Merge branch 'mbedtls-1.3' into development

* mbedtls-1.3:
  Use link-time garbage collection in memory.sh
  scripts/memory.sh only work on Linux
  Add missing 'const' on selftest data
  Use only headers for doxygen (no doc in C files)
  Add missing extern "C" guard in aesni.h
  Fix compile error with renego disabled
  Remove slow PKCS5 test
  Stop checking key-cert match systematically
  Make tests/*.sh runnable from anywhere
  Update visual C files

ChangeLog

@@ -45,8 +45,14 @@ Bugfix
    * Fix potential unintended sign extension in asn1_get_len() on 64-bit
      platforms.
    * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
+   * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
+     POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
+     in 1.3.10).
+   * Add missing extern "C" guard in aesni.h (reported by amir zamani).
 
 Changes
+   * ssl_set_own_cert() now longers calls pk_check_pair() since the
+     performance impact was bad for some users (this was introduced in 1.3.10).
    * Move from SHA-1 to SHA-256 in example programs using signatures
      (suggested by Thorsten Mühlfelder).
    * Remove some unneeded inclusions of header files from the standard library

doxygen/mbedtls.doxyfile

@@ -682,8 +682,7 @@ INPUT_ENCODING         = UTF-8
 # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
 # *.f90 *.f *.for *.vhd *.vhdl
 
-FILE_PATTERNS          = *.c \
-                         *.h
+FILE_PATTERNS          = *.h
 
 # The RECURSIVE tag can be used to turn specify whether or not subdirectories
 # should be searched for input files as well. Possible values are YES and NO.
@@ -697,9 +696,7 @@ RECURSIVE              = YES
 # Note that relative paths are relative to the directory from which doxygen is
 # run.
 
-EXCLUDE                = tests/fct.h \
-                         programs \
-                         CMakeFiles
+EXCLUDE                = configs
 
 # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
 # directories that are symbolic links (a Unix file system feature) are excluded

include/mbedtls/aesni.h

@@ -37,6 +37,10 @@
 
 #if defined(POLARSSL_HAVE_X86_64)
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * \brief          AES-NI features detection routine
  *
@@ -99,6 +103,10 @@ int aesni_setkey_enc( unsigned char *rk,
                       const unsigned char *key,
                       size_t bits );
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* POLARSSL_HAVE_X86_64 */
 
 #endif /* POLARSSL_AESNI_H */

library/ctr_drbg.c

@@ -448,7 +448,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
 
 #if defined(POLARSSL_SELF_TEST)
 
-static unsigned char entropy_source_pr[96] =
+static const unsigned char entropy_source_pr[96] =
     { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
       0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
       0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
@@ -462,7 +462,7 @@ static unsigned char entropy_source_pr[96] =
       0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
       0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
 
-static unsigned char entropy_source_nopr[64] =
+static const unsigned char entropy_source_nopr[64] =
     { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
       0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
       0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
@@ -521,7 +521,7 @@ int ctr_drbg_self_test( int verbose )
 
     test_offset = 0;
     CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                                entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+                                (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
     ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
     CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
     CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
@@ -538,7 +538,7 @@ int ctr_drbg_self_test( int verbose )
 
     test_offset = 0;
     CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                            entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+                            (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
     CHK( ctr_drbg_random( &ctx, buf, 16 ) );
     CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) );
     CHK( ctr_drbg_random( &ctx, buf, 16 ) );

library/gcm.c

@@ -508,10 +508,10 @@ void gcm_free( gcm_context *ctx )
  */
 #define MAX_TESTS   6
 
-static int key_index[MAX_TESTS] =
+static const int key_index[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 1 };
 
-static unsigned char key[MAX_TESTS][32] =
+static const unsigned char key[MAX_TESTS][32] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -523,13 +523,13 @@ static unsigned char key[MAX_TESTS][32] =
       0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
 };
 
-static size_t iv_len[MAX_TESTS] =
+static const size_t iv_len[MAX_TESTS] =
     { 12, 12, 12, 12, 8, 60 };
 
-static int iv_index[MAX_TESTS] =
+static const int iv_index[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 2 };
 
-static unsigned char iv[MAX_TESTS][64] =
+static const unsigned char iv[MAX_TESTS][64] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00 },
@@ -545,13 +545,13 @@ static unsigned char iv[MAX_TESTS][64] =
       0xa6, 0x37, 0xb3, 0x9b },
 };
 
-static size_t add_len[MAX_TESTS] =
+static const size_t add_len[MAX_TESTS] =
     { 0, 0, 0, 20, 20, 20 };
 
-static int add_index[MAX_TESTS] =
+static const int add_index[MAX_TESTS] =
     { 0, 0, 0, 1, 1, 1 };
 
-static unsigned char additional[MAX_TESTS][64] =
+static const unsigned char additional[MAX_TESTS][64] =
 {
     { 0x00 },
     { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
@@ -559,13 +559,13 @@ static unsigned char additional[MAX_TESTS][64] =
       0xab, 0xad, 0xda, 0xd2 },
 };
 
-static size_t pt_len[MAX_TESTS] =
+static const size_t pt_len[MAX_TESTS] =
     { 0, 16, 64, 60, 60, 60 };
 
-static int pt_index[MAX_TESTS] =
+static const int pt_index[MAX_TESTS] =
     { 0, 0, 1, 1, 1, 1 };
 
-static unsigned char pt[MAX_TESTS][64] =
+static const unsigned char pt[MAX_TESTS][64] =
 {
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
@@ -579,7 +579,7 @@ static unsigned char pt[MAX_TESTS][64] =
       0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
 };
 
-static unsigned char ct[MAX_TESTS * 3][64] =
+static const unsigned char ct[MAX_TESTS * 3][64] =
 {
     { 0x00 },
     { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
@@ -688,7 +688,7 @@ static unsigned char ct[MAX_TESTS * 3][64] =
       0x44, 0xae, 0x7e, 0x3f },
 };
 
-static unsigned char tag[MAX_TESTS * 3][16] =
+static const unsigned char tag[MAX_TESTS * 3][16] =
 {
     { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
       0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
@@ -939,8 +939,6 @@ int gcm_self_test( int verbose )
     return( 0 );
 }
 
-
-
 #endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
 
 #endif /* POLARSSL_GCM_C */

library/hmac_drbg.c

@@ -396,7 +396,7 @@ int hmac_drbg_self_test( int verbose )
 #define OUTPUT_LEN  80
 
 /* From a NIST PR=true test vector */
-static unsigned char entropy_pr[] = {
+static const unsigned char entropy_pr[] = {
     0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
     0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
     0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
@@ -412,7 +412,7 @@ static const unsigned char result_pr[OUTPUT_LEN] = {
     0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
 
 /* From a NIST PR=false test vector */
-static unsigned char entropy_nopr[] = {
+static const unsigned char entropy_nopr[] = {
     0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
     0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
     0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
@@ -461,7 +461,7 @@ int hmac_drbg_self_test( int verbose )
 
     test_offset = 0;
     CHK( hmac_drbg_init( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, entropy_pr,
+                         hmac_drbg_self_test_entropy, (void *) entropy_pr,
                          NULL, 0 ) );
     hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON );
     CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
@@ -480,7 +480,7 @@ int hmac_drbg_self_test( int verbose )
 
     test_offset = 0;
     CHK( hmac_drbg_init( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, entropy_nopr,
+                         hmac_drbg_self_test_entropy, (void *) entropy_nopr,
                          NULL, 0 ) );
     CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) );
     CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );

library/md5.c

@@ -443,7 +443,7 @@ void md5_hmac( const unsigned char *key, size_t keylen,
 /*
  * RFC 1321 test vectors
  */
-static unsigned char md5_test_buf[7][81] =
+static const unsigned char md5_test_buf[7][81] =
 {
     { "" },
     { "a" },
@@ -481,7 +481,7 @@ static const unsigned char md5_test_sum[7][16] =
 /*
  * RFC 2202 test vectors
  */
-static unsigned char md5_hmac_test_key[7][26] =
+static const unsigned char md5_hmac_test_key[7][26] =
 {
     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" },
     { "Jefe" },
@@ -498,7 +498,7 @@ static const int md5_hmac_test_keylen[7] =
     16, 4, 16, 25, 16, 80, 80
 };
 
-static unsigned char md5_hmac_test_buf[7][74] =
+static const unsigned char md5_hmac_test_buf[7][74] =
 {
     { "Hi There" },
     { "what do ya want for nothing?" },

library/pkcs5.c

@@ -300,39 +300,37 @@ int pkcs5_self_test( int verbose )
 
 #define MAX_TESTS   6
 
-static size_t plen[MAX_TESTS] =
-    { 8, 8, 8, 8, 24, 9 };
+static const size_t plen[MAX_TESTS] =
+    { 8, 8, 8, 24, 9 };
 
-static unsigned char password[MAX_TESTS][32] =
+static const unsigned char password[MAX_TESTS][32] =
 {
     "password",
     "password",
     "password",
-    "password",
     "passwordPASSWORDpassword",
     "pass\0word",
 };
 
-static size_t slen[MAX_TESTS] =
-    { 4, 4, 4, 4, 36, 5 };
+static const size_t slen[MAX_TESTS] =
+    { 4, 4, 4, 36, 5 };
 
-static unsigned char salt[MAX_TESTS][40] =
+static const unsigned char salt[MAX_TESTS][40] =
 {
     "salt",
     "salt",
     "salt",
-    "salt",
     "saltSALTsaltSALTsaltSALTsaltSALTsalt",
     "sa\0lt",
 };
 
-static uint32_t it_cnt[MAX_TESTS] =
-    { 1, 2, 4096, 16777216, 4096, 4096 };
+static const uint32_t it_cnt[MAX_TESTS] =
+    { 1, 2, 4096, 4096, 4096 };
 
-static uint32_t key_len[MAX_TESTS] =
-    { 20, 20, 20, 20, 25, 16 };
+static const uint32_t key_len[MAX_TESTS] =
+    { 20, 20, 20, 25, 16 };
 
-static unsigned char result_key[MAX_TESTS][32] =
+static const unsigned char result_key[MAX_TESTS][32] =
 {
     { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
       0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
@@ -343,9 +341,6 @@ static unsigned char result_key[MAX_TESTS][32] =
     { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
       0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
       0x65, 0xa4, 0x29, 0xc1 },
-    { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
-      0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
-      0x26, 0x34, 0xe9, 0x84 },
     { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
       0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
       0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
@@ -376,9 +371,6 @@ int pkcs5_self_test( int verbose )
         goto exit;
     }
 
-    if( verbose != 0 )
-        polarssl_printf( "  PBKDF2 note: test #3 may be slow!\n" );
-
     for( i = 0; i < MAX_TESTS; i++ )
     {
         if( verbose != 0 )

library/sha1.c

@@ -476,7 +476,7 @@ void sha1_hmac( const unsigned char *key, size_t keylen,
 /*
  * FIPS-180-1 test vectors
  */
-static unsigned char sha1_test_buf[3][57] =
+static const unsigned char sha1_test_buf[3][57] =
 {
     { "abc" },
     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -501,7 +501,7 @@ static const unsigned char sha1_test_sum[3][20] =
 /*
  * RFC 2202 test vectors
  */
-static unsigned char sha1_hmac_test_key[7][26] =
+static const unsigned char sha1_hmac_test_key[7][26] =
 {
     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
       "\x0B\x0B\x0B\x0B" },
@@ -521,7 +521,7 @@ static const int sha1_hmac_test_keylen[7] =
     20, 4, 20, 25, 20, 80, 80
 };
 
-static unsigned char sha1_hmac_test_buf[7][74] =
+static const unsigned char sha1_hmac_test_buf[7][74] =
 {
     { "Hi There" },
     { "what do ya want for nothing?" },

library/sha256.c

@@ -483,7 +483,7 @@ void sha256_hmac( const unsigned char *key, size_t keylen,
 /*
  * FIPS-180-2 test vectors
  */
-static unsigned char sha256_test_buf[3][57] =
+static const unsigned char sha256_test_buf[3][57] =
 {
     { "abc" },
     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
@@ -533,7 +533,7 @@ static const unsigned char sha256_test_sum[6][32] =
 /*
  * RFC 4231 test vectors
  */
-static unsigned char sha256_hmac_test_key[7][26] =
+static const unsigned char sha256_hmac_test_key[7][26] =
 {
     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
       "\x0B\x0B\x0B\x0B" },
@@ -553,7 +553,7 @@ static const int sha256_hmac_test_keylen[7] =
     20, 4, 20, 25, 20, 131, 131
 };
 
-static unsigned char sha256_hmac_test_buf[7][153] =
+static const unsigned char sha256_hmac_test_buf[7][153] =
 {
     { "Hi There" },
     { "what do ya want for nothing?" },

library/sha512.c

@@ -488,7 +488,7 @@ void sha512_hmac( const unsigned char *key, size_t keylen,
 /*
  * FIPS-180-2 test vectors
  */
-static unsigned char sha512_test_buf[3][113] =
+static const unsigned char sha512_test_buf[3][113] =
 {
     { "abc" },
     { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
@@ -557,7 +557,7 @@ static const unsigned char sha512_test_sum[6][64] =
 /*
  * RFC 4231 test vectors
  */
-static unsigned char sha512_hmac_test_key[7][26] =
+static const unsigned char sha512_hmac_test_key[7][26] =
 {
     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
       "\x0B\x0B\x0B\x0B" },
@@ -577,7 +577,7 @@ static const int sha512_hmac_test_keylen[7] =
     20, 4, 20, 25, 20, 131, 131
 };
 
-static unsigned char sha512_hmac_test_buf[7][153] =
+static const unsigned char sha512_hmac_test_buf[7][153] =
 {
     { "Hi There" },
     { "what do ya want for nothing?" },

library/ssl_tls.c

@@ -5390,7 +5390,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key  = pk_key;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 
 #if defined(POLARSSL_RSA_C)
@@ -5419,7 +5419,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key_own_alloc = 1;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 #endif /* POLARSSL_RSA_C */
 
@@ -5448,7 +5448,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key_own_alloc = 1;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 

scripts/memory.sh

@@ -12,7 +12,7 @@ CONFIG_H='include/mbedtls/config.h'
 
 CLIENT='mini_client'
 
-CFLAGS_EXEC=-fno-asynchronous-unwind-tables
+CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections'
 CFLAGS_MEM=-g3
 
 if [ -r $CONFIG_H ]; then :; else
@@ -25,6 +25,11 @@ if grep -i cmake Makefile >/dev/null; then
     exit 1
 fi
 
+if [ $( uname ) != Linux ]; then
+    echo "Only work on Linux" >&2
+    exit 1
+fi
+
 if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
     echo "config.h not clean" >&2
     exit 1
@@ -54,7 +59,7 @@ do_config()
     cd programs
     CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null
     strip ssl/$CLIENT
-    stat -f '%z' ssl/$CLIENT
+    stat -c '%s' ssl/$CLIENT
     cd ..
 
     printf "    Peak ram usage... "