eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4407 from ARMmbed/dev3_signoffs

Browse source 
Merge development_3.0 into development
This commit is contained in:
Dave Rodgman 2021-04-26 19:48:16 +01:00 committed by GitHub
commit 12f93f4fc2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
183 changed files with 834 additions and 12758 deletions
Download patch file Download diff file Expand all files Collapse all files

1
programs/.gitignore vendored
View file

@ -40,7 +40,6 @@ psa/key_ladder_demo
psa/psa_constant_names
random/gen_entropy
random/gen_random_ctr_drbg
random/gen_random_havege
ssl/dtls_client
ssl/dtls_server
ssl/mini_client

13
programs/Makefile
View file

@ -1,6 +1,5 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
@ -11,7 +10,7 @@ MBEDTLS_TEST_PATH:=../tests/src
MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c))
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L../library \
-lmbedtls$(SHARED_SUFFIX) \
@ -50,11 +49,6 @@ EXEXT=
SHARED_SUFFIX=
endif
# Zlib shared library extensions:
ifdef ZLIB
LOCAL_LDFLAGS += -lz
endif
APPS = \
aes/aescrypt2$(EXEXT) \
aes/crypt_and_hash$(EXEXT) \
@ -85,7 +79,6 @@ APPS = \
psa/psa_constant_names$(EXEXT) \
random/gen_entropy$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
random/gen_random_havege$(EXEXT) \
ssl/dtls_client$(EXEXT) \
ssl/dtls_server$(EXEXT) \
ssl/mini_client$(EXEXT) \
@ -247,10 +240,6 @@ random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_random_havege$(EXEXT): random/gen_random_havege.c $(DEP)
echo " CC random/gen_random_havege.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_havege.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP)
echo " CC random/gen_random_ctr_drbg.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

2
programs/README.md
View file

@ -61,8 +61,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu
* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
* [`random/gen_random_havege.c`](random/gen_random_havege.c): demonstrates the HAVEGE entropy collector.
## SSL/TLS examples
### SSL/TLS sample applications

9
programs/fuzz/CMakeLists.txt
View file

@ -2,14 +2,6 @@ set(libs
${mbedtls_target}
)
if(USE_PKCS11_HELPER_LIBRARY)
set(libs ${libs} pkcs11-helper)
endif(USE_PKCS11_HELPER_LIBRARY)
if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
find_library(FUZZINGENGINE_LIB FuzzingEngine)
if(FUZZINGENGINE_LIB)
project(fuzz CXX)
@ -44,6 +36,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
endif()
add_executable(${exe} ${exe_sources})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if (NOT FUZZINGENGINE_LIB)
target_link_libraries(${exe} ${libs})

5
programs/fuzz/Makefile
View file

@ -23,11 +23,6 @@ SHARED_SUFFIX=
# python2 for POSIX since FreeBSD has only python2 as default.
PYTHON ?= python2
# Zlib shared library extensions:
ifdef ZLIB
LOCAL_LDFLAGS += -lz
endif
ifdef FUZZINGENGINE
LOCAL_LDFLAGS += -lFuzzingEngine
endif

2
programs/fuzz/fuzz_client.c
View file

@ -1,7 +1,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "test/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>

3
programs/fuzz/fuzz_dtlsclient.c
View file

@ -6,9 +6,8 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \

2
programs/fuzz/fuzz_dtlsserver.c
View file

@ -3,10 +3,10 @@
#include <stdint.h>
#include "common.h"
#include "mbedtls/ssl.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_cookie.h"

2
programs/fuzz/fuzz_server.c
View file

@ -1,8 +1,8 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/ssl_ticket.h"
#include "test/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>

1
programs/random/CMakeLists.txt
View file

@ -1,7 +1,6 @@
set(executables
gen_entropy
gen_random_ctr_drbg
gen_random_havege
)
foreach(exe IN LISTS executables)

107
programs/random/gen_random_havege.c
View file

@ -1,107 +0,0 @@
/**
* \brief Generate random data into a file
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_HAVEGE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/havege.h"
#include <stdio.h>
#include <time.h>
#endif
#if !defined(MBEDTLS_HAVEGE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
{
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
{
FILE *f;
time_t t;
int i, k, ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_havege_state hs;
unsigned char buf[1024];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
mbedtls_exit( exit_code );
}
mbedtls_havege_init( &hs );
t = time( NULL );
for( i = 0, k = 768; i < k; i++ )
{
if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X",
( unsigned int ) -ret );
goto exit;
}
fwrite( buf, sizeof( buf ), 1, f );
mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
if( t == time( NULL ) )
t--;
mbedtls_printf(" \n ");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_havege_free( &hs );
fclose( f );
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */

9
programs/ssl/CMakeLists.txt
View file

@ -5,14 +5,6 @@ set(libs
${mbedtls_target}
)
if(USE_PKCS11_HELPER_LIBRARY)
set(libs ${libs} pkcs11-helper)
endif(USE_PKCS11_HELPER_LIBRARY)
if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
set(executables
dtls_client
dtls_server
@ -45,6 +37,7 @@ set_property(TARGET ssl_server2 APPEND PROPERTY SOURCES
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
endif(THREADS_FOUND)

9
programs/ssl/dtls_client.c
View file

@ -39,14 +39,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
!defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
"MBEDTLS_PEM_PARSE_C not defined.\n" );
mbedtls_exit( 0 );
}
#else
@ -59,8 +59,8 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
/* Uncomment out the following line to default to IPv4 and disable IPv6 */
//#define FORCE_IPV4
@ -359,5 +359,4 @@ exit:
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
MBEDTLS_PEM_PARSE_C */
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */

10
programs/ssl/dtls_server.c
View file

@ -49,8 +49,7 @@
!defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_TIMING_C)
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
int main( void )
{
@ -58,8 +57,7 @@ int main( void )
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
"MBEDTLS_TIMING_C not defined.\n" );
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n" );
mbedtls_exit( 0 );
}
#else
@ -74,7 +72,6 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_cookie.h"
@ -82,6 +79,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@ -435,4 +433,4 @@ exit:
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
&& MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
&& MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */

15
programs/ssl/ssl_client1.c
View file

@ -37,11 +37,11 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
@ -59,7 +59,7 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "test/certs.h"
#include <string.h>
@ -314,5 +314,4 @@ exit:
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_X509_CRT_PARSE_C */
MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */

71
programs/ssl/ssl_client2.c
View file

@ -69,7 +69,6 @@ int main( void )
#define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
@ -419,12 +418,11 @@ int main( void )
USAGE_DHMLEN \
"\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \
@ -477,7 +475,6 @@ struct options
int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
@ -832,7 +829,6 @@ int main( int argc, char *argv[] )
opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
@ -1096,9 +1092,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 )
@ -1111,9 +1105,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "max_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 )
@ -1124,15 +1116,6 @@ int main( int argc, char *argv[] )
else
goto usage;
}
else if( strcmp( p, "arc4" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
default: goto usage;
}
}
else if( strcmp( p, "allow_sha1" ) == 0 )
{
switch( atoi( q ) )
@ -1144,12 +1127,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
}
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
@ -1397,19 +1375,6 @@ int main( int argc, char *argv[] )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
/* Enable RC4 if needed and not explicitly disabled */
if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
{
if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
{
mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" );
ret = 2;
goto usage;
}
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
{
@ -1565,7 +1530,6 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
@ -1587,12 +1551,6 @@ int main( int argc, char *argv[] )
break;
}
}
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@ -1618,16 +1576,9 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert,
(const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@ -1643,16 +1594,9 @@ int main( int argc, char *argv[] )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
else
#endif
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
@ -1900,11 +1844,6 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
#if defined(MBEDTLS_ARC4_C)
if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
#endif
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -2136,7 +2075,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",

3
programs/ssl/ssl_context_info.c
View file

@ -48,7 +48,6 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/base64.h"
#include "mbedtls/md.h"
#include "mbedtls/md_internal.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/ssl_ciphersuites.h"
@ -638,7 +637,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
}
else
{
printf( "\tMessage-Digest : %s\n", md_info->name );
printf( "\tMessage-Digest : %s\n", mbedtls_md_get_name( md_info ) );
}
}

18
programs/ssl/ssl_fork_server.c
View file

@ -36,18 +36,18 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
@ -65,7 +65,7 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "test/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
@ -417,7 +417,7 @@ exit:
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
! _WIN32 */

17
programs/ssl/ssl_mail_client.c
View file

@ -65,7 +65,7 @@ int main( void )
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "test/certs.h"
#include "mbedtls/x509.h"
#include <stdlib.h>
@ -509,12 +509,12 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
#if defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
#else
{
mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif
@ -539,15 +539,8 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#else
{
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
goto exit;
}
#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
@ -559,12 +552,12 @@ int main( int argc, char *argv[] )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
#if defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif

19
programs/ssl/ssl_pthread_server.c
View file

@ -37,16 +37,15 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
!defined(MBEDTLS_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
!defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
@ -65,11 +64,11 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@ -527,7 +526,7 @@ exit:
mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */

17
programs/ssl/ssl_server.c
View file

@ -37,15 +37,14 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
@ -63,12 +62,12 @@ int main( void )
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@ -397,7 +396,7 @@ exit:
mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
&& MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */

83
programs/ssl/ssl_server2.c
View file

@ -102,7 +102,6 @@ int main( void )
#define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_CID_ENABLED 0
#define DFL_CID_VALUE ""
@ -500,15 +499,14 @@ int main( void )
#define USAGE4 \
USAGE_SSL_ASYNC \
USAGE_SNI \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \
" version_suites=a,b,c,d per-version ciphersuites\n" \
" in order from ssl3 to tls1_2\n" \
" version_suites=a,b,c per-version ciphersuites\n" \
" in order from tls1 to tls1_2\n" \
" default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
@ -580,7 +578,6 @@ struct options
int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
int cert_req_ca_list; /* should we send the CA list? */
@ -1260,7 +1257,7 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
int query_config_ret = 0;
int version_suites[4][2];
int version_suites[3][2];
io_ctx_t io_ctx;
unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@ -1497,7 +1494,6 @@ int main( int argc, char *argv[] )
opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
@ -1730,9 +1726,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 )
@ -1745,9 +1739,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "max_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 )
@ -1758,15 +1750,6 @@ int main( int argc, char *argv[] )
else
goto usage;
}
else if( strcmp( p, "arc4" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
default: goto usage;
}
}
else if( strcmp( p, "allow_sha1" ) == 0 )
{
switch( atoi( q ) )
@ -1778,12 +1761,7 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
}
else if( strcmp( q, "tls1" ) == 0 )
if( strcmp( q, "tls1" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
@ -2094,19 +2072,6 @@ int main( int argc, char *argv[] )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
/* Enable RC4 if needed and not explicitly disabled */
if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
{
if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
{
mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
ret = 2;
goto usage;
}
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
@ -2134,11 +2099,11 @@ int main( int argc, char *argv[] )
if( opt.version_suites != NULL )
{
const char *name[4] = { 0 };
const char *name[3] = { 0 };
/* Parse 4-element coma-separated list */
for( i = 0, p = (char *) opt.version_suites;
i < 4 && *p != '\0';
i < 3 && *p != '\0';
i++ )
{
name[i] = p;
@ -2150,7 +2115,7 @@ int main( int argc, char *argv[] )
*p++ = '\0';
}
if( i != 4 )
if( i != 3 )
{
mbedtls_printf( "too few values for version_suites\n" );
ret = 1;
@ -2160,7 +2125,7 @@ int main( int argc, char *argv[] )
memset( version_suites, 0, sizeof( version_suites ) );
/* Get the suites identifiers from their name */
for( i = 0; i < 4; i++ )
for( i = 0; i < 3; i++ )
{
version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
@ -2324,7 +2289,6 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
@ -2346,12 +2310,6 @@ int main( int argc, char *argv[] )
break;
}
}
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
@ -2427,10 +2385,6 @@ int main( int argc, char *argv[] )
strcmp( opt.crt_file2, "none" ) != 0 &&
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_x509_crt_parse( &srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
@ -2469,7 +2423,6 @@ int main( int argc, char *argv[] )
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
#endif /* MBEDTLS_CERTS_C */
}
mbedtls_printf( " ok\n" );
@ -2768,23 +2721,15 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
#if defined(MBEDTLS_ARC4_C)
if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
#endif
if( opt.version_suites != NULL )
{
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 );
MBEDTLS_SSL_MINOR_VERSION_1 );
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
@ -3217,7 +3162,7 @@ handshake:
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",

2
programs/ssl/ssl_test_lib.h
View file

@ -79,12 +79,12 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"
#include "test/certs.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
#include "psa/crypto.h"

9
programs/test/CMakeLists.txt
View file

@ -2,14 +2,6 @@ set(libs
${mbedtls_target}
)
if(USE_PKCS11_HELPER_LIBRARY)
set(libs ${libs} pkcs11-helper)
endif(USE_PKCS11_HELPER_LIBRARY)
if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
set(executables_libs
selftest
udp_proxy
@ -33,6 +25,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
# This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
list(FIND executables_libs ${exe} exe_index)

17
programs/test/benchmark.c
View file

@ -65,7 +65,6 @@ int main( void )
#include "mbedtls/cmac.h"
#include "mbedtls/poly1305.h"
#include "mbedtls/havege.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
@ -101,7 +100,7 @@ int main( void )
"arc4, des3, des, camellia, blowfish, chacha20,\n" \
"aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
"aes_cmac, des3_cmac, poly1305\n" \
"havege, ctr_drbg, hmac_drbg\n" \
"ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
#if defined(MBEDTLS_ERROR_C)
@ -290,7 +289,7 @@ typedef struct {
aes_cmac, des3_cmac,
aria, camellia, blowfish, chacha20,
poly1305,
havege, ctr_drbg, hmac_drbg,
ctr_drbg, hmac_drbg,
rsa, dhm, ecdsa, ecdh;
} todo_list;
@ -368,8 +367,6 @@ int main( int argc, char *argv[] )
todo.chacha20 = 1;
else if( strcmp( argv[i], "poly1305" ) == 0 )
todo.poly1305 = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
@ -709,16 +706,6 @@ int main( int argc, char *argv[] )
}
#endif
#if defined(MBEDTLS_HAVEGE_C)
if( todo.havege )
{
mbedtls_havege_state hs;
mbedtls_havege_init( &hs );
TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
mbedtls_havege_free( &hs );
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( todo.ctr_drbg )
{

15
programs/test/cpp_dummy_build.cpp
View file

@ -25,7 +25,6 @@
#endif
#include "mbedtls/aes.h"
#include "mbedtls/aesni.h"
#include "mbedtls/arc4.h"
#include "mbedtls/aria.h"
#include "mbedtls/asn1.h"
@ -33,17 +32,13 @@
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
#include "mbedtls/blowfish.h"
#include "mbedtls/bn_mul.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/check_config.h"
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/cmac.h"
#include "mbedtls/compat-1.3.h"
#include "mbedtls/config_psa.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/debug.h"
@ -53,28 +48,21 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/ecjpake.h"
#include "mbedtls/ecp.h"
#include "mbedtls/ecp_internal.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
#include "mbedtls/havege.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/md2.h"
#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/md_internal.h"
#include "mbedtls/net.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/nist_kw.h"
#include "mbedtls/oid.h"
#include "mbedtls/padlock.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
@ -83,7 +71,6 @@
#include "mbedtls/psa_util.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
@ -91,7 +78,6 @@
#include "mbedtls/ssl_cache.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/threading.h"
#include "mbedtls/timing.h"
@ -112,7 +98,6 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
#include "../library/psa_crypto_its.h"
int main()
{

95
programs/test/query_config.c
View file

@ -37,7 +37,6 @@
* default value when that configuration is not set in the config.h.
*/
#include "mbedtls/aes.h"
#include "mbedtls/aesni.h"
#include "mbedtls/arc4.h"
#include "mbedtls/aria.h"
#include "mbedtls/asn1.h"
@ -47,7 +46,6 @@
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
@ -61,10 +59,8 @@
#include "mbedtls/ecjpake.h"
#include "mbedtls/ecp.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
#include "mbedtls/havege.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/md.h"
@ -75,10 +71,8 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/nist_kw.h"
#include "mbedtls/oid.h"
#include "mbedtls/padlock.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
#include "mbedtls/pkcs11.h"
#include "mbedtls/pkcs12.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/platform_time.h"
@ -93,7 +87,6 @@
#include "mbedtls/ssl_cache.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/threading.h"
#include "mbedtls/timing.h"
@ -866,14 +859,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
if( strcmp( "MBEDTLS_REMOVE_ARC4_CIPHERSUITES", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_ARC4_CIPHERSUITES );
return( 0 );
}
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 )
{
@ -1394,14 +1379,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( strcmp( "MBEDTLS_SSL_HW_RECORD_ACCEL", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_HW_RECORD_ACCEL );
return( 0 );
}
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( strcmp( "MBEDTLS_SSL_CBC_RECORD_SPLITTING", config ) == 0 )
{
@ -1418,14 +1395,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
if( strcmp( "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO );
return( 0 );
}
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
if( strcmp( "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", config ) == 0 )
{
@ -1442,14 +1411,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( strcmp( "MBEDTLS_SSL_PROTO_SSL3", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_SSL3 );
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1)
if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 )
{
@ -1570,14 +1531,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT );
return( 0 );
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( strcmp( "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", config ) == 0 )
{
@ -1698,14 +1651,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( strcmp( "MBEDTLS_ZLIB_SUPPORT", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_ZLIB_SUPPORT );
return( 0 );
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
#if defined(MBEDTLS_AESNI_C)
if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 )
{
@ -1794,14 +1739,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CERTS_C)
if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C );
return( 0 );
}
#endif /* MBEDTLS_CERTS_C */
#if defined(MBEDTLS_CHACHA20_C)
if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
{
@ -1922,14 +1859,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_HAVEGE_C)
if( strcmp( "MBEDTLS_HAVEGE_C", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_HAVEGE_C );
return( 0 );
}
#endif /* MBEDTLS_HAVEGE_C */
#if defined(MBEDTLS_HKDF_C)
if( strcmp( "MBEDTLS_HKDF_C", config ) == 0 )
{
@ -2066,14 +1995,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_PKCS5_C */
#if defined(MBEDTLS_PKCS11_C)
if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C );
return( 0 );
}
#endif /* MBEDTLS_PKCS11_C */
#if defined(MBEDTLS_PKCS12_C)
if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
{
@ -2738,14 +2659,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */
#if defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
if( strcmp( "MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME );
return( 0 );
}
#endif /* MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME */
#if defined(MBEDTLS_PSK_MAX_LEN)
if( strcmp( "MBEDTLS_PSK_MAX_LEN", config ) == 0 )
{
@ -2778,14 +2691,6 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES );
return( 0 );
}
#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES */
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
{

4
programs/test/selftest.c
View file

@ -24,7 +24,6 @@
#endif
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/dhm.h"
@ -315,9 +314,6 @@ const selftest_t selftests[] =
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
#endif
#if defined(MBEDTLS_X509_USE_C)
{"x509", mbedtls_x509_self_test},
#endif
#if defined(MBEDTLS_XTEA_C)
{"xtea", mbedtls_xtea_self_test},
#endif

8
programs/x509/CMakeLists.txt
View file

@ -2,14 +2,6 @@ set(libs
${mbedx509_target}
)
if(USE_PKCS11_HELPER_LIBRARY)
set(libs ${libs} pkcs11-helper)
endif(USE_PKCS11_HELPER_LIBRARY)
if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
set(executables
cert_app
cert_req