( p, "skip_close_notify" ) == 0 )
+ {
+ opt.skip_close_notify = atoi( q );
+ if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
+ goto usage;
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -2892,10 +2912,25 @@
mbedtls_printf( " . Closing the connection..." );
fflush( stdout );
- /* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
- ret = 0;
+ /*
+ * Most of the time sending a close_notify before closing is the right
+ * thing to do. However, when the server already knows how many messages
+ * are expected and closes the connection by itself, this alert becomes
+ * redundant. Sometimes with DTLS this redundancy becomes a problem by
+ * leading to a race condition where the server might close the connection
+ * before seeing the alert, and since UDP is connection-less when the
+ * alert arrives it will be seen as a new connection, which will fail as
+ * the alert is clearly not a valid ClientHello. This may cause spurious
+ * failures in tests that use DTLS and resumption with ssl_server2 in
+ * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
+ */
+ if( opt.skip_close_notify == 0 )
+ {
+ /* No error checking, the connection might be closed already */
+ do ret = mbedtls_ssl_close_notify( ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ ret = 0;
+ }
mbedtls_printf( " done\n" );
@@ -3049,7 +3084,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index e9c220c..ad31397 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -56,14 +56,14 @@
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#elif defined(_WIN32)
int main( void )
{
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -461,7 +461,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 6e728dc..eee723c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -56,7 +56,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined, and/or MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -906,7 +906,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 80bb049..53d1abb 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -55,7 +55,7 @@
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -553,7 +553,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 0ad63b1..d2bf8c7 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -53,7 +53,7 @@
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined, and/or "
"MBEDTLS_SSL_PROTO_NO_TLS defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -441,7 +441,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e59df9e..bf10987 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -52,7 +52,7 @@
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C not defined, or "
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -451,7 +451,9 @@
#define USAGE_FORCE_VERSION ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \
@@ -472,7 +474,8 @@
USAGE_COOKIES \
USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \
- "\n" \
+ "\n"
+#define USAGE2 \
USAGE_AUTH_MODE \
USAGE_CERT_REQ_CA_LIST \
USAGE_IO \
@@ -481,7 +484,8 @@
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
- "\n" \
+ "\n"
+#define USAGE3 \
USAGE_ALLOW_LEGACY_RENEGO \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -494,7 +498,8 @@
USAGE_EMS \
USAGE_ETM \
USAGE_CURVES \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
USAGE_MIN_VERSION \
@@ -1650,7 +1655,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -2166,7 +2174,7 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -4053,7 +4061,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 71bee47..6036393 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -43,7 +43,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -155,6 +155,16 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
+/* How much space to reserve for the title when printing heap usage results.
+ * Updated manually as the output of the following command:
+ *
+ * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
+ * awk '{print length+2}' | sort -rn | head -n1
+ *
+ * This computes the maximum length of a title +2 (because we appends "/s").
+ * (If the value is too small, the only consequence is poor alignement.) */
+#define TITLE_SPACE 11
+
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
@@ -163,7 +173,8 @@
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
- for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
+ ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
+ while( ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
@@ -1018,7 +1029,7 @@
fflush( stdout ); getchar();
#endif
- return( 0 );
+ mbedtls_exit( 0 );
}
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 4a8ed68..f576283 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -513,7 +513,5 @@
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- /* return() is here to prevent compiler warnings */
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
-
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 1c8b500..307e706 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -42,6 +42,7 @@
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -50,7 +51,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -146,6 +147,7 @@
" modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
+ " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
"\n" \
" seed=%%d default: (use current time)\n" \
USAGE_PACK \
@@ -179,6 +181,7 @@
unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
+ int inject_clihlo; /* inject fake ClientHello after handshake */
unsigned pack; /* merge packets into single datagram for
* at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */
@@ -327,6 +330,12 @@
if( opt.protect_len < 0 )
exit_usage( p, q );
}
+ else if( strcmp( p, "inject_clihlo" ) == 0 )
+ {
+ opt.inject_clihlo = atoi( q );
+ if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
+ exit_usage( p, q );
+ }
else if( strcmp( p, "seed" ) == 0 )
{
opt.seed = atoi( q );
@@ -536,11 +545,41 @@
fflush( stdout );
}
+/*
+ * In order to test the server's behaviour when receiving a ClientHello after
+ * the connection is established (this could be a hard reset from the client,
+ * but the server must not drop the existing connection before establishing
+ * client reachability, see RFC 6347 Section 4.2.8), we memorize the first
+ * ClientHello we see (which can't have a cookie), then replay it after the
+ * first ApplicationData record - then we're done.
+ *
+ * This is controlled by the inject_clihlo option.
+ *
+ * We want an explicit state and a place to store the packet.
+ */
+typedef enum {
+ ICH_INIT, /* haven't seen the first ClientHello yet */
+ ICH_CACHED, /* cached the initial ClientHello */
+ ICH_INJECTED, /* ClientHello already injected, done */
+} inject_clihlo_state_t;
+
+static inject_clihlo_state_t inject_clihlo_state;
+static packet initial_clihlo;
+
int send_packet( const packet *p, const char *why )
{
int ret;
mbedtls_net_context *dst = p->dst;
+ /* save initial ClientHello? */
+ if( opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_INIT &&
+ strcmp( p->type, "ClientHello" ) == 0 )
+ {
+ memcpy( &initial_clihlo, p, sizeof( packet ) );
+ inject_clihlo_state = ICH_CACHED;
+ }
+
/* insert corrupted CID record? */
if( opt.bad_cid != 0 &&
strcmp( p->type, "CID" ) == 0 &&
@@ -605,6 +644,23 @@
}
}
+ /* Inject ClientHello after first ApplicationData */
+ if( opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_CACHED &&
+ strcmp( p->type, "ApplicationData" ) == 0 )
+ {
+ print_packet( &initial_clihlo, "injected" );
+
+ if( ( ret = dispatch_data( dst, initial_clihlo.buf,
+ initial_clihlo.len ) ) <= 0 )
+ {
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
+ return( ret );
+ }
+
+ inject_clihlo_state = ICH_INJECTED;
+ }
+
return( 0 );
}
@@ -977,7 +1033,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index 54f7c62..d43ed5b 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -40,8 +40,10 @@
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
+#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@@ -72,14 +74,14 @@
{
mbedtls_printf( "This program takes exactly 1 agument\n" );
usage();
- return( exit_code );
+ mbedtls_exit( exit_code );
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
@@ -97,7 +99,7 @@
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index f184939..f1961a1 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -61,7 +61,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -290,6 +290,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 458280c..5d1bbc9 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -29,7 +29,9 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#endif
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
@@ -48,7 +50,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
@@ -59,7 +61,7 @@
if( argc != 2 )
{
mbedtls_printf( USAGE );
- return( 0 );
+ mbedtls_exit( 0 );
}
val = strtol( argv[1], &end, 10 );
@@ -87,6 +89,6 @@
fflush( stdout ); getchar();
#endif
- return( val );
+ mbedtls_exit( val );
}
#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index bdc2017..e07bce5 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -51,7 +51,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_X509_REMOVE_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -559,7 +559,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 33e4078..a40ecce 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -46,7 +46,7 @@
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -457,7 +457,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index a0ef2dd..34b53a4 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -47,7 +47,7 @@
"MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_ERROR_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -849,7 +849,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 87793f7..3509d8c 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -44,7 +44,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_X509_REMOVE_INFO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -162,7 +162,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index ddde3f6..23dcdfa 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -44,7 +44,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_X509_REMOVE_INFO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -162,7 +162,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */