Commit Graph

454 Commits

Author SHA1 Message Date
Andres Amaya Garcia
cb9c015558 Improve cmake inclusion of query_config.c when building apps 2019-02-07 10:38:22 +00:00
Andres AG
08457ce76b Fix aligment in programs/test/query_compile_time_config.c 2019-02-07 10:38:22 +00:00
Andres AG
509ba69e16 Create programs/test/query_compile_time_config app 2019-02-07 10:38:22 +00:00
Manuel Pégourié-Gonnard
3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Simon Butcher
63cb97e562 Add handlers for parameter validation in the sample programs
The sample programs require an additional handler function of
mbedtls_param_failed() to handle any failed parameter validation checks enabled
by the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Janos Follath
52735ef2fe ECDH: Prevent direct access in non-legacy mode
Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
2018-11-30 14:21:35 +00:00
Simon Butcher
1afc767f23 Merge remote-tracking branch 'public/pr/1758' into development 2018-09-27 11:35:19 +01:00
Hanno Becker
f34a4c176c UDP proxy: Correct debug output for delay_srv option 2018-08-28 17:52:53 +01:00
Hanno Becker
41038108e9 Style: Correct indentation in UDP proxy code 2018-08-28 11:15:32 +01:00
Hanno Becker
cf469458ca Style: Add empty line before comment in UDP proxy code 2018-08-28 10:09:47 +01:00
Hanno Becker
12b72c182e UDP proxy: Fix bug in freeing delayed messages 2018-08-23 13:15:36 +01:00
Hanno Becker
101bcba26f UDP proxy: Allow more than one message to be delayed
Previously, the UDP proxy could only remember one delayed message
for future transmission; if two messages were delayed in succession,
without another one being normally forwarded in between,
the message that got delayed first would be dropped.

This commit enhances the UDP proxy to allow to delay an arbitrary
(compile-time fixed) number of messages in succession.
2018-08-21 16:50:30 +01:00
Hanno Becker
caf8741891 Fix typo in documentation of UDP proxy argument 'delay_cli' 2018-08-20 09:45:51 +01:00
Hanno Becker
01ea778363 UDP proxy: Add option to delay specific handshake messages 2018-08-17 16:52:08 +01:00
Jaeden Amero
4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor
9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Ron Eldor
278af4536c Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Andrzej Kurek
037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek
89c048c101 Tests: add a test for cpp linking
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a Change the cpp test to be optional
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5 Add a test with a cpp executable including all mbed TLS headers
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Manuel Pégourié-Gonnard
51d7cfe026 Fix coverity warnings in benchmark.c
Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
2018-06-25 11:19:51 +02:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Andres Amaya Garcia
7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
357b0b283a Fix ret code in ssl_cert_test.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
80081a68cd Fix ret code in udp_proxy.c 2018-06-14 23:01:55 +01:00
Jaeden Amero
09317083b5 benchmark: Add comma at end of help message
The help message was missing a comma after "hmac_drbg". Add the missing
comma.
2018-06-13 12:16:25 +01:00
Jaeden Amero
9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero
e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
daf7045372 Add benchmark for AES-XEX
This commit adds benchmark based on what has already been done with
AES-CBC mode.
2018-06-13 12:02:30 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Azim Khan
1a8ef0772c Fix coverity defects 2018-06-06 03:44:03 +01:00
Manuel Pégourié-Gonnard
9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Manuel Pégourié-Gonnard
d6aea18749 Add Chacha20-Poly1305 to benchmark.c 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King
4d8f87b1ca Add ChaCha20/Poly1305 ciphers to the selftest program 2018-05-24 13:37:31 +02:00
Daniel King
adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King
34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Andres Amaya Garcia
eecea0e281 Update zeroize test to use mbedtls_platform_zeroize() 2018-04-17 10:14:53 -05:00
Andres Amaya Garcia
82934be144 Do not install zeroize program in CMakeLists 2018-04-17 10:02:17 -05:00
Andres Amaya Garcia
ae8e306973 Fix docs typos for zeroize related features/test 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
757cd72edf Update license headers year and branding 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
42defd10a6 Improve docs for zeroize.c and test_zeroize.gdb 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
6e34e63eb3 Fix style in programs/test/zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
88f8f41e5a Move zeroize func call to end of program in zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
5ab74a1401 Add programs/test/zeroize.c to test mbedtls_zeroize
The idea is to use the simple program that is expected to be modified
rarely to set a breakpoint in a specific line and check that the
function mbedtls_zeroize() does actually set the buffer to 0 and is not
optimised out by the compiler.
2018-04-17 09:17:38 -05:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Nicholas Wilson
08f3ef1861 Basic support for Curve448, similar to the current level of support for Curve25519 2018-03-29 14:29:06 +01:00
Hanno Becker
2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Brendan Shanks
e61514d70d benchmark: Fix incompatibility with C89 compilers
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':

test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
                                         ^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
                                         ^~~~~~~~~~

Declaring the arrays as 'static' makes them constant expressions.

fixes #1353
2018-03-08 17:41:40 -08:00
Manuel Pégourié-Gonnard
62e813ca62 Add aria to benchmark program 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
3c0b53b2b0 ARIA build integration 2018-02-27 12:39:12 +01:00
Jaeden Amero
784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Jaeden Amero
934fb55aa3 Merge remote-tracking branch 'upstream-public/pr/1036' into development 2018-01-26 15:12:43 +00:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Manuel Pégourié-Gonnard
ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Gilles Peskine
ff79d27f5c selftest: allow excluding a subset of the tests
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:57:48 +01:00
Gilles Peskine
c82fbb4e14 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:23:13 +01:00
Gilles Peskine
319ac801a8 selftest: refactor to separate the list of tests from the logic
No behavior change.
2017-12-20 20:19:27 +01:00
Hanno Becker
a5e68979ca Resolve integer type conversion problem on MSVC
MSVC rightfully complained that there was some conversion from `size_t`
to `unsigned int` that could come with a loss of data. This commit
re-types the corresponding struct field `ctx_buffer::len` to `size_t`.
Also, the function `ctx_buffer_append` has an integer return value
which is supposed to be the (positive) length of the appended data
on success, and a check is inserted that the data to be appended does
not exceed MAX_INT in length.
2017-12-06 08:37:39 +00:00
Ron Eldor
0728d69d6d Change kB to KiB
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
2017-11-29 12:08:35 +02:00
Ron Eldor
a0748019f1 Change KB to kB
Change KB to kB, as this is the proper way to write kilo bytes
2017-11-28 16:48:51 +02:00
Hanno Becker
77abef5cba Don't use busy-waiting in udp_proxy
Also, correct inconsistent use of unsigned integer types in udp_proxy.
2017-11-02 14:03:18 +00:00
Hanno Becker
0cc7774dab Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled 2017-10-31 14:14:10 +00:00
Hanno Becker
92474da0a2 Use Mbed TLS timing module to obtain ellapsed time in udp_proxy 2017-10-31 14:14:08 +00:00
Hanno Becker
211f44c928 Rename merge option in UDP proxy to pack 2017-10-31 14:08:10 +00:00
Hanno Becker
df4180a235 Don't break debug messages 2017-10-27 15:04:14 +01:00
Gilles Peskine
8149321fed udp_proxy_wrapper.sh: fix cleanup not cleaning up
Fixed cleanup leaving the actual udp_proxy behind and only killing an
intermediate shell process.

Fixed trap handler cleaning up but then not dying.
2017-10-24 11:25:19 +01:00
Gilles Peskine
afc4f892d1 udp_proxy_wrapper.sh: more robust
Don't mangle arguments containing spaces and other special characters,
pass them unchanged to the proxy or server as applicable.

More robust parsing of server parameters: don't hit on partial words;
use ssl_server2's default values.

Minor style improvements.
2017-10-24 10:05:55 +01:00
Hanno Becker
a677cdd459 Detect IPv6 in udp_proxy_wrapper.sh grepping for server_addr=::1 2017-10-23 15:29:31 +01:00
Hanno Becker
22829e9860 Don't use sed -r in udp_proxy_wrapper.sh 2017-10-23 15:29:24 +01:00
Hanno Becker
fbb0b701e4 Corrupt application data in the beginning instead of the end in UDP proxy
The UDP proxy corrupts application data at the end of the datagram. If
there are multiple DTLS records within the same datagram, this leads
to the wrong message being corrupted. This commit always corrupts the
beginning of the message to prevent this.

Overall, the UDP proxy needs reworking if it is supposed to reliably
support multiple records within a single datagram, because it
determines its actions from the type of the first record in the
current datagram only.
2017-10-10 16:02:36 +01:00
Hanno Becker
1dd62ea811 Add packing option to UDP proxy
This commit provides the new option pack=TIME for the udp proxy
./programs/test/udp_proxy. If used, udp packets with the same
destination will be queued and concatenated for up to TIME
milliseconds before being delivered.

This is useful to test how mbed TLS's deals with multiple DTLS records
within a single datagram.
2017-10-10 16:01:15 +01:00
Hanno Becker
f65ca329b6 Introduce UDP proxy wrapper script
This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can
be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP
proxy application `programs/test/udp_proxy` while maintaining the same
interface from the command line.

Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments
ARGS_SSL, the command line

> ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL

behaves like

> ./ssl_server2 ARGS_SSL

wrapped by

> ./udp_proxy ARGS_UDP

The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used
with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh
ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for
an SSL server behind a UDP proxy.
2017-10-10 16:01:15 +01:00
Hanno Becker
b953921a4e Adapt benchmark application to naming and binary format 2017-10-04 13:13:34 +01:00
Hanno Becker
d4d856265e Don't use deprecated macro form of DHM moduli in benchmark program 2017-10-02 15:06:27 +01:00
Peter Huewe
38fc3a0548 Remove duplicated defintion of PRINT_ERROR
The PRINT_ERROR macros are already defined exactly the same in line
101ff, so we can remove them here.
2017-07-29 02:01:22 +02:00
Andres Amaya Garcia
1ff60f437f Change examples to use the new MD API and check ret code 2017-06-28 13:26:36 +01:00
Ron Eldor
46cf773f2f Fix wrong output in the benchmark application
The benchmark application prints the performance in Kb/s,
While it actually calculates KB/s.
Resolves issue #850
2017-05-14 15:55:06 +03:00
Andres AG
a592dcc1c6 Clean up of formatting, and potential integer overflow fix 2016-10-06 15:23:39 +01:00
Simon Butcher
b981b16379 Minor fixes to formatting and compilation conditions 2016-10-06 12:51:24 +01:00
Simon Butcher
549dc3d75e Add CMAC functions to the benchmark sample application 2016-10-05 14:19:18 +01:00
Brian Murray
8b4111c516 Fix build failure for thread config 2016-10-05 14:19:17 +01:00
Brian Murray
57863ad7ed selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-05 14:19:16 +01:00
Robert Cragie
dc5c7b98ac Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-05 14:19:13 +01:00
Andres AG
788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Andres AG
e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Paul Bakker
70940caeeb Allow compilation without MBEDTLS_SELF_TEST enabled 2016-08-25 15:42:28 +01:00
Simon Butcher
ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Simon Butcher
b6a73c9b76 Add provision to create the entropy seedfile for selftest sample
In the selftest sample application, if no seedfile is present, one will be
created so the test can execute.
2016-06-23 11:46:41 +01:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Janos Follath
98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
Simon Butcher
e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher
d3138c35c6 Fixes SSL sample apps for non-default configs
Fixes the SSL sample applications to build for the non-default configs
which don't build if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 01:26:50 +01:00
Janos Follath
0c539447c1 Fixes no return value warning in selftest.c 2016-04-18 09:59:16 +01:00
Simon Butcher
cd0ee5e499 Fixes following review of 'iotssl-682-selftest-ci-break' 2016-03-21 22:54:37 +00:00
Janos Follath
2e3aca2c9e Fix test break in 'test-ref-configs.pl' 2016-03-18 16:25:52 +00:00
Simon Butcher
f1547632dc Fixes to style following review
Made code spacing consistent with guidelines, and corrected the misnamed test
steps in basic-build-test.sh
2016-03-14 23:12:32 +00:00
SimonB
5a8afb848a Fix exit code and add a count of the test suites
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
2016-03-14 23:12:29 +00:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
ea35666f50 Fix -Wshadow warnings
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).

fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard
a6dbddce0c Fix benchmark.c for removal of small DH params 2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard
046589e424 Rm obsolete defines for snprintf in programs
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard
9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free()
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
5db64328ab Adapt programs to the new NET API 2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard
633c6b6485 Run timing selftest on all platforms
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard
4b00f08e20 Fix snprintf test
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993 Add tests for snprintf
- Added in each tests program to be sure they are run (putting them in a test
  suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
  past [1], so make sure to catch that if it ever happens again.

[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard
0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e85fef10b5 Fix option names in benchmark.c 2015-05-11 19:38:25 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
ac90673345 Remove unused headers in o_p_test 2015-04-30 10:09:50 +02:00
Manuel Pégourié-Gonnard
637376c2fe Fix bugs in programs displaying verify flags 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
7cfbaf05b3 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bugs in programs displaying verify flags

Conflicts:
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-24 14:10:04 +02:00
Manuel Pégourié-Gonnard
9ce1bdc151 Fix bugs in programs displaying verify flags 2015-04-24 14:07:07 +02:00
Manuel Pégourié-Gonnard
89addc43db manually merge 0c6ce2f use x509_crt_verify_info() 2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard
0c6ce2f536 Use x509_crt_verify_info() in programs 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
32076e66be Fix programs for recent ECDSA changes 2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard
e46c6c38c9 Fix tests to work with DEPRECATED_REMOVED 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00